Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Exhibit 7 - Catalogue Mattress-Jan 2024.pdf

Overview

General Information

Sample name:Exhibit 7 - Catalogue Mattress-Jan 2024.pdf
Analysis ID:1559724
MD5:225d43650452e5075fc72fe303f9b41f
SHA1:d988b73f991791033b730acc56712312fcb1971e
SHA256:81a2b59d4267a52ebd7ac6994e1299b4bc65c8ce6181beaa213a211004dc543f
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs DNS queries)

Classification

  • System is w10x64
  • Acrobat.exe (PID: 7116 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Exhibit 7 - Catalogue Mattress-Jan 2024.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 764 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 4800 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1596,i,9765931501288519504,15496460262962559114,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: classification engineClassification label: clean0.winPDF@14/48@1/0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-20 15-20-32-690.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: ReaderMessages-journal.0.drBinary or memory string: CREATE TABLE GlobalState (LastSuccessfulSync DATE, HTTPModifiedDate DATE, FileLastModifiedDate DATE, TestPopulation VARCHAR(30), TestSegment VARCHAR(30), ProductName VARCHAR(30), ProductMajorVersion INTEGER, ProductMinorVersion INTEGER, LicenseState VARCHAR(15), Language VARCHAR(15), OEM VARCHAR(15), Channel VARCHAR(15) );j
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Exhibit 7 - Catalogue Mattress-Jan 2024.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1596,i,9765931501288519504,15496460262962559114,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1596,i,9765931501288519504,15496460262962559114,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Exhibit 7 - Catalogue Mattress-Jan 2024.pdfInitial sample: PDF keyword /JS count = 0
Source: Exhibit 7 - Catalogue Mattress-Jan 2024.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Exhibit 7 - Catalogue Mattress-Jan 2024.pdfInitial sample: PDF keyword stream count = 55
Source: Exhibit 7 - Catalogue Mattress-Jan 2024.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: Exhibit 7 - Catalogue Mattress-Jan 2024.pdfInitial sample: PDF keyword /ObjStm count = 12
Source: Exhibit 7 - Catalogue Mattress-Jan 2024.pdfInitial sample: PDF keyword obj count = 73
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Exploitation for Client Execution
Path Interception1
Process Injection
1
Masquerading
OS Credential Dumping1
System Information Discovery
Remote ServicesData from Local System1
Non-Application Layer Protocol
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1559724 Sample: Exhibit 7 - Catalogue Mattr... Startdate: 20/11/2024 Architecture: WINDOWS Score: 0 13 x1.i.lencr.org 2->13 15 bg.microsoft.map.fastly.net 2->15 7 Acrobat.exe 17 71 2->7         started        process3 process4 9 AcroCEF.exe 107 7->9         started        process5 11 AcroCEF.exe 4 9->11         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    high
    x1.i.lencr.org
    unknown
    unknownfalse
      high
      NameSourceMaliciousAntivirus DetectionReputation
      http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
        high
        No contacted IP infos
        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1559724
        Start date and time:2024-11-20 21:19:31 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 4m 12s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowspdfcookbook.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:14
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:Exhibit 7 - Catalogue Mattress-Jan 2024.pdf
        Detection:CLEAN
        Classification:clean0.winPDF@14/48@1/0
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        Cookbook Comments:
        • Found application associated with file extension: .pdf
        • Found PDF document
        • Close Viewer
        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 184.28.88.176, 162.159.61.3, 172.64.41.3, 52.202.204.11, 54.227.187.23, 23.22.254.206, 52.5.13.197, 23.195.39.65, 199.232.214.172, 2.18.64.223, 2.18.64.220, 23.218.208.137
        • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, client.wns.windows.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, storeedgefd.dsx.mp.microsoft.com, crl.root-x1.letsencrypt.org.edgekey.net
        • VT rate limit hit for: Exhibit 7 - Catalogue Mattress-Jan 2024.pdf
        TimeTypeDescription
        15:20:41API Interceptor2x Sleep call for process: AcroCEF.exe modified
        No context
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        bg.microsoft.map.fastly.netFax-494885 Boswell Automotive Group.xlsxGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        PNSBt.jsGet hashmaliciousAsyncRATBrowse
        • 199.232.214.172
        aNZZ9YFI6g.exeGet hashmaliciousAsyncRAT, PureLog StealerBrowse
        • 199.232.214.172
        Qvidian.dotmGet hashmaliciousUnknownBrowse
        • 199.232.214.172
        Isabella County Emergency Management-protected.pdfGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        KRcLFIz5PCQunB7.exeGet hashmaliciousQuasarBrowse
        • 199.232.214.172
        file.exeGet hashmaliciousJasonRATBrowse
        • 199.232.214.172
        AI_ChainedPackageFile.VistaSoftware.exeGet hashmaliciousPureCrypterBrowse
        • 199.232.214.172
        740d3a.msiGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        AaronGiles(1).exeGet hashmaliciousPureCrypterBrowse
        • 199.232.210.172
        No context
        No context
        No context
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):295
        Entropy (8bit):5.143746234024927
        Encrypted:false
        SSDEEP:6:HHQdSyq2PN72nKuAl9OmbnIFUt8YHQdANj1Zmw+YHQdAN1RkwON72nKuAl9Ombjd:nXyvVaHAahFUt8kF/+khR5OaHAaSJ
        MD5:71DB3B2568B5E5EAA36FF03AF392107D
        SHA1:3362E8C77C7A46D1CE26558FB1C42F5753DB8964
        SHA-256:409F5110886F75DD91F2CFCA06CE2A49B2555BE9F1175C4C6B9E45B20F76C7A8
        SHA-512:E3328E03D63D552E87615BB8B3A524535098BD1EF5B1E54412118378F9B395EB6A695CBDD51403A999AE0B5D5D33FC37E4A0E935C56AA0D6030C3816460EF3DF
        Malicious:false
        Reputation:low
        Preview:2024/11/20-15:20:30.662 e34 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/20-15:20:30.664 e34 Recovering log #3.2024/11/20-15:20:30.664 e34 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):295
        Entropy (8bit):5.143746234024927
        Encrypted:false
        SSDEEP:6:HHQdSyq2PN72nKuAl9OmbnIFUt8YHQdANj1Zmw+YHQdAN1RkwON72nKuAl9Ombjd:nXyvVaHAahFUt8kF/+khR5OaHAaSJ
        MD5:71DB3B2568B5E5EAA36FF03AF392107D
        SHA1:3362E8C77C7A46D1CE26558FB1C42F5753DB8964
        SHA-256:409F5110886F75DD91F2CFCA06CE2A49B2555BE9F1175C4C6B9E45B20F76C7A8
        SHA-512:E3328E03D63D552E87615BB8B3A524535098BD1EF5B1E54412118378F9B395EB6A695CBDD51403A999AE0B5D5D33FC37E4A0E935C56AA0D6030C3816460EF3DF
        Malicious:false
        Reputation:low
        Preview:2024/11/20-15:20:30.662 e34 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/20-15:20:30.664 e34 Recovering log #3.2024/11/20-15:20:30.664 e34 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):342
        Entropy (8bit):5.173315179130804
        Encrypted:false
        SSDEEP:6:HHQdTS+q2PN72nKuAl9Ombzo2jMGIFUt8YHQdIWZmw+YHQd4VkwON72nKuAl9OmT:n4vVaHAa8uFUt8kFW/+kF5OaHAa8RJ
        MD5:40AC957484B5E58914336D7E39A0470B
        SHA1:488520C6E515EFADF6149863A04DD16CA37D2C47
        SHA-256:9A50658A16F57FADE7C32F4627FA5E59F87CAB2D782FA84E7D8D3FDA1DA26E5B
        SHA-512:93AA03BE0FDE3F37181FCC9A8D0CFD56A767A1010934798D664ADD0617B5CDD815F4F51B43B3BEF21CE72AE2041C10E8511EDF4F4649A1E861475551D959D2CF
        Malicious:false
        Reputation:low
        Preview:2024/11/20-15:20:30.705 1638 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/20-15:20:30.706 1638 Recovering log #3.2024/11/20-15:20:30.707 1638 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):342
        Entropy (8bit):5.173315179130804
        Encrypted:false
        SSDEEP:6:HHQdTS+q2PN72nKuAl9Ombzo2jMGIFUt8YHQdIWZmw+YHQd4VkwON72nKuAl9OmT:n4vVaHAa8uFUt8kFW/+kF5OaHAa8RJ
        MD5:40AC957484B5E58914336D7E39A0470B
        SHA1:488520C6E515EFADF6149863A04DD16CA37D2C47
        SHA-256:9A50658A16F57FADE7C32F4627FA5E59F87CAB2D782FA84E7D8D3FDA1DA26E5B
        SHA-512:93AA03BE0FDE3F37181FCC9A8D0CFD56A767A1010934798D664ADD0617B5CDD815F4F51B43B3BEF21CE72AE2041C10E8511EDF4F4649A1E861475551D959D2CF
        Malicious:false
        Reputation:low
        Preview:2024/11/20-15:20:30.705 1638 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/20-15:20:30.706 1638 Recovering log #3.2024/11/20-15:20:30.707 1638 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:modified
        Size (bytes):475
        Entropy (8bit):4.96930632548093
        Encrypted:false
        SSDEEP:12:YH/um3RA8sq3hsBdOg2H5zcaq3QYiubcP7E4TX:Y2sRdsHdMH5K3QYhbA7n7
        MD5:DD37F82325396DDFFAD88B82D2CBCD66
        SHA1:3466956564A5B291ACA580AD3A64DB1D17FF3EA1
        SHA-256:E7CBC01B0A229857D322679808C064A1E1324977D8E4CB7D1E7EF683CA77F986
        SHA-512:7EF66D617221E16B52784F24FF3220935A023583F3BBF4B80505142848F09CBC4D6AAC549C1192F69E449FE0B4FBA4D25549B16269C8E146D9C1E71A5ADB7135
        Malicious:false
        Reputation:low
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13376694039422794","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":678938},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):475
        Entropy (8bit):4.971824627296864
        Encrypted:false
        SSDEEP:12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7
        MD5:F326539D084B03D88254A74D6018F692
        SHA1:395B367E0E3554C3E78A8211F2D4B9F0F427CA87
        SHA-256:9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007
        SHA-512:C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539
        Malicious:false
        Reputation:moderate, very likely benign file
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341048370594526","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":151499},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):475
        Entropy (8bit):4.971824627296864
        Encrypted:false
        SSDEEP:12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7
        MD5:F326539D084B03D88254A74D6018F692
        SHA1:395B367E0E3554C3E78A8211F2D4B9F0F427CA87
        SHA-256:9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007
        SHA-512:C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539
        Malicious:false
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341048370594526","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":151499},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):475
        Entropy (8bit):4.971824627296864
        Encrypted:false
        SSDEEP:12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7
        MD5:F326539D084B03D88254A74D6018F692
        SHA1:395B367E0E3554C3E78A8211F2D4B9F0F427CA87
        SHA-256:9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007
        SHA-512:C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539
        Malicious:false
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341048370594526","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":151499},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):5859
        Entropy (8bit):5.251738276878318
        Encrypted:false
        SSDEEP:96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7DPj+Z:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhY
        MD5:75A66A1830948E018B70400DF9D18446
        SHA1:57ACB9BCA4C6D5C8D5BD96A031D4E34F33549DA6
        SHA-256:18CCDD2AB45715E641B0ECBF939EBC70B51F0DC53EFA4605A808EBA6CC1F87C0
        SHA-512:474665CC0CDF37D521C654B67CBAD21D47CDA6697E1136E65C7C750A852F839A718EB155DC3B663719F171897B3AAC8C5AE2A0716F96ED16F5EEA651E8439F80
        Malicious:false
        Preview:*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):330
        Entropy (8bit):5.163581441110038
        Encrypted:false
        SSDEEP:6:HHQd6G+q2PN72nKuAl9OmbzNMxIFUt8YHQd/Zmw+YHQdsd3VkwON72nKuAl9Ombg:n1vVaHAa8jFUt8k8/+kF5OaHAa84J
        MD5:C9D504357E145CF1B6ACDF359C6ECD5C
        SHA1:5AE443187DE4CB3F101DD8EC455C5B5B31809350
        SHA-256:D39364502A709F2DBEC76D6F3D19FE35CEE012E0082B429DE2768EC1FE46D6DE
        SHA-512:B85793B6484C0CEF6651AD6C5DD50F0038EAECB85F7CA77E2FBBBE35946603CF129E34196771BF9956754DAA29746F1E9E4BF0DB66CA589F27B9691B0F8A238D
        Malicious:false
        Preview:2024/11/20-15:20:30.834 1638 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/20-15:20:30.852 1638 Recovering log #3.2024/11/20-15:20:30.853 1638 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):330
        Entropy (8bit):5.163581441110038
        Encrypted:false
        SSDEEP:6:HHQd6G+q2PN72nKuAl9OmbzNMxIFUt8YHQd/Zmw+YHQdsd3VkwON72nKuAl9Ombg:n1vVaHAa8jFUt8k8/+kF5OaHAa84J
        MD5:C9D504357E145CF1B6ACDF359C6ECD5C
        SHA1:5AE443187DE4CB3F101DD8EC455C5B5B31809350
        SHA-256:D39364502A709F2DBEC76D6F3D19FE35CEE012E0082B429DE2768EC1FE46D6DE
        SHA-512:B85793B6484C0CEF6651AD6C5DD50F0038EAECB85F7CA77E2FBBBE35946603CF129E34196771BF9956754DAA29746F1E9E4BF0DB66CA589F27B9691B0F8A238D
        Malicious:false
        Preview:2024/11/20-15:20:30.834 1638 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/20-15:20:30.852 1638 Recovering log #3.2024/11/20-15:20:30.853 1638 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
        Category:dropped
        Size (bytes):71190
        Entropy (8bit):0.16213573475832596
        Encrypted:false
        SSDEEP:24:RmGaeIaBLU4DanIae+ePjIaMqHNaUysu25slbSutc:Aoo4MeD4qHBIyL
        MD5:6E1BE9FD4799C6A9823A8EEDCF02458D
        SHA1:215932F09CD82844D442FC978AF54DF91E3A7181
        SHA-256:4EA077925FF3A2E92408142576DAFE2C37547BCB8FE600C5DEAB5CE2E3B3CFEB
        SHA-512:02AF13F2C2EF1CB47F371B825B51FA708D16FBD1B87635619A12449EE8B00180EF520DDD817D361D926BD3F6D82910907334590D04F8FF962D5A3BEA98A8E2FA
        Malicious:false
        Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
        Category:dropped
        Size (bytes):86016
        Entropy (8bit):4.444666704782909
        Encrypted:false
        SSDEEP:384:ye6ci5tViBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:m+s3OazzU89UTTgUL
        MD5:8EA2E8FDC98C3838BB2659CE07276E8C
        SHA1:E1D1D20B21CBD9F2124DC302FA6F9A4A98EA32BD
        SHA-256:7210779B76EA945D7D02FF8646F661A9294F7AECA8DB6ADDAACBC39692DF617A
        SHA-512:4241BC055A484F17BCA0156078DEC5636A47204730D0B06CC8C0A15ACCEF0B6DD70AE2F20D3B105A054A8F181C9EE8E2B54D38658B1C241700D5B42C6F4749C0
        Malicious:false
        Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):3.7675126538278967
        Encrypted:false
        SSDEEP:48:7MsJioyVxioyxoy1C7oy16oy1fKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1O/:73Juxn+XjBiyb9IVXEBodRBkr
        MD5:681ED30877CA468537F6CF5979E3DBA6
        SHA1:B8FB09E77884263A20C8A96D1B7A160392611D93
        SHA-256:350E363374A906792CB5F2FF14FA6561A450F25F42D2FC86C9EF2B029A2EDD27
        SHA-512:9CDCC9FD17DBB92D89BB245155D2B186844D06B4A42EB4C10C363E425EDA1543E9D292F3E6CDF31C65C8F8C111563DAB6C0B38860CA9C648EF68BC517E5B48AE
        Malicious:false
        Preview:.... .c.....;j.1...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Certificate, Version=3
        Category:dropped
        Size (bytes):1391
        Entropy (8bit):7.705940075877404
        Encrypted:false
        SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
        MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
        SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
        SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
        SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
        Malicious:false
        Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
        Category:dropped
        Size (bytes):71954
        Entropy (8bit):7.996617769952133
        Encrypted:true
        SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
        MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
        SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
        SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
        SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
        Malicious:false
        Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):192
        Entropy (8bit):2.756901573172974
        Encrypted:false
        SSDEEP:3:kkFkl1qcsevfllXlE/HT8kjbNNX8RolJuRdxLlGB9lQRYwpDdt:kKLcseQT8IpNMa8RdWBwRd
        MD5:8C43418CEB9A2981D136609597605FF5
        SHA1:4D83406D6BD15CA649C8BC92D8ABF73F2F2A701F
        SHA-256:5C65CC98C8961F8F5199347467A143351337C88E5046F9F5FD72CA25EE4B09A3
        SHA-512:9328D10435BFF8CB2E38144D67A63E2A93E986BDCB5A1EE8B605ED0C368E20226C90BBF2A38DDCDC0D35FCE4F46AFDE730B861AC1E7416BCF9EB185527102615
        Malicious:false
        Preview:p...... ........F..;..(....................................................... ..........W....e...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:modified
        Size (bytes):328
        Entropy (8bit):3.2384888235734746
        Encrypted:false
        SSDEEP:6:kKx9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:oDImsLNkPlE99SNxAhUe/3
        MD5:43B11A1E2B3B675A95C399239A803707
        SHA1:E4AFAC7029415C76FCF145FA41BD4D29904FC56F
        SHA-256:4B5DF0A0241DCDB556F173335203FE060F5B6AF837BED53EEFBA67DA62513137
        SHA-512:6180FFFBCDAC743100F76A6068F51536811E5E67BEA813B86901BB1ABDC53C93D209A95FD52E3ABE2E2E5A82ACBB8165588ACC82FD4C36675F805084B012F83E
        Malicious:false
        Preview:p...... ........t..;..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):228345
        Entropy (8bit):3.389782163700774
        Encrypted:false
        SSDEEP:1536:qKPCWiyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCwJ/3AYvYwglFoL+sn
        MD5:B818E722BD4826732B5B51A764A2DEED
        SHA1:22ED095EE973AED3BA5C3A805FCE0174423E2352
        SHA-256:47BB6F65159447A89B1B0D8114D569458862C84A7A247A1032618E09AA86868F
        SHA-512:39E1BDDA3E02965A4B1C6AA287EA92B0612CC024F05C12AF0AFA521D08D99BDCE55B3FAD8880DCD40AC6F70D141DFB9CCDA9094ACA877972037AC2E73803E43B
        Malicious:false
        Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):295
        Entropy (8bit):5.361863663907271
        Encrypted:false
        SSDEEP:6:YEQXJ2HXFUTeVASGnZiQ0YueHqoAvJM3g98kUwPeUkwRe9:YvXKXFUT0Afc7eHZGMbLUkee9
        MD5:1F0096B5CCC8A2EA8B8C2295B6F3D197
        SHA1:963F309AA3E7AF9BD5D90F7DD3003A73C25A7787
        SHA-256:D84D55B6C3624D1AE13CEBB39EDD19628C462F0B13D4164426B7928AEA8AE9CB
        SHA-512:37709FA02D16FB30B695DD7B5F0AF25D671122535F63FCC1D4E78FD80A92B688D8D4A4B9BDA81FE5D99D760A99B22EE908A4286F6353B066EDD59EF18FC51C46
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"21655b48-3a6f-461d-b545-ab02ea66e095","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1732308941924,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.315307347581254
        Encrypted:false
        SSDEEP:6:YEQXJ2HXFUTeVASGnZiQ0YueHqoAvJfBoTfXpnrPeUkwRe9:YvXKXFUT0Afc7eHZGWTfXcUkee9
        MD5:6D90C86118F0EDDA0E9B66C5177FC9EB
        SHA1:31A7C7A13AFFF368F3FFBC97CB184670CAAFBD80
        SHA-256:89B8174D10151F81145A2F652EBC49D7B863BECCFB8B723ABC21CC69BD43ADB5
        SHA-512:5E722F6A4C417F8934F2C9C920FB6E124927AD1728DB8C8E02476DDA83F3EEDDF67130672E5F8AEA8888B5A65FB202C1C68F14CD360CD559681EF493D0F70D51
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"21655b48-3a6f-461d-b545-ab02ea66e095","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1732308941924,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.294793916718657
        Encrypted:false
        SSDEEP:6:YEQXJ2HXFUTeVASGnZiQ0YueHqoAvJfBD2G6UpnrPeUkwRe9:YvXKXFUT0Afc7eHZGR22cUkee9
        MD5:4B79731AF3E0F030008D8D8E072E47AE
        SHA1:A13AB4B61A92942A0A88B19A9D740356DA2AF8CC
        SHA-256:BEEC80E605153F469B4010E43CCFE059938D4805CC44FBDF553176DBFD08ECA0
        SHA-512:34CEA048C6AD840B42619DE8D9143B31CEE072DB1D4EF67A0C64255D5F286959A021036FDA1A9CBC720B4EC723E087691724BF77D960E14C614C71DA27AF2DEE
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"21655b48-3a6f-461d-b545-ab02ea66e095","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1732308941924,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):285
        Entropy (8bit):5.341833617732263
        Encrypted:false
        SSDEEP:6:YEQXJ2HXFUTeVASGnZiQ0YueHqoAvJfPmwrPeUkwRe9:YvXKXFUT0Afc7eHZGH56Ukee9
        MD5:2DB9A7A0ABCDF932CD8F3707DA4ED450
        SHA1:5755F0050E0770605822FA85F113A685908123C4
        SHA-256:16BB93A132A8B52DEB5A87240CBDA9357208B14AB04020BE492AC0B9DDC7EAE1
        SHA-512:BF6A0E4395E6C12FA534C5B264D5032F88E63F15C87959C8F78EA1FE1B9C1778313CBFBCF6A853865D40FD2A3F9EA73177A5AC83C1DFB7AC165DD989412D2493
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"21655b48-3a6f-461d-b545-ab02ea66e095","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1732308941924,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1123
        Entropy (8bit):5.68620119280731
        Encrypted:false
        SSDEEP:24:Yv6XKEiepLgE9cQx8LennAvzBvkn0RCmK8czOCCSQ:Yv7Whgy6SAFv5Ah8cv/Q
        MD5:711D065A23A8FFC0318EA542C90DC9F0
        SHA1:FCA8A8AC26BA882EC3073E37DBFA928617645FD6
        SHA-256:DFEB7674A8FAB69BBA4E947D22BFDD0922221E8F0354B1CE7BF75FFFC663547F
        SHA-512:07CE0CDB7987DF5BB23984729EBFAA9992C7F663C030C44CF6176A7DCB8ED23C7070DD307CA8F245B8B610558FCF109B2F187294D8DBF3261914E93B922063B3
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"21655b48-3a6f-461d-b545-ab02ea66e095","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1732308941924,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1122
        Entropy (8bit):5.679242819722049
        Encrypted:false
        SSDEEP:24:Yv6XKEiIVLgEwcp06ybnAvz7xHn0RCmK8czOCYHfl8zdB5:Yv7gFgSNycJUAh8cvYHe
        MD5:638B94438BD23F67945DF66615B468ED
        SHA1:D2FE8C9403E385D79124287A980858406ACEAF31
        SHA-256:BD9C89394A09387B78BF297D68F6528F2BD39C27B2F7B820DD1A68CF96304D00
        SHA-512:AA9BEA7C39DA80ADCD5446C4FDBD977816411A3A1E2CE76B99E296642B3B59AA0AA11165A80B680BE78CC07A554BD2A5C4EB0A50180AD4FDD3768C5EFBDE1119
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"21655b48-3a6f-461d-b545-ab02ea66e095","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1732308941924,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_0","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"1aad653c-ef44-43f7-be1c-3a2ba2cf2cfc","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuIFBERiBmb3JtcyAmIGFncmVlbWVudHMuIn0sInRjY
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.295582919981737
        Encrypted:false
        SSDEEP:6:YEQXJ2HXFUTeVASGnZiQ0YueHqoAvJfQ1rPeUkwRe9:YvXKXFUT0Afc7eHZGY16Ukee9
        MD5:224A64DA96967F1D334191C685BDDF63
        SHA1:B9A63C7AC8528005CA0EA4E59258821EB4FA3607
        SHA-256:547500E9C847575FA8EF1D0A11D364C723A615F87BDA07FD956E61D8FAFD9376
        SHA-512:DEF4F1BD7DC07A68751E0C641AAB1BA1DCFC980EA95303C1D3FFB3EB0FA9D71096F8F1978F5E6C7AE604787BFDF623AEE939AFC111CEAE626A038ED3A43F33FB
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"21655b48-3a6f-461d-b545-ab02ea66e095","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1732308941924,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1102
        Entropy (8bit):5.671157823615683
        Encrypted:false
        SSDEEP:24:Yv6XKEiN2LgErcXWl7y0nAvzIBcSJCBViV5:Yv7FogH47yfkB5kVQ
        MD5:D902ED2F0B9B85EA4DCBE81B71BFFD9E
        SHA1:7C5C730C868A7DB02F1E9F306E55E626E8C82FE8
        SHA-256:CB638408DB569FD726C9201E1B4538779540461DD31D341E59F5CEEE4B30FB01
        SHA-512:46FBDFD90031884034F7FE305FE63402ECE6C35B2A302C8AFE3E1C86AB47D9C841E6C822459FE9C9D0E70FFBAD179609C1B51979898D07D0CBB7759D8D5B119E
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"21655b48-3a6f-461d-b545-ab02ea66e095","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1732308941924,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_1","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"533ab5eb-b236-4889-89a5-ac002261d71e","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkVkaXRQREZSZHJBcHBGdWxsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTRweCIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTJweCIsImZvbnRfc3R5bGUiOiItMSJ9LCJ0aXRsZSI6bnVsbCwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiJ9LCJ0Y2F0SWQiOm51bGx9","da
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1164
        Entropy (8bit):5.698265400313611
        Encrypted:false
        SSDEEP:24:Yv6XKEilKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK55:Yv7tEgqprtrS5OZjSlwTmAfSKf
        MD5:177F86671A2448A1EEC0B22F69E4AE4A
        SHA1:DFC02777EC87B3A5679FD8B85FC1D6711664DF21
        SHA-256:B8AA5D8BCE15550D7D68A09388220997F0DD1193EDB9BC3116162863E6642495
        SHA-512:286F11D033CF6A91CE6E7C436513C30044BC2B51BFB031A19ADCA9AE70A6B2DD2F30392D3BA54045FBFDB2CAC095DC0B9DE531E481ECFA34C487071524E2F49C
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"21655b48-3a6f-461d-b545-ab02ea66e095","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1732308941924,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.2989797470768165
        Encrypted:false
        SSDEEP:6:YEQXJ2HXFUTeVASGnZiQ0YueHqoAvJfYdPeUkwRe9:YvXKXFUT0Afc7eHZGg8Ukee9
        MD5:3739FA7A0CFC0EAA75E80EA713796CDD
        SHA1:6332B43BCAA1AED134E6813745568E5BD0CC5B2E
        SHA-256:110B5238F9BE7C333188D5EFEFF2812F601E7ABB1E18E6F3F77E9F56AB553288
        SHA-512:09A449EB98B30399CE6547EBC0E79C58F81175393A5DEA3E9664D77719D88E610A691ADC2E4FFDA2320D663E2F5E07E155F14EC025B9678182FE4CBAC813633E
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"21655b48-3a6f-461d-b545-ab02ea66e095","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1732308941924,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):284
        Entropy (8bit):5.285311148627979
        Encrypted:false
        SSDEEP:6:YEQXJ2HXFUTeVASGnZiQ0YueHqoAvJf+dPeUkwRe9:YvXKXFUT0Afc7eHZG28Ukee9
        MD5:6380C46CE02317243BD57C7DEEA00DB2
        SHA1:6719483D34DD3A1060102CE27BA96B74975E050A
        SHA-256:66298866123CE750241331E908699515FCB6F57A9C6895603A73A60AEC9FF742
        SHA-512:8910CD4CFB9E0B23AEA2768373F18FEA807173DC06AC173D22272CEB3DDDB83739B574A55EA50CE8D91D728B1465FF19435F8A1224D360CB2C426A2C15C16FE6
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"21655b48-3a6f-461d-b545-ab02ea66e095","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1732308941924,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):291
        Entropy (8bit):5.282533856798262
        Encrypted:false
        SSDEEP:6:YEQXJ2HXFUTeVASGnZiQ0YueHqoAvJfbPtdPeUkwRe9:YvXKXFUT0Afc7eHZGDV8Ukee9
        MD5:E8D497F58BD7C874E785D0599339EDDF
        SHA1:471664FC1ED30E30ECEF84F91F9308D66A55F220
        SHA-256:440364026EF74E8B6138C3CA3F791DE91E38A9A4E7FEED4C591EF02709E3A476
        SHA-512:917D98F365BFC6F253DAF3AC3537FA9AC074BF71B87E94884E59F7ADA353F4BBBEE1F5213F3CD50CED5BDE6FE75AF63001750796DE9D78B741C9BCA2FA167931
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"21655b48-3a6f-461d-b545-ab02ea66e095","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1732308941924,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):287
        Entropy (8bit):5.286196920874722
        Encrypted:false
        SSDEEP:6:YEQXJ2HXFUTeVASGnZiQ0YueHqoAvJf21rPeUkwRe9:YvXKXFUT0Afc7eHZG+16Ukee9
        MD5:EB7C6CEC04A8C2A9F8D2076844AAB0A7
        SHA1:D24F2592BD15E52DF1646C967FB2195FF8E4A198
        SHA-256:79450749391CD46ACEE035A4CF9AE20A765415E16D47336B52B898466CB00237
        SHA-512:A83A5F079A5F6ABC434AFDFF8B6DB7DDB95E39E6966ABFC278F5898A7CF958C2ED68E7ADBE06BAE0B0CD4649685477B475F187CDE941148755DB5EB1AA4C5095
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"21655b48-3a6f-461d-b545-ab02ea66e095","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1732308941924,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1090
        Entropy (8bit):5.661359120953006
        Encrypted:false
        SSDEEP:24:Yv6XKEiCamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSQ:Yv7EBgkDMUJUAh8cvMQ
        MD5:CFAF9B5BC112D3CD535AC3A0D971BB78
        SHA1:B6434A627EDE0DEB8F0DE1C1D27091158A1F16A4
        SHA-256:9D3EC6E4E455FA945069BFDC8E202DC138EABF63A5D4ABF69981C5F188D885EE
        SHA-512:5FAA9E082FE88B9051DDCA767B9E27065F3779E8702B811FEFF81FBEA20D435B446C3DE5179157D57617FFA52A21254CA51E0962A75FECBDCCBBA3C3FEA85B5F
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"21655b48-3a6f-461d-b545-ab02ea66e095","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1732308941924,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):286
        Entropy (8bit):5.263824654894297
        Encrypted:false
        SSDEEP:6:YEQXJ2HXFUTeVASGnZiQ0YueHqoAvJfshHHrPeUkwRe9:YvXKXFUT0Afc7eHZGUUUkee9
        MD5:771CAA7972D685A65684DA40BD8104A1
        SHA1:DB0E74AAD13A5FB76229EB3268544D98FEF00086
        SHA-256:E5B41F6FFF7E2CA34B54D071D009F7457784D69669194F872DD31EB1A2F34192
        SHA-512:E8AC761C94ABFBD7C49E2026ABBD5E7AA610A685C3F8A2E940E202006983CCAA2C510F95D50FA1E845F243856D1BFBB3D22B4FBBD1E3FBB6984906D4F62671CF
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"21655b48-3a6f-461d-b545-ab02ea66e095","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1732308941924,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):782
        Entropy (8bit):5.364778918173654
        Encrypted:false
        SSDEEP:12:YvXKXFUT0Afc7eHZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWAF8:Yv6XKEiV168CgEXX5kcIfANhQ
        MD5:988E36374D8F70773FDC5446B0B0EB20
        SHA1:8BB5C52312DBA08E2E8C866186A493F5A4C472DE
        SHA-256:9A1A1F88ABFA7C79099000FAA57E0016D49123B53120E0A2ACC8AFBCE274E2EA
        SHA-512:4EA128A5D44F1D73D6CC0508770FA4D188E45CE3A7C69648D146C81882A76ED4118A9A4CDAE1CD3F6F14EC44CA3AC054115312517621049511826CB8ECE2EEB6
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"21655b48-3a6f-461d-b545-ab02ea66e095","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1732308941924,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1732134041958}}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):4
        Entropy (8bit):0.8112781244591328
        Encrypted:false
        SSDEEP:3:e:e
        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
        Malicious:false
        Preview:....
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):2817
        Entropy (8bit):5.130512155031236
        Encrypted:false
        SSDEEP:48:YyPGZJlBENdeWorrWGwjnFGgTO4VoDn9dBq:JPa5EWWov6xTv6jq
        MD5:29003D79EA67827588485D443CBB5639
        SHA1:3CB03970D201F3F4CC3771A30E3EADCD4B45823C
        SHA-256:B380FD4160A4F7DC9792FD445FA0C109ED4F5846D1EC28D644A85FF1333D59F2
        SHA-512:525D902C98DA3C9233AA4F84A23DBB84F9B6CC98BEB308C8A1FCC6223A0ADD5D55019A2B4D1B8ECCBE751683C7FC3E933B6E80DAB28DB6B9C306C14ED8F9AC3B
        Malicious:false
        Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"ed690c2d43eba698a201917773df4eaa","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1122,"ts":1732134041000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"ae621eeb62dbb8859a7eb296e3f5134f","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1732134041000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"ff4c16de9b8e404da8cb1800f3d05f61","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1732134041000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"508d58bb48c100f8691aa252c53d3b9d","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1732134041000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"e328102ae46383161b267d24f714e554","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1102,"ts":1732134041000},{"id":"Edit_InApp_Aug2020","info":{"dg":"48332fa74e010e4f524153b02cf488d9","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
        Category:dropped
        Size (bytes):12288
        Entropy (8bit):1.146337089566392
        Encrypted:false
        SSDEEP:24:TLhx/XYKQvGJF7ursm9RZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcZ:TFl2GL7msmhXc+XcGNFlRYIX2v3kFX
        MD5:1DDF761E0C34A17498821F281BB58A3F
        SHA1:1739461A25C622EC10295D6320275D1EFB63CA8C
        SHA-256:687F9988AC451A4D469FBD16CA804F2140BAE76D7B7C470358E243DF24216E19
        SHA-512:B4793371A7479AD530A4BED5DF20085B3FDA105DFF5FA63FDFF31698D59EBD221B8A609C5472E17ABF8AB639B2062DB096648D9EF39AD14BE0A36888F67EDD6E
        Malicious:false
        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):1.5520607764940952
        Encrypted:false
        SSDEEP:24:7+tY/G9UXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxzqLxx/Xn:7MYG+Xc+XcGNFlRYIX2vKqVl2GL7msR
        MD5:FB11B8B69E72BACFB134B66E6D028A13
        SHA1:819D30652BD1E87287CE9798CE27E3CAC730E284
        SHA-256:DBD29D8BEB008769F8961D0D336761B72F150C2C5E7AA4D8D7B6783AD98BD633
        SHA-512:A02F8843D4309704DD02893EE86461F0363D853FCE37003862F8276B11F6CE44D48E5FB30129A24A475C3D5A491C78E654E4416F7203959D8D430144340D68AE
        Malicious:false
        Preview:.... .c.....`..N..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b.b.b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):66726
        Entropy (8bit):5.392739213842091
        Encrypted:false
        SSDEEP:768:RNOpblrU6TBH44ADKZEgmjblB7tUcUOQVnk7GL8ARK3eYyu:6a6TZ44ADEibmcEnk79ARK
        MD5:2F7CB3E762CB3B5A9A9D55F55E5DC06F
        SHA1:D86C840CC9FCBA4E5B97069E37C3FC2377D8FAB5
        SHA-256:75B2B4A02DBB6733E1CC9DD9FE3FC68FAB5A2B74A309BF61C86B68006E8669EF
        SHA-512:3A3D348280C1E7BF09106E1477CF17FBC5861C8792C9789E9A656E2459B9A6334505AE1DF33DDA5FAD8837EDFD7372E9551625A76EC8B65BA762579773250C39
        Malicious:false
        Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
        Category:dropped
        Size (bytes):246
        Entropy (8bit):3.5097251598291805
        Encrypted:false
        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8QOOlvWbH:Qw946cPbiOxDlbYnuRKZOOgz
        MD5:A34A7CEBAA34F29208F347EBF67C98E0
        SHA1:B5E717BA177F58DA60638255506467E8B0FBB73F
        SHA-256:421ACB6D6816CBAD835B54E846693DDE1C337A83EFF376E1AD28DA2DBEA17936
        SHA-512:E1BCF495397C5F9EFBE8F50DC7140939A7EF07E610794CB4400BD80419507446735ACF442CD5E23590BFA2157008AEDFEA6857E492E90F1826219FBF1CC3A19A
        Malicious:false
        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.0./.1.1./.2.0.2.4. . .1.5.:.2.0.:.3.7. .=.=.=.....
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393)
        Category:dropped
        Size (bytes):16525
        Entropy (8bit):5.338264912747007
        Encrypted:false
        SSDEEP:384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
        MD5:128A51060103D95314048C2F32A15C66
        SHA1:EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
        SHA-256:601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
        SHA-512:55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
        Malicious:false
        Preview:SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393), with CRLF line terminators
        Category:dropped
        Size (bytes):15113
        Entropy (8bit):5.347842766944498
        Encrypted:false
        SSDEEP:384:Hgpt4VBMyEA77Ugw41SBaoD5IwT8COqWn6VTBHDBUf4wzRH/s2b+CuI5YhEy0B6D:njQ
        MD5:174153EBC27FB9D82F733C2B41A69DA9
        SHA1:624028036238449D3D320921132923FE77A8B3EA
        SHA-256:78CC455AF6AE4A867467EA5C12F516F083795945466A206D23A901D9387C00CB
        SHA-512:47ACAE252B72B73F439F81E318B71BED384DFDD70BCA8155FF1EA1E94940A09415460BCE074FD84ED1C6AB2679486C9D033CE4669DF0ADE1081B854600F9462E
        Malicious:false
        Preview:SessionID=651ebcd5-798e-4572-8109-cc079fba62ae.1732134032709 Timestamp=2024-11-20T15:20:32:709-0500 ThreadID=7488 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=651ebcd5-798e-4572-8109-cc079fba62ae.1732134032709 Timestamp=2024-11-20T15:20:32:717-0500 ThreadID=7488 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=651ebcd5-798e-4572-8109-cc079fba62ae.1732134032709 Timestamp=2024-11-20T15:20:32:717-0500 ThreadID=7488 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=651ebcd5-798e-4572-8109-cc079fba62ae.1732134032709 Timestamp=2024-11-20T15:20:32:717-0500 ThreadID=7488 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=651ebcd5-798e-4572-8109-cc079fba62ae.1732134032709 Timestamp=2024-11-20T15:20:32:717-0500 ThreadID=7488 Component=ngl-lib_NglAppLib Description="SetConf
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):29752
        Entropy (8bit):5.391577204459224
        Encrypted:false
        SSDEEP:192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbVcbKjIzxcbR:V3fOCIdJDen0z+
        MD5:C1C9507B0A7108C101A2D48C5BCCCEE0
        SHA1:D81FDC460C205F4A5886AEB13AF387A103F1318F
        SHA-256:9DB4767C17B53515B0B60B68D05A23AB0A12B61769BD957CFE08D24AB3D31976
        SHA-512:34161F20AA3AB81291D05D2A24DB59C70B324CC78D2FEB07E418F3574949E86AAD56E2175E4C2760BF581C11B5B713EB61393DFA5C72619A1EAA4301122543C4
        Malicious:false
        Preview:05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
        Category:dropped
        Size (bytes):1407294
        Entropy (8bit):7.97605879016224
        Encrypted:false
        SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
        MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
        SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
        SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
        SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
        Category:dropped
        Size (bytes):386528
        Entropy (8bit):7.9736851559892425
        Encrypted:false
        SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
        MD5:5C48B0AD2FEF800949466AE872E1F1E2
        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
        Malicious:false
        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
        Category:dropped
        Size (bytes):758601
        Entropy (8bit):7.98639316555857
        Encrypted:false
        SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
        MD5:3A49135134665364308390AC398006F1
        SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
        SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
        SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
        Malicious:false
        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
        Category:dropped
        Size (bytes):1419751
        Entropy (8bit):7.976496077007677
        Encrypted:false
        SSDEEP:24576:/M7ouWLYZwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLYZwZGuGZn3mlind9i4ufFXpAXkru
        MD5:EC8D4FAB55F24C0E344D263724846C4A
        SHA1:5444D90F86D68A23AF7FB5434DEAE740D57D0312
        SHA-256:E489C11D38BFF8F1F51351BAEBEE9F723A5C036DA0B0CB9C82306251017054EE
        SHA-512:21018FD299944987654C202779C8E0185815868DE7179B814F145573EE8D45ACC33CA7E008CB23774C473DD7939E9D7D7C2E5A14E31D5EC62F7BFFDBBAB41F9A
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
        File type:PDF document, version 1.6 (zip deflate encoded)
        Entropy (8bit):7.98379941068753
        TrID:
        • Adobe Portable Document Format (5005/1) 100.00%
        File name:Exhibit 7 - Catalogue Mattress-Jan 2024.pdf
        File size:919'402 bytes
        MD5:225d43650452e5075fc72fe303f9b41f
        SHA1:d988b73f991791033b730acc56712312fcb1971e
        SHA256:81a2b59d4267a52ebd7ac6994e1299b4bc65c8ce6181beaa213a211004dc543f
        SHA512:90923d1697f219f62029f913fb58bef6f32da4d276d0e8e3385a582c45d6b7b6243eef4752c5fb4f2b07dba106e4561513fb55830df248cda4af65c2e5d37900
        SSDEEP:24576:NAr+c2qedkh39P0huIiJPpLiqpGaGN3rv4dqwkDilr+d:3qSo39P0huDiqpGlruqDilrS
        TLSH:3015236F8589C0CC45B087C4B7078DE59645B3EFEA849DBBB25F0A8B2F52C16DC42D68
        File Content Preview:%PDF-1.6.%......313 0 obj.<</Filter/FlateDecode/First 6/Length 197/N 1/Type/ObjStm>>stream..h.T....0...W...B..... .7*..]...Q..1U..."...q..H$.l6...;!..zX.*..S./.i.u...7..C.(g.-....J.S!D&.Df|........B....].......;"...D......`.._..4...+..M....k.@..5)..9.Q...
        Icon Hash:62cc8caeb29e8ae0

        General

        Header:%PDF-1.6
        Total Entropy:7.983799
        Total Bytes:919402
        Stream Entropy:7.997456
        Stream Bytes:886818
        Entropy outside Streams:4.554735
        Bytes outside Streams:32584
        Number of EOF found:1
        Bytes after EOF:
        NameCount
        obj73
        endobj73
        stream55
        endstream55
        xref0
        trailer0
        startxref1
        /Page0
        /Encrypt0
        /ObjStm12
        /URI0
        /JS0
        /JavaScript0
        /AA0
        /OpenAction0
        /AcroForm1
        /JBIG2Decode0
        /RichMedia0
        /Launch0
        /EmbeddedFile0

        Image Streams

        IDDHASHMD5Preview
        167969696961717330f33650148db566b56fcec7a991fbbbe92
        168969696961717330f4c132a236ed2f5f9368e5a436f588bc1
        1690000000000000000b3e04b4125453a2a1b043b77df891ac4
        17000000000000000001186aba7b99902473f07153422690178
        17100000000000000002d98cac913a56b7ad54ace7bc19a772e
        TimestampSource PortDest PortSource IPDest IP
        Nov 20, 2024 21:20:40.516932964 CET5613953192.168.2.61.1.1.1
        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Nov 20, 2024 21:20:40.516932964 CET192.168.2.61.1.1.10xd226Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Nov 20, 2024 21:20:40.854211092 CET1.1.1.1192.168.2.60xd226No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
        Nov 20, 2024 21:20:42.694155931 CET1.1.1.1192.168.2.60xb857No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:42.694155931 CET1.1.1.1192.168.2.60xb857No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:55.711724043 CET1.1.1.1192.168.2.60x885dNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
        Nov 20, 2024 21:20:55.711724043 CET1.1.1.1192.168.2.60x885dNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
        Nov 20, 2024 21:21:18.945086002 CET1.1.1.1192.168.2.60x606cNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
        Nov 20, 2024 21:21:18.945086002 CET1.1.1.1192.168.2.60x606cNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

        Click to jump to process

        Click to jump to process

        Click to dive into process behavior distribution

        Click to jump to process

        Target ID:0
        Start time:15:20:28
        Start date:20/11/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Exhibit 7 - Catalogue Mattress-Jan 2024.pdf"
        Imagebase:0x7ff651090000
        File size:5'641'176 bytes
        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        Target ID:2
        Start time:15:20:29
        Start date:20/11/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
        Imagebase:0x7ff70df30000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        Target ID:4
        Start time:15:20:30
        Start date:20/11/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1596,i,9765931501288519504,15496460262962559114,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        Imagebase:0x7ff70df30000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        No disassembly