Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
malicious.pdf

Overview

General Information

Sample name:malicious.pdf
Analysis ID:1559186
MD5:18f28301e3a28e641428a35be5412f3c
SHA1:309db4d0a6dac3e7dad08ebf457e951d7211b4f2
SHA256:bff4f8d4e255115b1e9259c1f7bbad7b2ffa2f0718734f78b4060eefc3bc698f
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

  • System is w10x64_ra
  • Acrobat.exe (PID: 6944 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\malicious.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6216 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6552 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1568,i,3100234640448573471,16781718613687927761,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • rundll32.exe (PID: 7548 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.16:49713
Source: Joe Sandbox ViewIP Address: 23.47.168.24 23.47.168.24
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.3.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.3.drString found in binary or memory: http://x1.i.lencr.org/
Source: 4e4ac4f8-7fc3-46d5-8769-95c6ae06ad90.tmp.4.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: classification engineClassification label: clean2.winPDF@16/49@1/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-20 03-36-16-566.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\malicious.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1568,i,3100234640448573471,16781718613687927761,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1568,i,3100234640448573471,16781718613687927761,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution
Path Interception1
Process Injection
1
Masquerading
OS Credential Dumping1
System Information Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Rundll32
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1559186 Sample: malicious.pdf Startdate: 20/11/2024 Architecture: WINDOWS Score: 2 16 x1.i.lencr.org 2->16 18 bg.microsoft.map.fastly.net 2->18 7 Acrobat.exe 69 2->7         started        9 rundll32.exe 2->9         started        process3 process4 11 AcroCEF.exe 108 7->11         started        process5 13 AcroCEF.exe 4 11->13         started        dnsIp6 20 23.47.168.24, 443, 49713 AKAMAI-ASUS United States 13->20

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    high
    default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
    217.20.57.18
    truefalse
      high
      x1.i.lencr.org
      unknown
      unknownfalse
        high
        NameSourceMaliciousAntivirus DetectionReputation
        https://chrome.cloudflare-dns.com4e4ac4f8-7fc3-46d5-8769-95c6ae06ad90.tmp.4.drfalse
          high
          http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.3.drfalse
            high
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            23.47.168.24
            unknownUnited States
            16625AKAMAI-ASUSfalse
            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1559186
            Start date and time:2024-11-20 09:35:44 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 2m 37s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowsinteractivecookbook.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:15
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:malicious.pdf
            Detection:CLEAN
            Classification:clean2.winPDF@16/49@1/1
            Cookbook Comments:
            • Found application associated with file extension: .pdf
            • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 184.28.88.176, 52.202.204.11, 23.22.254.206, 52.5.13.197, 54.227.187.23, 162.159.61.3, 172.64.41.3, 2.23.197.184, 199.232.210.172, 2.19.126.149, 2.19.126.143
            • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
            • VT rate limit hit for: malicious.pdf
            TimeTypeDescription
            03:36:27API Interceptor2x Sleep call for process: AcroCEF.exe modified
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            23.47.168.24Complete_with_DocuSign_49584.pdfGet hashmaliciousHTMLPhisherBrowse
              ZGMW2wgPzY.lnkGet hashmaliciousDucktailBrowse
                XUpERCR9nC.lnkGet hashmaliciousDucktailBrowse
                  Heritage Commercial Flooring.pdfGet hashmaliciousUnknownBrowse
                    copyright_infringement_evidence_1.exeGet hashmaliciousUnknownBrowse
                      cleu.cmDGet hashmaliciousUnknownBrowse
                        https://content.app-us1.com/5zbe53/2024/09/30/8d9df716-ca99-47ed-825e-d3a2a0e6cd9e.pdfGet hashmaliciousHTMLPhisherBrowse
                          PDF...pdfGet hashmaliciousUnknownBrowse
                            TM3utH2CsU.exeGet hashmaliciousPureLog Stealer, XWormBrowse
                              8f40pUzDo8.exeGet hashmaliciousMetasploitBrowse
                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217469812STM.pdfGet hashmaliciousScreenConnect Tool, PhisherBrowse
                                • 217.20.57.18
                                zhbEGHo55P.exeGet hashmaliciousLockBit ransomwareBrowse
                                • 217.20.57.20
                                New.Order Request-#54576.scrGet hashmaliciousUnknownBrowse
                                • 212.229.88.13
                                file.exeGet hashmaliciousCredential FlusherBrowse
                                • 217.20.57.20
                                Airtame-4.11.0-setup.msiGet hashmaliciousUnknownBrowse
                                • 217.20.57.35
                                Fluor RFQ1475#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                • 217.20.57.19
                                DRP130636747.pdfGet hashmaliciousUnknownBrowse
                                • 217.20.57.42
                                87654785457596574686FKHN-Copy.pdfGet hashmaliciousPhisherBrowse
                                • 217.20.57.35
                                Annual_Benefits_&_Bonus_for_Lorne.zuck#IyNURVhUTlVNUkFORE9NNDUjIw==.docxGet hashmaliciousUnknownBrowse
                                • 84.201.210.39
                                purchase order (2).xlsGet hashmaliciousUnknownBrowse
                                • 217.20.57.19
                                bg.microsoft.map.fastly.netMyInstaller_PDFGear.exeGet hashmaliciousUnknownBrowse
                                • 199.232.210.172
                                PO-000041492.xlsGet hashmaliciousUnknownBrowse
                                • 199.232.214.172
                                file.exeGet hashmaliciousCredential FlusherBrowse
                                • 199.232.214.172
                                file.exeGet hashmaliciousUnknownBrowse
                                • 199.232.210.172
                                Benefit Enrollment -wZ5nusm.pdfGet hashmaliciousUnknownBrowse
                                • 199.232.214.172
                                6GvQSVIEIu.exeGet hashmaliciousUnknownBrowse
                                • 199.232.210.172
                                Benefit Enrollment -eGz8VNb.pdfGet hashmaliciousUnknownBrowse
                                • 199.232.214.172
                                217469812STM.pdfGet hashmaliciousScreenConnect Tool, PhisherBrowse
                                • 199.232.210.172
                                file.exeGet hashmaliciousRemcosBrowse
                                • 199.232.214.172
                                file.exeGet hashmaliciousCredential FlusherBrowse
                                • 199.232.210.172
                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                AKAMAI-ASUSmeow.arm7.elfGet hashmaliciousUnknownBrowse
                                • 23.51.121.34
                                https://estudioit.cl/starl/#ZGVicmEuY2FydGVyQGNhc2EuZ292LmF1Get hashmaliciousUnknownBrowse
                                • 2.19.126.202
                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                • 23.57.90.171
                                QuarantineMessage.zipGet hashmaliciousUnknownBrowse
                                • 23.217.172.185
                                Benefit Enrollment -wZ5nusm.pdfGet hashmaliciousUnknownBrowse
                                • 23.203.104.175
                                Customer forms.pdfGet hashmaliciousUnknownBrowse
                                • 104.78.188.188
                                Benefit Enrollment -eGz8VNb.pdfGet hashmaliciousUnknownBrowse
                                • 23.203.104.175
                                Integration.pdf www.skype.com.lnkGet hashmaliciousUnknownBrowse
                                • 96.17.64.171
                                b.pdfGet hashmaliciousUnknownBrowse
                                • 23.217.172.185
                                https://www.bing.com/ck/a?!&&p=5ceef533778c3decJmltdHM9MTcyMzQyMDgwMCZpZ3VpZD0zNjRmNjVlOC1lNTZjLTYxOWQtMTI1Ny03MTNlZTQyYTYwMTImaW5zaWQ9NTE0MA&ptn=3&ver=2&hsh=3&fclid=364f65e8-e56c-619d-1257-713ee42a6012&u=a1aHR0cHM6Ly9sZXhpbnZhcmlhbnQuY29tLw#aHR0cHM6Ly9HMTAuZHpwdndvYnIucnUvdkd5c2dQdC8=Get hashmaliciousUnknownBrowse
                                • 92.122.18.57
                                No context
                                No context
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):287
                                Entropy (8bit):5.2163589422042405
                                Encrypted:false
                                SSDEEP:6:H4NhCVq2PRN2nKuAl9OmbnIFUt8Y4NSgZmw+Y4NSIkwORN2nKuAl9OmbjLJ:Y2vaHAahFUt8Jl/+J35JHAaSJ
                                MD5:6E6B9013FE2054E6C3C2236B903CD945
                                SHA1:E688FA323AFED3654CE45D035CF3AD6EEB6EDC03
                                SHA-256:1FA0CF9F7DC63990B33C3160D4ABF616D67B83B375BFF213AA94099B1364A88E
                                SHA-512:FC6F8BC5D331E7319F5D53DD55FDC505286BF83E91122C207C6784ECDAECA2A9450498B57F6D693589A176D6C86E60337878132D8D84F7A9B9B1B7C63BE2A18E
                                Malicious:false
                                Reputation:low
                                Preview:2024/11/20-03:36:17.413 f80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/20-03:36:17.415 f80 Recovering log #3.2024/11/20-03:36:17.415 f80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):287
                                Entropy (8bit):5.2163589422042405
                                Encrypted:false
                                SSDEEP:6:H4NhCVq2PRN2nKuAl9OmbnIFUt8Y4NSgZmw+Y4NSIkwORN2nKuAl9OmbjLJ:Y2vaHAahFUt8Jl/+J35JHAaSJ
                                MD5:6E6B9013FE2054E6C3C2236B903CD945
                                SHA1:E688FA323AFED3654CE45D035CF3AD6EEB6EDC03
                                SHA-256:1FA0CF9F7DC63990B33C3160D4ABF616D67B83B375BFF213AA94099B1364A88E
                                SHA-512:FC6F8BC5D331E7319F5D53DD55FDC505286BF83E91122C207C6784ECDAECA2A9450498B57F6D693589A176D6C86E60337878132D8D84F7A9B9B1B7C63BE2A18E
                                Malicious:false
                                Reputation:low
                                Preview:2024/11/20-03:36:17.413 f80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/20-03:36:17.415 f80 Recovering log #3.2024/11/20-03:36:17.415 f80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):334
                                Entropy (8bit):5.143808450002254
                                Encrypted:false
                                SSDEEP:6:H4Lw3+q2PRN2nKuAl9Ombzo2jMGIFUt8Y4kZmw+Y4BUENVkwORN2nKuAl9Ombzos:YLwOvaHAa8uFUt8Jk/+JiEz5JHAa8RJ
                                MD5:90EC36CCC4606BFED127025F1438A0BE
                                SHA1:613E1251EEF16D3373BB4F8C930B8049493429FA
                                SHA-256:F7BF38A99C049EC6188C5D3FC596BCCC3D72A8DFADE0EBE9A494CE49E9A323D3
                                SHA-512:09A6F44815721BB2D92384AA01E79D1F9B4602AABF7FF49A0335F5259A077B8C580B480E429E5F11A02B665C670EA1C1A5B2DF6EC4734D03E6917FA6B5A60471
                                Malicious:false
                                Reputation:low
                                Preview:2024/11/20-03:36:17.296 1a08 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/20-03:36:17.300 1a08 Recovering log #3.2024/11/20-03:36:17.301 1a08 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):334
                                Entropy (8bit):5.143808450002254
                                Encrypted:false
                                SSDEEP:6:H4Lw3+q2PRN2nKuAl9Ombzo2jMGIFUt8Y4kZmw+Y4BUENVkwORN2nKuAl9Ombzos:YLwOvaHAa8uFUt8Jk/+JiEz5JHAa8RJ
                                MD5:90EC36CCC4606BFED127025F1438A0BE
                                SHA1:613E1251EEF16D3373BB4F8C930B8049493429FA
                                SHA-256:F7BF38A99C049EC6188C5D3FC596BCCC3D72A8DFADE0EBE9A494CE49E9A323D3
                                SHA-512:09A6F44815721BB2D92384AA01E79D1F9B4602AABF7FF49A0335F5259A077B8C580B480E429E5F11A02B665C670EA1C1A5B2DF6EC4734D03E6917FA6B5A60471
                                Malicious:false
                                Reputation:low
                                Preview:2024/11/20-03:36:17.296 1a08 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/20-03:36:17.300 1a08 Recovering log #3.2024/11/20-03:36:17.301 1a08 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:JSON data
                                Category:modified
                                Size (bytes):403
                                Entropy (8bit):4.953858338552356
                                Encrypted:false
                                SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
                                MD5:4C313FE514B5F4E7E89329630909F8DC
                                SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                Malicious:false
                                Reputation:moderate, very likely benign file
                                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):403
                                Entropy (8bit):4.953858338552356
                                Encrypted:false
                                SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
                                MD5:4C313FE514B5F4E7E89329630909F8DC
                                SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                Malicious:false
                                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):4099
                                Entropy (8bit):5.2315002506578026
                                Encrypted:false
                                SSDEEP:96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xeyjSf:OLT0bTIeYa51Ogu/0OZARBT8kN88yjSf
                                MD5:61E7B9B86D342B67702434B63477FC8A
                                SHA1:A44F8A8EF3C9E80C2E21D977AA6FD5E32214FCBD
                                SHA-256:2D75AA813C92D6BFCC1B38CFC41BA6A07D49578990D8BCFE1C43520C47E88095
                                SHA-512:68CD1CE38B74BB9E9BA7BA9F081FB0F0EF4F0879F4E5FE10A0AD5BB16E8D975712335A9F3F33B5E4EC44D3857EC762D7AAACCA1318261CA61AE29A0CA2E8E02C
                                Malicious:false
                                Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):322
                                Entropy (8bit):5.200150351618591
                                Encrypted:false
                                SSDEEP:6:H4NsN3+q2PRN2nKuAl9OmbzNMxIFUt8Y4NBZmw+Y4NLVkwORN2nKuAl9OmbzNMFd:YxvaHAa8jFUt8Jv/+JX5JHAa84J
                                MD5:8C2ACD8A052887111EA066C1F3E03ACF
                                SHA1:331B3AA7484F9F2B10474C18335E49DA1B28988F
                                SHA-256:63FD6C5352BD8610A14B0A103412067EF243DEE96D11D2799C4BF0997465E7EA
                                SHA-512:203FFAAF8326FF417285C01F8D5E781D123E13EA645F9707695E12D40DA3BB9FACEFD406EE03543EFE1F70116591165A2C127DD7561D15EC4239F4B4F2C67CC8
                                Malicious:false
                                Preview:2024/11/20-03:36:17.454 1a08 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/20-03:36:17.455 1a08 Recovering log #3.2024/11/20-03:36:17.457 1a08 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):322
                                Entropy (8bit):5.200150351618591
                                Encrypted:false
                                SSDEEP:6:H4NsN3+q2PRN2nKuAl9OmbzNMxIFUt8Y4NBZmw+Y4NLVkwORN2nKuAl9OmbzNMFd:YxvaHAa8jFUt8Jv/+JX5JHAa84J
                                MD5:8C2ACD8A052887111EA066C1F3E03ACF
                                SHA1:331B3AA7484F9F2B10474C18335E49DA1B28988F
                                SHA-256:63FD6C5352BD8610A14B0A103412067EF243DEE96D11D2799C4BF0997465E7EA
                                SHA-512:203FFAAF8326FF417285C01F8D5E781D123E13EA645F9707695E12D40DA3BB9FACEFD406EE03543EFE1F70116591165A2C127DD7561D15EC4239F4B4F2C67CC8
                                Malicious:false
                                Preview:2024/11/20-03:36:17.454 1a08 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/20-03:36:17.455 1a08 Recovering log #3.2024/11/20-03:36:17.457 1a08 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                Category:dropped
                                Size (bytes):57344
                                Entropy (8bit):3.291927920232006
                                Encrypted:false
                                SSDEEP:192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP
                                MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
                                SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
                                SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
                                SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
                                Malicious:false
                                Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:SQLite Rollback Journal
                                Category:dropped
                                Size (bytes):16928
                                Entropy (8bit):1.216029127506309
                                Encrypted:false
                                SSDEEP:24:7+tPAqLi+zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzm+Zj:7MYqLmFTIF3XmHjBoGGR+jMz+Lhy
                                MD5:78807E62B6C7BF323EE0D3A157B46E89
                                SHA1:85266E0E860018C532CD663D77B81E6516BF7C53
                                SHA-256:CD07716C41AB0656137F1DED72CC2E676C72421C8F6F9B3859A6B6CBACB3B28A
                                SHA-512:ACBA541BA0FDD5E24B5986661AACDFBD088654002D7D5C7A300F9BD346B0F74B6F725D273ED608566CB39F6545E95F068FB18C318F12633B67120E3BBBD6584E
                                Malicious:false
                                Preview:.... .c........8........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:Certificate, Version=3
                                Category:dropped
                                Size (bytes):1391
                                Entropy (8bit):7.705940075877404
                                Encrypted:false
                                SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                Malicious:false
                                Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                Category:dropped
                                Size (bytes):71954
                                Entropy (8bit):7.996617769952133
                                Encrypted:true
                                SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                Malicious:false
                                Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):192
                                Entropy (8bit):2.770710652184824
                                Encrypted:false
                                SSDEEP:3:kkFklU4BvCufllXlE/HT8kUJXNNX8RolJuRdxLlGB9lQRYwpDdt:kKNMvwT8h3NMa8RdWBwRd
                                MD5:ABBC3C1B3BEDAF5FF712F32087F04DB4
                                SHA1:5B0C30399D6C714D0909C5EEA801998ECBA27E32
                                SHA-256:7D86477893104E34836C6B11B57D0AB5BA375D3A53127E42602FB72B1D78F6D8
                                SHA-512:6CDAD972DC42D6602F2960C6EEFE084DC63CEF17E010B4C38D768F24D223A031BA6D1ED88131E3B8B5918A225D54FED6E516CA457100AF0243A1F76312C9DEFE
                                Malicious:false
                                Preview:p...... ..........$J';..(....................................................... ..........W....>6..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):328
                                Entropy (8bit):3.2441017925653757
                                Encrypted:false
                                SSDEEP:6:kKr9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:6DImsLNkPlE99SNxAhUe/3
                                MD5:DC6D1F45AC3BAA1A65D667D6B6357D12
                                SHA1:61AB31506F24F8A31EF80A9305CAE223CB42E9B3
                                SHA-256:E4734ED09272D869AC1964C7F697EF9DC57A6B140B8E17A43D0197175BA723DD
                                SHA-512:8CF8B719B7166D7BA5AB73EE4E4636B1AE561760C3E1AC59FA635C989037C1CF75D6681970D4866DFFCC8BA3D9B22725890A730F36F4C7143A2E95A9B31D9279
                                Malicious:false
                                Preview:p...... ........bz]\';..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:PostScript document text
                                Category:dropped
                                Size (bytes):1233
                                Entropy (8bit):5.233980037532449
                                Encrypted:false
                                SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                Malicious:false
                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:PostScript document text
                                Category:dropped
                                Size (bytes):1233
                                Entropy (8bit):5.233980037532449
                                Encrypted:false
                                SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                Malicious:false
                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:PostScript document text
                                Category:dropped
                                Size (bytes):1233
                                Entropy (8bit):5.233980037532449
                                Encrypted:false
                                SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                Malicious:false
                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:PostScript document text
                                Category:dropped
                                Size (bytes):10880
                                Entropy (8bit):5.214360287289079
                                Encrypted:false
                                SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                MD5:B60EE534029885BD6DECA42D1263BDC0
                                SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                Malicious:false
                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:PostScript document text
                                Category:dropped
                                Size (bytes):10880
                                Entropy (8bit):5.214360287289079
                                Encrypted:false
                                SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                MD5:B60EE534029885BD6DECA42D1263BDC0
                                SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                Malicious:false
                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):295
                                Entropy (8bit):5.3908011732206775
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXoDgLJ2YHQ5IRR4UhUR0Y6hKoAvJM3g98kUwPeUkwRe9:YvXKXMSzQWRuUhUGh5GMbLUkee9
                                MD5:AAACBDA3E58BF21EE37245446CD5AD94
                                SHA1:5AD4EAF3140381F8427AEC676A411E4C95D98741
                                SHA-256:8E22841F9755D63FCBC7F795C7188BB8FE989607233C27F09CED661BA9D1C6E3
                                SHA-512:4AB36D60EFA6E5D74D10D71F50FB57E38BED0E9069AE72F7247F011AC85BD050B9C5EA472E8594A7239D4743CE54F3847156EDE7162C9AFFA19CE95BAFAE5A6E
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"3d686de3-3152-41d7-a0eb-845d609d9186","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732265437587,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):294
                                Entropy (8bit):5.3419279141497915
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXoDgLJ2YHQ5IRR4UhUR0Y6hKoAvJfBoTfXpnrPeUkwRe9:YvXKXMSzQWRuUhUGh5GWTfXcUkee9
                                MD5:BE56EEE25CBBA2C2C4FAE2B5143497B2
                                SHA1:1F2BCFD07314CBCAB77170F74804B1C029DDEA92
                                SHA-256:1F9165747F9E90359B345A3341C8F2730E367E66839525941164C658FD8FBB52
                                SHA-512:AF738A2A210BA8622E674950F6BC6EFE380D8D550D76473449F66CB1E09CE33ED0C2A5E13319E14B498A7488405986AFEB37760EC24B3DAE3ECE243C420577E5
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"3d686de3-3152-41d7-a0eb-845d609d9186","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732265437587,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):294
                                Entropy (8bit):5.321414483287194
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXoDgLJ2YHQ5IRR4UhUR0Y6hKoAvJfBD2G6UpnrPeUkwRe9:YvXKXMSzQWRuUhUGh5GR22cUkee9
                                MD5:AF463E156EDB3D9C0C0387FB6335A245
                                SHA1:3138677A62EE8ED24EE1F05B42EFF3A411CCA317
                                SHA-256:E0AD29A25C5341188E46779BD4B44368E0E220F9DCEDC46EE7E1F8A365792832
                                SHA-512:244C2698B1538A8BAAFEB2AABD05C548D502E3BECF6B4492E3B976C66AC67FD93AE66DB72232CD39597466ECB4067D3C01F0C485FEEFA209E95A6B9D72CE00BB
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"3d686de3-3152-41d7-a0eb-845d609d9186","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732265437587,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):285
                                Entropy (8bit):5.380144091326708
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXoDgLJ2YHQ5IRR4UhUR0Y6hKoAvJfPmwrPeUkwRe9:YvXKXMSzQWRuUhUGh5GH56Ukee9
                                MD5:95D98BFCE4C82A91363F7BC35F0B8550
                                SHA1:8183FB198DF871251758799A3A523C097D905BE7
                                SHA-256:940D90A6B3D3C1D2AC5241E4C84EF61E4F428F140B22955F794684F0898B68D0
                                SHA-512:7A5307DF80399A1A85143C7B678FB805CC97E2D12DB96E2BE7860792673ECC5AC096E16790D8B0BB79AFCE1F67C423EDBE1088590776B2F3C851E082F2C0441D
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"3d686de3-3152-41d7-a0eb-845d609d9186","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732265437587,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1123
                                Entropy (8bit):5.690666136156512
                                Encrypted:false
                                SSDEEP:24:Yv6XPRUGhepLgE9cQx8LennAvzBvkn0RCmK8czOCCSJ:YvmU5hgy6SAFv5Ah8cv/J
                                MD5:270DE7C3B45855C2EFAA4B768A01008B
                                SHA1:CA152DE15D40ADBEA7C61AF5FC4C25DB0ADE5BAD
                                SHA-256:02F84BEFC569AC3D25140F2099D10A5675FE07AA2BCC42EF692ADA1BD4D1201B
                                SHA-512:799AF929D00CCABF595A10C4F45945D7C1C44336CF68B6074D9603BF38D7853F60F0984236F014ADEA699C4B98FE7E1F3DCDEB656A0392DD6498F5A0452C329C
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"3d686de3-3152-41d7-a0eb-845d609d9186","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732265437587,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1122
                                Entropy (8bit):5.684108759923734
                                Encrypted:false
                                SSDEEP:24:Yv6XPRUGhIVLgEwcp06ybnAvz7xHn0RCmK8czOCYHfl8zdBM:YvmU1FgSNycJUAh8cvYH3
                                MD5:09C14CD3816B4A731A5F3C3C26F45B55
                                SHA1:EF290F8C26F8E05FAA036B268095D6F23DD08E26
                                SHA-256:2A929E98872D9D295F95D811410FCF1611939A50AFABC128E12C579DD1434582
                                SHA-512:4967F7D8E81375E18C3A011C4BCCFD7246C3D4B20EB214A5F0FC9ECB18A0AD60EB05F26AF0E5D3D5732E05C34E658AF8F6F400CC8A0E5EC6311E815FBAAED309
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"3d686de3-3152-41d7-a0eb-845d609d9186","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732265437587,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_0","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"1aad653c-ef44-43f7-be1c-3a2ba2cf2cfc","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuIFBERiBmb3JtcyAmIGFncmVlbWVudHMuIn0sInRjY
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):292
                                Entropy (8bit):5.3279625208010835
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXoDgLJ2YHQ5IRR4UhUR0Y6hKoAvJfQ1rPeUkwRe9:YvXKXMSzQWRuUhUGh5GY16Ukee9
                                MD5:58F43C87E2D83038A9967727AAA5D76F
                                SHA1:09BACDBE1E808E2EC76AB65F69B844E6EAF47FE3
                                SHA-256:3F588DACCEF37EE35FF217767125616E469F21DC2D4F6B1A3D74204A8921973E
                                SHA-512:C48EB2E4815D7BECA333CFA4B9580C5D1628683EB5E99B8BC27C9EE7B94483A48175B0A72E5D3050C113803BF3D7F0A7AC5E3232FDC49ABF32C1F98884546ACB
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"3d686de3-3152-41d7-a0eb-845d609d9186","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732265437587,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1102
                                Entropy (8bit):5.6731019399467035
                                Encrypted:false
                                SSDEEP:24:Yv6XPRUGhN2LgErcXWl7y0nAvzIBcSJCBViVM:YvmUUogH47yfkB5kVJ
                                MD5:1658E84D8AB973921CEB5580A64FECCF
                                SHA1:A14C161748545E21DAB7D920F7631D50E76C6EF8
                                SHA-256:8270CC2F790DCF45ED52009278BCF007409D19073AD8C9D66FD68491F57F551F
                                SHA-512:350A9018A12CE15C3A5EA55DE006ED4DF06E4981E361E6F5CE7306024B68F01A67DEFBED86A5E0AA994E1895E1005DD86FF2E5B80B1041305602B76DB43B2052
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"3d686de3-3152-41d7-a0eb-845d609d9186","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732265437587,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_1","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"533ab5eb-b236-4889-89a5-ac002261d71e","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkVkaXRQREZSZHJBcHBGdWxsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTRweCIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTJweCIsImZvbnRfc3R5bGUiOiItMSJ9LCJ0aXRsZSI6bnVsbCwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiJ9LCJ0Y2F0SWQiOm51bGx9","da
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1164
                                Entropy (8bit):5.700038267073867
                                Encrypted:false
                                SSDEEP:24:Yv6XPRUGhlKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5M:YvmUkEgqprtrS5OZjSlwTmAfSKq
                                MD5:9C2A396A2CCF0B4F113E22B6427325AF
                                SHA1:9F8660717FEA217D2E1CFDC7C55ED297DA21658C
                                SHA-256:BF734A5151F446BAC3B09014E4752610D96A04D9201FC97D5C9F1761379FE1CC
                                SHA-512:0C0C134A6C7471C9319BD7F7E2785742C432855609AD19FE04D7FA267661BF0E7D77FBAD1AA307A70503F71B014550325B78144A33AC887A10B397DC7D7488B7
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"3d686de3-3152-41d7-a0eb-845d609d9186","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732265437587,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):289
                                Entropy (8bit):5.331120036723136
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXoDgLJ2YHQ5IRR4UhUR0Y6hKoAvJfYdPeUkwRe9:YvXKXMSzQWRuUhUGh5Gg8Ukee9
                                MD5:49E2E6DAF97D1FF664418D545697832E
                                SHA1:B7FBF10F088903B5876530B6162E411EB799F9FA
                                SHA-256:50B9D74295C2101B7082F10793E3EE62644DF75AF8745C3366B1280DAAED5FEC
                                SHA-512:37A6686E012C9FC1C64B9A8E8FCF13FB3251B2546CEF6BB65978E6E23AB551905F611254B81A7E758BE76798504AE248ACD4450A1C04995E73494A8DB6217DB7
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"3d686de3-3152-41d7-a0eb-845d609d9186","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732265437587,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):284
                                Entropy (8bit):5.3180172884441275
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXoDgLJ2YHQ5IRR4UhUR0Y6hKoAvJf+dPeUkwRe9:YvXKXMSzQWRuUhUGh5G28Ukee9
                                MD5:9D4874D100C5D3A506105DAF523695FC
                                SHA1:C72001333405C007D61682A757211D7CCF9CD78A
                                SHA-256:33ABF2DE9D856CAD5E47AC072D90BC9FEDD08EAEE370D63A0661FD0A05A86154
                                SHA-512:E4E521FD59A5E004BCE56FF1818F43FB7BB6CA71D1190B05C13C4CF794A283D0CD09497D7794DC77D3E5DF5E6E3FA9005B1C87AC97374F63C010FDAB73FFE93F
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"3d686de3-3152-41d7-a0eb-845d609d9186","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732265437587,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):291
                                Entropy (8bit):5.314453250983095
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXoDgLJ2YHQ5IRR4UhUR0Y6hKoAvJfbPtdPeUkwRe9:YvXKXMSzQWRuUhUGh5GDV8Ukee9
                                MD5:7CA613F02CAD3EE945AFF0EB4EC2A950
                                SHA1:91FE21D0C5DE9F73FA2F7EC5E332CBABBC6E384F
                                SHA-256:046F6D5C105D30E06F930A2631E72B0FB61B4ED0E2835B962D46166D5D99BAA9
                                SHA-512:0DBB36560F5BE01F4E7FC35AAD32754AE1524EA8FCE8F7354ABC08931A23CEE679F1B085B411C87B85545D8E35528FEBEEDD10D1E0D82BA3582B4E87DFD2FF90
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"3d686de3-3152-41d7-a0eb-845d609d9186","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732265437587,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):287
                                Entropy (8bit):5.317950938466892
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXoDgLJ2YHQ5IRR4UhUR0Y6hKoAvJf21rPeUkwRe9:YvXKXMSzQWRuUhUGh5G+16Ukee9
                                MD5:E15DE313746A34967BA29650205FA892
                                SHA1:767222A2C5F31C2B845A986D3E81C80EC03BAF5E
                                SHA-256:A5CEC90527F4FE2FB6BF75CBF112A3A9EFB56F539AA3139E06947A93A3F92513
                                SHA-512:00BA324E1DD8C1D27CB6F0269295C7901DCE0C0FCB1D90DD7354B6EFBAAD749C654D8887FFE4339FF20B5F77406F40CCA6B2B9FA272C4295BE7BC8FF4148A8BE
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"3d686de3-3152-41d7-a0eb-845d609d9186","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732265437587,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1090
                                Entropy (8bit):5.6645378415830825
                                Encrypted:false
                                SSDEEP:24:Yv6XPRUGhCamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSJ:YvmUVBgkDMUJUAh8cvMJ
                                MD5:DE08F6E3C2C06D2A080F7ABAA76530AF
                                SHA1:DDCB5BDCBED202A448E39528B5F1099F01ABA980
                                SHA-256:BFD547C1EBE1D2374B9127B0C08A1C23E07DB3755626C490CF35B0BB34167189
                                SHA-512:39C5CC4153641359BCD991F97D76BBFC93AB4D0A5E1BCE9360E9BC1CA9F4E4E9E1CD6E33CF57B50F9C425CFC2E49D6850D8E1DB165ED501C80FB93C8D3FD2E3F
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"3d686de3-3152-41d7-a0eb-845d609d9186","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732265437587,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):286
                                Entropy (8bit):5.2918118268965415
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HXoDgLJ2YHQ5IRR4UhUR0Y6hKoAvJfshHHrPeUkwRe9:YvXKXMSzQWRuUhUGh5GUUUkee9
                                MD5:1940E90CFBD4A3DD9E32A7F24AD0011A
                                SHA1:349801D6751592EF80E8BAC01403D8B7D4629B50
                                SHA-256:413F043B88E05BA85FA0532E0A9BA043BC6DD4DE4C2D623F8EAC00FDF19DF635
                                SHA-512:54C2F2C7F8D5FF1D489BA71EDD7EC34E60FBD3E16E13C5C7DA89F80DF0660A8EBBBE3F44EBC1D650D1ABEEA4901B0494B42403E1999AEE22829BA1514204D1F1
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"3d686de3-3152-41d7-a0eb-845d609d9186","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732265437587,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):782
                                Entropy (8bit):5.3719901168775674
                                Encrypted:false
                                SSDEEP:12:YvXKXMSzQWRuUhUGh5GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW4:Yv6XPRUGhV168CgEXX5kcIfANhJ
                                MD5:DC73F1B8168D4A9A37235ACF00BD233C
                                SHA1:8753A4D6E38BCF9853D4AFEAD7F0DB38652DA87F
                                SHA-256:BA28FE0588B7C79544914F88855C3B1EAD82974D6AC87CBAC15C2C75F427E940
                                SHA-512:2C343AC18DE397373690954453F8AEDAC835E10D23D77C644B75464C56EAAF8B785EB173ADDC592DA1EAE387BA7F691FB11BA90B9B2F08D8274A425681AE62F4
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"3d686de3-3152-41d7-a0eb-845d609d9186","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732265437587,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1732091782618}}}}
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):4
                                Entropy (8bit):0.8112781244591328
                                Encrypted:false
                                SSDEEP:3:e:e
                                MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                Malicious:false
                                Preview:....
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2817
                                Entropy (8bit):5.118573277634307
                                Encrypted:false
                                SSDEEP:24:YdVa9May+j90WxzPvUC+SEFW6pozrKJOjx0qj0S6nBCO2uzP2LSkRBMHoXLh5Z9x:YKZ08znUxSX6pMOM8tZzPCnMiNn9XcJw
                                MD5:A6101FA015B1300DF1E20B0BF7521DB6
                                SHA1:034BF3C3BE6B35F0E1D9AD257B3B4C6C1C753E58
                                SHA-256:C9A257A7F6DEAD4590665C3163E4E66143DD9D4DE4C3F4F19983D00AFD3052F3
                                SHA-512:123F811BE3323AC23561761960EF038DCAE554B098A62D0958234F2770134584F444FDF46D1B7E945140EECDFCAFB45C1ED02A7A229AFC3D56425861A03C5609
                                Malicious:false
                                Preview:{"all":[{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"99a210c67beec42aeccb4ce704fc4b7c","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1732091781000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"a63b2171a2ea9c9d4c44239dc2d38e8f","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1732091781000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"eab55a5e46d66a5ed616989b720661c2","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1732091781000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"7d645ea5b3b8614ccddc11ad7b8bfbce","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1102,"ts":1732091781000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"4315dae2227177714ceea786f9ed8b3d","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1122,"ts":1732091781000},{"id":"Edit_InApp_Aug2020","info":{"dg":"7c8a96911e7fcc81059e5a7b476d9029","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                                Category:dropped
                                Size (bytes):12288
                                Entropy (8bit):0.9886379639427479
                                Encrypted:false
                                SSDEEP:24:TLHRx/XYKQvGJF7urs67Y9QmQ6QegsNnIcLESiAieIsNnF:TVl2GL7ms67YXtrgOIcI8kOF
                                MD5:BC2E128F3FC8897B15CDCBFEFFC225CD
                                SHA1:0A4E8FDED8305E98384C4C4A4396B49195DA91FF
                                SHA-256:C62F25E558846BEF82CC74E3F7D29DEA4493003E624930F278C12BB3BE9FC113
                                SHA-512:6AB6BE3B0A681921FCFF31A13689D8CB918E0ADD679FC54521760B2D30A237A0A5F626421CBFC9510EE42B38C61A6F8D40EE730723194AECA249837635F7391C
                                Malicious:false
                                Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:SQLite Rollback Journal
                                Category:dropped
                                Size (bytes):8720
                                Entropy (8bit):1.344301020707145
                                Encrypted:false
                                SSDEEP:24:7+tIASY9QmQ6QegsNn7cLESiAi0mY9QVqLBx/XYKQvGJF7ursyU:7MIlYXtrgO7cI8KY8qll2GL7msP
                                MD5:3EDD80D5A7BD209B6CAE499FEADA789D
                                SHA1:4C0D9114A3752E7FB5894892FEF1587453FA61F5
                                SHA-256:1EE9A557CF5667A20B9E326E75C75E4CCE75E355A32E1602EDDE7DA1F0D7808C
                                SHA-512:00BF5EC692FAE8F27F4C467F649ECF903D127AD2C6B25F61006479924FC2846011AB8CAC4C15DB5DCBF0ABC9828262DC0595448E6981654AC3E31BC805B94ECF
                                Malicious:false
                                Preview:.... .c.....I}.O......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):66726
                                Entropy (8bit):5.392739213842091
                                Encrypted:false
                                SSDEEP:768:RNOpblrU6TBH44ADKZEgcnH9fWTSWUytuy2+TU1Ad3tYyu:6a6TZ44ADEcndfWTSQWANtK
                                MD5:E09E23D9AD97880D63CDAF150274B0B3
                                SHA1:896A57657B6C27FEC63573F3E23F25FD68CBB93D
                                SHA-256:6F7B0DD787A8D8774BF39290C7790DB63ACE8ACD9645DCD7B7A6C9B9E7569367
                                SHA-512:1E8AA48D1CAFCFEF6D3474749B9E32A2A0F9A6395A975C565EA7359EAD90740FD7193A7DD4C285B4F16C32B9215A0BD6069E92702F643170361942178469F26D
                                Malicious:false
                                Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):246
                                Entropy (8bit):3.5097251598291805
                                Encrypted:false
                                SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8QOOltI0lH:Qw946cPbiOxDlbYnuRKZOOXI09
                                MD5:6F11BF19A32F9199B924CD66F35BC6A5
                                SHA1:DC79539530783626965EFAAED9568DD3C6D2F63A
                                SHA-256:2AA5663A861B24AFE291367E69C57F7B2530FB351583CDC5FEE24704EE0DB74C
                                SHA-512:4E1FE5C9782693182BC791178E097E5F4F004B203978FFC3C5ECB5E0274FA90AD3C3B98C6DCF7CB33D959A313AA4B1E980453761FBD92A43F6F6CE5CE417B68F
                                Malicious:false
                                Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.0./.1.1./.2.0.2.4. . .0.3.:.3.6.:.2.1. .=.=.=.....
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:ASCII text, with very long lines (393)
                                Category:dropped
                                Size (bytes):16525
                                Entropy (8bit):5.353642815103214
                                Encrypted:false
                                SSDEEP:384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL
                                MD5:91F06491552FC977E9E8AF47786EE7C1
                                SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
                                SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
                                SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
                                Malicious:false
                                Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                Category:dropped
                                Size (bytes):15114
                                Entropy (8bit):5.351916412164242
                                Encrypted:false
                                SSDEEP:384:JS8n0+V/69taQ3LTkChsBLUVpSjrNUYDO5wk2KHyL6FMDtYluMd2soNoNQHZQ+rq:BzkL9V
                                MD5:58A9082562295F3CC62F7B8D23520761
                                SHA1:1B2D553D222794CFDA4568E08285998C83ADF16F
                                SHA-256:64CD5E4B32D640A0BD0F4718DB9C8A4EAEBD7DFE4A16AAB857101AD76E624BCD
                                SHA-512:BCC562E203A2BDFE1A1B67C3C89020E1CDF4D3AD1E1DF7C08F0483BFD91A1C69AD1B080FBAEE4C9764995A5A0B1B4C522A516348B2C75835F91A300D575AFB7F
                                Malicious:false
                                Preview:SessionID=db17567b-a5b2-49a6-b741-ed64fe0172f3.1732091776580 Timestamp=2024-11-20T03:36:16:580-0500 ThreadID=6204 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=db17567b-a5b2-49a6-b741-ed64fe0172f3.1732091776580 Timestamp=2024-11-20T03:36:16:582-0500 ThreadID=6204 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=db17567b-a5b2-49a6-b741-ed64fe0172f3.1732091776580 Timestamp=2024-11-20T03:36:16:582-0500 ThreadID=6204 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=db17567b-a5b2-49a6-b741-ed64fe0172f3.1732091776580 Timestamp=2024-11-20T03:36:16:582-0500 ThreadID=6204 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=db17567b-a5b2-49a6-b741-ed64fe0172f3.1732091776580 Timestamp=2024-11-20T03:36:16:582-0500 ThreadID=6204 Component=ngl-lib_NglAppLib Description="SetConf
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):29752
                                Entropy (8bit):5.418924399448364
                                Encrypted:false
                                SSDEEP:192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcbKcbFeIDxcbR:fhWlA/TV2HDu
                                MD5:87B25FC6F050412760F93AB2E12EC0CA
                                SHA1:B81934979C5D575CBE206067488FDAEFA195DB08
                                SHA-256:55E46A712FD8294487925F7B1B37B5CBD21354C86C85EC6DCD9DC7EF11042546
                                SHA-512:3EEEC6010BB3981D159373F80FE353ED60C7E0FFA0775A198E325F6F4116E13EDA48EBEEA92052971312723E16D6132FEDC9348894C4C52B5171B64688829FEC
                                Malicious:false
                                Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                Category:dropped
                                Size (bytes):758601
                                Entropy (8bit):7.98639316555857
                                Encrypted:false
                                SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                MD5:3A49135134665364308390AC398006F1
                                SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                Malicious:false
                                Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                Category:dropped
                                Size (bytes):1407294
                                Entropy (8bit):7.97605879016224
                                Encrypted:false
                                SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                                MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                                SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                                SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                                SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                                Malicious:false
                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                Category:dropped
                                Size (bytes):386528
                                Entropy (8bit):7.9736851559892425
                                Encrypted:false
                                SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                Malicious:false
                                Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                Category:dropped
                                Size (bytes):1419751
                                Entropy (8bit):7.976496077007677
                                Encrypted:false
                                SSDEEP:24576:/xA7ouWLgGZtwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVuWLgGZtwZGk3mlind9i4ufFXpAXkru
                                MD5:A8E5C37206C98D1B655FF994A420FFB6
                                SHA1:827237782AB5971EC205C3BCECCC7950BE9F84C3
                                SHA-256:F1F755059AF7C2CBC36920337941AEFB18FBDB3CD14D3239CBBBCF0CB8F208EA
                                SHA-512:12DE33EB7624458AEC44D83D4E2C09E626F8E54E177FC0C26EEBA232935F34FAAAEB71FBB025EB7C53BEA9933C46ADCE759C32516D1B80C03B6734C61D61CEB2
                                Malicious:false
                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                                File type:data
                                Entropy (8bit):7.373151494401524
                                TrID:
                                  File name:malicious.pdf
                                  File size:4'673 bytes
                                  MD5:18f28301e3a28e641428a35be5412f3c
                                  SHA1:309db4d0a6dac3e7dad08ebf457e951d7211b4f2
                                  SHA256:bff4f8d4e255115b1e9259c1f7bbad7b2ffa2f0718734f78b4060eefc3bc698f
                                  SHA512:133bc47621c1108ca42f7d4370618805f7892e13cec48578a56e35b94bcfe9be1c64d5e83640d9c648bd8cbc20375ff63abc157947fb3da73b5892755fade62e
                                  SSDEEP:96:lfhAFnzA4xEN8Mtr+oMboMWRoMboMgm5dClVVVVVVVVVu6hDFDQAyYkbv1AyYkba:lJAFzAbXtr+oMboMWRoMboMgm5oDFWYn
                                  TLSH:87A1D98721DBAC844865C2689037D59D660FF36F484C9648C3EAD1B5D3BB7B18867C37
                                  File Content Preview:v+...,Z..I.-...........irV...(6..j[)j{-.W........V....xCTH...|.._q ...M2.fi...]m..`+.|...v...[.)........l.)^m.$.....(.......)^...j....Z......Q*)........l.)^m.$.....(.....o.........zk(}..j.ejx.j..5D..n.n'.......t<.........)j....r...rH+...r.h..(v..z.)j{-.W.
                                  Icon Hash:62cc8caeb29e8ae0
                                  TimestampSource PortDest PortSource IPDest IP
                                  Nov 20, 2024 09:36:28.007227898 CET49713443192.168.2.1623.47.168.24
                                  Nov 20, 2024 09:36:28.007253885 CET4434971323.47.168.24192.168.2.16
                                  Nov 20, 2024 09:36:28.007323027 CET49713443192.168.2.1623.47.168.24
                                  Nov 20, 2024 09:36:28.007492065 CET49713443192.168.2.1623.47.168.24
                                  Nov 20, 2024 09:36:28.007507086 CET4434971323.47.168.24192.168.2.16
                                  Nov 20, 2024 09:36:28.570178032 CET4434971323.47.168.24192.168.2.16
                                  Nov 20, 2024 09:36:28.570518017 CET49713443192.168.2.1623.47.168.24
                                  Nov 20, 2024 09:36:28.570544958 CET4434971323.47.168.24192.168.2.16
                                  Nov 20, 2024 09:36:28.572025061 CET4434971323.47.168.24192.168.2.16
                                  Nov 20, 2024 09:36:28.572096109 CET49713443192.168.2.1623.47.168.24
                                  Nov 20, 2024 09:36:28.574223995 CET49713443192.168.2.1623.47.168.24
                                  Nov 20, 2024 09:36:28.574320078 CET4434971323.47.168.24192.168.2.16
                                  Nov 20, 2024 09:36:28.574409008 CET49713443192.168.2.1623.47.168.24
                                  Nov 20, 2024 09:36:28.574419975 CET4434971323.47.168.24192.168.2.16
                                  Nov 20, 2024 09:36:28.621098042 CET49713443192.168.2.1623.47.168.24
                                  Nov 20, 2024 09:36:28.672339916 CET4434971323.47.168.24192.168.2.16
                                  Nov 20, 2024 09:36:28.672481060 CET4434971323.47.168.24192.168.2.16
                                  Nov 20, 2024 09:36:28.672606945 CET49713443192.168.2.1623.47.168.24
                                  Nov 20, 2024 09:36:28.673415899 CET49713443192.168.2.1623.47.168.24
                                  Nov 20, 2024 09:36:28.673441887 CET4434971323.47.168.24192.168.2.16
                                  TimestampSource PortDest PortSource IPDest IP
                                  Nov 20, 2024 09:36:27.555752039 CET5232653192.168.2.161.1.1.1
                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Nov 20, 2024 09:36:27.555752039 CET192.168.2.161.1.1.10x9526Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Nov 20, 2024 09:36:18.496469021 CET1.1.1.1192.168.2.160xb576No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCNAME (Canonical name)IN (0x0001)false
                                  Nov 20, 2024 09:36:18.496469021 CET1.1.1.1192.168.2.160xb576No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.18A (IP address)IN (0x0001)false
                                  Nov 20, 2024 09:36:18.496469021 CET1.1.1.1192.168.2.160xb576No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.34A (IP address)IN (0x0001)false
                                  Nov 20, 2024 09:36:18.496469021 CET1.1.1.1192.168.2.160xb576No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.20A (IP address)IN (0x0001)false
                                  Nov 20, 2024 09:36:18.496469021 CET1.1.1.1192.168.2.160xb576No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.19A (IP address)IN (0x0001)false
                                  Nov 20, 2024 09:36:18.496469021 CET1.1.1.1192.168.2.160xb576No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.35A (IP address)IN (0x0001)false
                                  Nov 20, 2024 09:36:18.496469021 CET1.1.1.1192.168.2.160xb576No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.36A (IP address)IN (0x0001)false
                                  Nov 20, 2024 09:36:27.562616110 CET1.1.1.1192.168.2.160x9526No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                  Nov 20, 2024 09:36:28.324673891 CET1.1.1.1192.168.2.160xdcf2No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                  Nov 20, 2024 09:36:28.324673891 CET1.1.1.1192.168.2.160xdcf2No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                  Nov 20, 2024 09:36:41.343367100 CET1.1.1.1192.168.2.160xa23dNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                  Nov 20, 2024 09:36:41.343367100 CET1.1.1.1192.168.2.160xa23dNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                  Nov 20, 2024 09:36:53.770317078 CET1.1.1.1192.168.2.160xc6f7No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                  Nov 20, 2024 09:36:53.770317078 CET1.1.1.1192.168.2.160xc6f7No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                  • armmf.adobe.com
                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  0192.168.2.164971323.47.168.244436552C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                  TimestampBytes transferredDirectionData
                                  2024-11-20 08:36:28 UTC390OUTGET /onboarding/smskillreader.txt HTTP/1.1
                                  Host: armmf.adobe.com
                                  Connection: keep-alive
                                  Accept-Language: en-US,en;q=0.9
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                  Sec-Fetch-Site: same-origin
                                  Sec-Fetch-Mode: no-cors
                                  Sec-Fetch-Dest: empty
                                  Accept-Encoding: gzip, deflate, br
                                  2024-11-20 08:36:28 UTC247INHTTP/1.1 200 OK
                                  Server: Apache
                                  Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                                  ETag: "78-5faa31cce96da"
                                  Accept-Ranges: bytes
                                  Content-Length: 120
                                  Content-Type: text/plain; charset=UTF-8
                                  Date: Wed, 20 Nov 2024 08:36:28 GMT
                                  Connection: close
                                  2024-11-20 08:36:28 UTC120INData Raw: 46 69 6c 65 20 74 68 61 74 20 61 63 74 73 20 6c 69 6b 65 20 61 20 4b 69 6c 6c 20 73 77 69 74 63 68 20 66 6f 72 20 53 4d 53 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 69 6e 20 52 65 61 64 65 72 2e 20 44 65 6c 65 74 65 20 74 68 69 73 20 66 69 6c 65 20 74 6f 20 65 6e 61 62 6c 65 20 74 68 65 20 6b 69 6c 6c 20 73 77 69 74 63 68 20 69 6e 20 52 65 61 64 65 72 2e
                                  Data Ascii: File that acts like a Kill switch for SMS functionality in Reader. Delete this file to enable the kill switch in Reader.


                                  Click to jump to process

                                  Click to jump to process

                                  Click to dive into process behavior distribution

                                  Click to jump to process

                                  Target ID:0
                                  Start time:03:36:12
                                  Start date:20/11/2024
                                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\malicious.pdf"
                                  Imagebase:0x7ff7f24d0000
                                  File size:5'641'176 bytes
                                  MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:false

                                  Target ID:3
                                  Start time:03:36:16
                                  Start date:20/11/2024
                                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                  Imagebase:0x7ff6d2d30000
                                  File size:3'581'912 bytes
                                  MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:false

                                  Target ID:4
                                  Start time:03:36:17
                                  Start date:20/11/2024
                                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1568,i,3100234640448573471,16781718613687927761,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                  Imagebase:0x7ff6d2d30000
                                  File size:3'581'912 bytes
                                  MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:false

                                  Target ID:14
                                  Start time:03:36:33
                                  Start date:20/11/2024
                                  Path:C:\Windows\System32\rundll32.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                  Imagebase:0x7ff6219a0000
                                  File size:71'680 bytes
                                  MD5 hash:EF3179D498793BF4234F708D3BE28633
                                  Has elevated privileges:false
                                  Has administrator privileges:false
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  No disassembly