Edit tour

Windows Analysis Report
17455269731333_5868091.pdf

Overview

General Information

Sample name:17455269731333_5868091.pdf
Analysis ID:1674444
MD5:5b18cafae3ec36c301be7b5c1acb6015
SHA1:d128870f57c0bc4a71ad6d39ead577bc2f203065
SHA256:d0b3cddb56ecc5e3c54d84cabae6f9aa0d9dc8c47e4e349342a923b820a50e58
Infos:

Detection

Score:1
Range:0 - 100
Confidence:80%

Signatures

Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • Acrobat.exe (PID: 6284 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\17455269731333_5868091.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6864 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 5632 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1604 --field-trial-handle=1552,i,7504916880486007724,13014692017979247921,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.7:49685 -> 184.29.21.112:80
Source: global trafficTCP traffic: 192.168.2.7:49685 -> 184.29.21.112:80
Source: global trafficTCP traffic: 184.29.21.112:80 -> 192.168.2.7:49685
Source: global trafficTCP traffic: 192.168.2.7:49685 -> 184.29.21.112:80
Source: global trafficTCP traffic: 192.168.2.7:49685 -> 184.29.21.112:80
Source: global trafficTCP traffic: 184.29.21.112:80 -> 192.168.2.7:49685
Source: global trafficTCP traffic: 184.29.21.112:80 -> 192.168.2.7:49685
Source: global trafficTCP traffic: 184.29.21.112:80 -> 192.168.2.7:49685
Source: global trafficTCP traffic: 192.168.2.7:49685 -> 184.29.21.112:80
Source: global trafficTCP traffic: 192.168.2.7:49685 -> 184.29.21.112:80
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: ReaderMessages.0.drString found in binary or memory: https://www.adobe.co
Source: 17455269731333_5868091.pdfString found in binary or memory: https://www.findmassmoney.gov
Source: 17455269731333_5868091.pdfString found in binary or memory: https://www.findmassmoney.gov/app/holder/outreach/correspondence
Source: classification engineClassification label: clean1.winPDF@15/49@1/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6492Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-25 14-58-06-944.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\17455269731333_5868091.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1604 --field-trial-handle=1552,i,7504916880486007724,13014692017979247921,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1604 --field-trial-handle=1552,i,7504916880486007724,13014692017979247921,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 17455269731333_5868091.pdfInitial sample: PDF keyword /JS count = 0
Source: 17455269731333_5868091.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: 17455269731333_5868091.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution
Path Interception1
Process Injection
1
Masquerading
OS Credential Dumping1
System Information Discovery
Remote ServicesData from Local System2
Non-Application Layer Protocol
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer
Automated ExfiltrationData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1674444 Sample: 17455269731333_5868091.pdf Startdate: 25/04/2025 Architecture: WINDOWS Score: 1 14 x1.i.lencr.org 2->14 16 e8652.dscx.akamaiedge.net 2->16 18 2 other IPs or domains 2->18 7 Acrobat.exe 20 70 2->7         started        process3 process4 9 AcroCEF.exe 108 7->9         started        dnsIp5 20 e8652.dscx.akamaiedge.net 184.29.21.112, 49685, 80 AKAMAI-ASN1EU United States 9->20 12 AcroCEF.exe 6 9->12         started        process6

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://www.findmassmoney.gov0%Avira URL Cloudsafe
https://www.findmassmoney.gov/app/holder/outreach/correspondence0%Avira URL Cloudsafe

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    high
    e8652.dscx.akamaiedge.net
    184.29.21.112
    truefalse
      high
      x1.i.lencr.org
      unknown
      unknownfalse
        high
        NameMaliciousAntivirus DetectionReputation
        http://x1.i.lencr.org/false
          high
          NameSourceMaliciousAntivirus DetectionReputation
          https://www.findmassmoney.gov17455269731333_5868091.pdffalse
          • Avira URL Cloud: safe
          unknown
          https://www.adobe.coReaderMessages.0.drfalse
            high
            https://www.findmassmoney.gov/app/holder/outreach/correspondence17455269731333_5868091.pdffalse
            • Avira URL Cloud: safe
            unknown
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            184.29.21.112
            e8652.dscx.akamaiedge.netUnited States
            20940AKAMAI-ASN1EUfalse
            Joe Sandbox version:42.0.0 Malachite
            Analysis ID:1674444
            Start date and time:2025-04-25 20:57:07 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 4m 0s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowspdfcookbook.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:15
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:17455269731333_5868091.pdf
            Detection:CLEAN
            Classification:clean1.winPDF@15/49@1/1
            Cookbook Comments:
            • Found application associated with file extension: .pdf
            • Found PDF document
            • Close Viewer
            • Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 23.194.100.185, 162.159.61.3, 172.64.41.3, 52.202.204.11, 23.22.254.206, 52.5.13.197, 54.227.187.23, 199.232.210.172, 23.209.84.27, 23.209.84.16, 23.209.84.40, 23.209.84.12, 23.209.84.32, 23.209.84.22, 23.209.84.14, 23.209.84.24, 23.209.84.25, 23.209.84.71, 23.209.84.4, 23.209.84.77, 23.209.84.83, 23.209.84.76, 23.209.84.11, 107.22.247.231, 23.202.56.131, 20.12.23.50, 184.29.183.29
            • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, c.pki.goog, wu-b-net.trafficmanager.net
            • Not all processes where analyzed, report is missing behavior information
            • Report size exceeded maximum capacity and may have missing behavior information.
            TimeTypeDescription
            14:58:13API Interceptor2x Sleep call for process: AcroCEF.exe modified
            No context
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            e8652.dscx.akamaiedge.netInvitation de proposition - Krispy Kernels.pdfGet hashmaliciousHTMLPhisherBrowse
            • 23.202.57.36
            Coterra-Employee-Handbook.pdfGet hashmaliciousInvisible JS, Tycoon2FABrowse
            • 23.202.57.36
            https://secure.dhlguestmanagement.com/eventdata/10690/PublicFiles/2025%20Tentative%20Agenda_Indy500%20VIP%20Weekend.pdfGet hashmaliciousUnknownBrowse
            • 23.202.57.36
            Invoice_L38-508601_AeroSpark_Technologies.pdfGet hashmaliciousHTMLPhisherBrowse
            • 23.202.57.36
            FW+GHI+Contracts+Holdings+Ltd+-+GHI+Contracts+Holdings+Ltd+555454565767675.emlGet hashmaliciousUnknownBrowse
            • 23.202.57.36
            Invitation de proposition - Groupe LR.pdfGet hashmaliciousHTMLPhisherBrowse
            • 23.202.57.36
            password-expire.pdfGet hashmaliciousUnknownBrowse
            • 23.202.57.36
            Review Document for Fortiustex 240425 8.pdfGet hashmaliciousUnknownBrowse
            • 23.202.57.36
            new.batGet hashmaliciousKoadicBrowse
            • 184.28.253.105
            Manuel Docusign scan01_2025.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
            • 23.73.185.64
            bg.microsoft.map.fastly.netNebulixClient.exeGet hashmaliciousUnknownBrowse
            • 199.232.214.172
            Invitation de proposition - Krispy Kernels.pdfGet hashmaliciousHTMLPhisherBrowse
            • 199.232.214.172
            Coterra-Employee-Handbook.pdfGet hashmaliciousInvisible JS, Tycoon2FABrowse
            • 199.232.210.172
            random.exeGet hashmaliciousAmadey, Credential Flusher, Healer AV Disabler, LummaC StealerBrowse
            • 199.232.210.172
            NEW ORDER.jsGet hashmaliciousXWormBrowse
            • 199.232.214.172
            https://secure.dhlguestmanagement.com/eventdata/10690/PublicFiles/2025%20Tentative%20Agenda_Indy500%20VIP%20Weekend.pdfGet hashmaliciousUnknownBrowse
            • 199.232.214.172
            Invoice_L38-508601_AeroSpark_Technologies.pdfGet hashmaliciousHTMLPhisherBrowse
            • 199.232.210.172
            SeleniumVBA (1).xlsmGet hashmaliciousUnknownBrowse
            • 199.232.210.172
            FW+GHI+Contracts+Holdings+Ltd+-+GHI+Contracts+Holdings+Ltd+555454565767675.emlGet hashmaliciousUnknownBrowse
            • 199.232.214.172
            AWB#5305323204643.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
            • 199.232.210.172
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            AKAMAI-ASN1EUhttp://www.icicibank.com/customer-care.page?Get hashmaliciousUnknownBrowse
            • 23.62.226.177
            Invitation de proposition - Krispy Kernels.pdfGet hashmaliciousHTMLPhisherBrowse
            • 23.62.226.164
            Coterra-Employee-Handbook.pdfGet hashmaliciousInvisible JS, Tycoon2FABrowse
            • 23.202.56.131
            http://studio11design-invoice-jeff.us-mia-1.linodeobjects.com/studio11design.htmlGet hashmaliciousTycoon2FABrowse
            • 172.233.160.187
            https://monitor.clickcease.com/tracker/tracker.aspx?id=s88HWTUdrGJXaT&kw=pest%20control%20houston&nw=g&url=https://ujryrhdkdokmxq.metrogeriatric.it.com/AXs16/?e=nas@nancyspector.netGet hashmaliciousHTMLPhisherBrowse
            • 23.62.226.164
            https://su9er-we11ness923049.tonnement.de/pdHye/Get hashmaliciousHTMLPhisherBrowse
            • 23.62.226.164
            https://secure.dhlguestmanagement.com/eventdata/10690/PublicFiles/2025%20Tentative%20Agenda_Indy500%20VIP%20Weekend.pdfGet hashmaliciousUnknownBrowse
            • 23.202.57.36
            Invoice_L38-508601_AeroSpark_Technologies.pdfGet hashmaliciousHTMLPhisherBrowse
            • 23.202.57.36
            FW+GHI+Contracts+Holdings+Ltd+-+GHI+Contracts+Holdings+Ltd+555454565767675.emlGet hashmaliciousUnknownBrowse
            • 23.55.241.177
            https://voiceoversecure.divineblizzsystems.com&d=DwMGaQGet hashmaliciousUnknownBrowse
            • 23.55.241.155
            No context
            No context
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):300
            Entropy (8bit):5.257546843577469
            Encrypted:false
            SSDEEP:6:iOR6XHMq2PcNwi2nKuAl9OmbnIFUtD6XWZmw96XqkwOcNwi2nKuAl9OmbjLJ:7R6cvLZHAahFUtD6G/96654ZHAaSJ
            MD5:442160373D209AD8F93777E05262F3F2
            SHA1:3E93E6142D7C50E547B8891506C926020817CAAE
            SHA-256:FAF5EF63009A1F20E0CBCA47E53F0B9E68DED6A7D9C11233DF8508D77D9FDD28
            SHA-512:29DD265E31623D4EAB39A9A5FDD08B3B2547D0C12F518070A0400B7AAC20B915AC238CDAB67513DEAA9AF349F25A8607B53934B27AD707D686BD58E507C29C68
            Malicious:false
            Reputation:low
            Preview:2025/04/25-14:58:05.691 1b24 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/25-14:58:05.694 1b24 Recovering log #3.2025/04/25-14:58:05.694 1b24 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):300
            Entropy (8bit):5.257546843577469
            Encrypted:false
            SSDEEP:6:iOR6XHMq2PcNwi2nKuAl9OmbnIFUtD6XWZmw96XqkwOcNwi2nKuAl9OmbjLJ:7R6cvLZHAahFUtD6G/96654ZHAaSJ
            MD5:442160373D209AD8F93777E05262F3F2
            SHA1:3E93E6142D7C50E547B8891506C926020817CAAE
            SHA-256:FAF5EF63009A1F20E0CBCA47E53F0B9E68DED6A7D9C11233DF8508D77D9FDD28
            SHA-512:29DD265E31623D4EAB39A9A5FDD08B3B2547D0C12F518070A0400B7AAC20B915AC238CDAB67513DEAA9AF349F25A8607B53934B27AD707D686BD58E507C29C68
            Malicious:false
            Reputation:low
            Preview:2025/04/25-14:58:05.691 1b24 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/25-14:58:05.694 1b24 Recovering log #3.2025/04/25-14:58:05.694 1b24 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):344
            Entropy (8bit):5.180376615485061
            Encrypted:false
            SSDEEP:6:iOR6XLXF3cM+q2PcNwi2nKuAl9Ombzo2jMGIFUtD6XKJZmw96XXOocMVkwOcNwiV:7R6TqM+vLZHAa8uFUtD6k/966MV54ZHA
            MD5:D5291B4667A13B98BF1CC5DC0DD8AAE9
            SHA1:BDB2E6B3E30827DC21B108109B5E49F3500248DB
            SHA-256:C4900E885D9BAB34FFD74D463F57ED35CB0094EF242D7B72ED9BE8DDB133EBE2
            SHA-512:E99C39C5B2AB2CF4FAC2C75A3DB4F04E0085AA2611FFF28ACB9786A533776444AF71BA9217917CCC6A7C953900D10B34130530468124E2FB64E7DFC242FDA923
            Malicious:false
            Reputation:low
            Preview:2025/04/25-14:58:05.551 126c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/25-14:58:05.554 126c Recovering log #3.2025/04/25-14:58:05.555 126c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):344
            Entropy (8bit):5.180376615485061
            Encrypted:false
            SSDEEP:6:iOR6XLXF3cM+q2PcNwi2nKuAl9Ombzo2jMGIFUtD6XKJZmw96XXOocMVkwOcNwiV:7R6TqM+vLZHAa8uFUtD6k/966MV54ZHA
            MD5:D5291B4667A13B98BF1CC5DC0DD8AAE9
            SHA1:BDB2E6B3E30827DC21B108109B5E49F3500248DB
            SHA-256:C4900E885D9BAB34FFD74D463F57ED35CB0094EF242D7B72ED9BE8DDB133EBE2
            SHA-512:E99C39C5B2AB2CF4FAC2C75A3DB4F04E0085AA2611FFF28ACB9786A533776444AF71BA9217917CCC6A7C953900D10B34130530468124E2FB64E7DFC242FDA923
            Malicious:false
            Reputation:low
            Preview:2025/04/25-14:58:05.551 126c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/25-14:58:05.554 126c Recovering log #3.2025/04/25-14:58:05.555 126c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):475
            Entropy (8bit):4.969814904260269
            Encrypted:false
            SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
            MD5:7BE9C8316EB1B7252CB363207744A145
            SHA1:57861355BE6541501AED40F896891579DCF473BF
            SHA-256:B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
            SHA-512:2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
            Malicious:false
            Reputation:moderate, very likely benign file
            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):475
            Entropy (8bit):4.969814904260269
            Encrypted:false
            SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
            MD5:7BE9C8316EB1B7252CB363207744A145
            SHA1:57861355BE6541501AED40F896891579DCF473BF
            SHA-256:B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
            SHA-512:2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
            Malicious:false
            Reputation:moderate, very likely benign file
            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):475
            Entropy (8bit):4.969814904260269
            Encrypted:false
            SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
            MD5:7BE9C8316EB1B7252CB363207744A145
            SHA1:57861355BE6541501AED40F896891579DCF473BF
            SHA-256:B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
            SHA-512:2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
            Malicious:false
            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:JSON data
            Category:modified
            Size (bytes):475
            Entropy (8bit):4.971316048517525
            Encrypted:false
            SSDEEP:12:YH/um3RA8sqV96ThsBdOg2H8jcaq3QYiubSpDyP7E4T3y:Y2sRdsI96GdMH8a3QYhbSpDa7nby
            MD5:73D08F129A8A9BC8932884EF194E42C2
            SHA1:4AADE27128F7685AC204A9DBCD7920DE07188892
            SHA-256:92519D6B11363935E8AE1F5FC900405304D026CC8A6EA8E0DDCD046E2C0A19B8
            SHA-512:1240BB364EA18BC8E421A144E8E6CA8916D2C485BBB78ADD10628A9CFA9E4BCB35272A29547ACE2AFB95487FFCACED7CAFDEC46E004935B1FCCFCE40D1AF49F6
            Malicious:false
            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13390167496644214","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":158697},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:dropped
            Size (bytes):4509
            Entropy (8bit):5.22570803227286
            Encrypted:false
            SSDEEP:96:CwNwpDGHqPySfkcr2smSX8I2OQCDh28wDtP0Vy9eYivexZ:CwNw1GHqPySfkcigoO3h28ytPuy4Y/xZ
            MD5:C2F7C3D2D48DB1F06B447D36902F7D24
            SHA1:7AF218A4D8F24B555BD5A8D0CEC423F5DB9B866C
            SHA-256:4751FD048F91C5A855CDFCA5BB73A939CC856533F7372B072F474CE0AD10FEFF
            SHA-512:C2FA48ECC0F7A03519C0B120BDB5C207A8D87579057FF79D9F2B831C00BF8E732848AFFD213F5955EEF524BBA64B787BC33561C68902255072D863EECD2BC39E
            Malicious:false
            Preview:*...#................version.1..namespace-.aw.o................next-map-id.1.Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.0I.$.r................next-map-id.2.Snamespace-9a9aa6d6_c307_4dda_b6c0_dc91084c8e68-https://rna-v2-resource.acrobat.com/.1!...r................next-map-id.3.Snamespace-1fbd9dc5_70a3_4975_91b4_966e0915c27a-https://rna-v2-resource.acrobat.com/.2..N.o................next-map-id.4.Pnamespace-0e0aed8d_6d6f_4be0_b28f_8e02158bc792-https://rna-resource.acrobat.com/.3*.z.o................next-map-id.5.Pnamespace-52652c26_09c2_43f2_adf7_da56a1f00d32-https://rna-resource.acrobat.com/.4.{.^...............Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.C..r................next-map-id.6.Snamespace-3a89c6b0_72b9_411a_9e44_fa247f34ac91-https://rna-v2-resource.acrobat.com/.5.q._r................next-map-id.7.Snamespace-02b23955_9103_42e0_ba64_3f8683969652-https://rna-v2-resource.acrobat.com/.6..d.o..............
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):332
            Entropy (8bit):5.222015145443945
            Encrypted:false
            SSDEEP:6:iOR6XW6cM+q2PcNwi2nKuAl9OmbzNMxIFUtD6XFTJZmw96XO3cMVkwOcNwi2nKuP:7R6m/M+vLZHAa8jFUtD6//96FMV54ZHP
            MD5:7981ECD3EDE314DF7114F0184B16637C
            SHA1:6D07FFF19465B97A13D5C166C6C69C72F1845727
            SHA-256:33A5939D875D7B5EADE56372BB5F49D7332EEC62171C9AFFB7D7898189250250
            SHA-512:4AF6AB6C6215040B1DE2D1021621DDCF7D9A944E13B80A93DAFE62538D595DC93EE959B9761F9ADF1B50481E8A73313E7ECD0EA2A31BA24B88EF028445D5B436
            Malicious:false
            Preview:2025/04/25-14:58:05.809 126c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/25-14:58:05.810 126c Recovering log #3.2025/04/25-14:58:05.813 126c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):332
            Entropy (8bit):5.222015145443945
            Encrypted:false
            SSDEEP:6:iOR6XW6cM+q2PcNwi2nKuAl9OmbzNMxIFUtD6XFTJZmw96XO3cMVkwOcNwi2nKuP:7R6m/M+vLZHAa8jFUtD6//96FMV54ZHP
            MD5:7981ECD3EDE314DF7114F0184B16637C
            SHA1:6D07FFF19465B97A13D5C166C6C69C72F1845727
            SHA-256:33A5939D875D7B5EADE56372BB5F49D7332EEC62171C9AFFB7D7898189250250
            SHA-512:4AF6AB6C6215040B1DE2D1021621DDCF7D9A944E13B80A93DAFE62538D595DC93EE959B9761F9ADF1B50481E8A73313E7ECD0EA2A31BA24B88EF028445D5B436
            Malicious:false
            Preview:2025/04/25-14:58:05.809 126c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/25-14:58:05.810 126c Recovering log #3.2025/04/25-14:58:05.813 126c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
            Category:dropped
            Size (bytes):71190
            Entropy (8bit):1.8165307465925684
            Encrypted:false
            SSDEEP:96:a0lrFBpM74MM09E/IMW1MHMyLMDkTeM54HN/EVjMMLU0MMMggWKMM8MefLtM9HEi:hyIS0p3PTrxWTipSTWNi
            MD5:27727E36DED11869253A8E7E93041D71
            SHA1:E9F3C5EE8EDDC3280F93274B1B6CD1BB21B6CC1B
            SHA-256:BFB0C5934065AA799E73E070E5DC8D395261E6F253740A545457E797C28CFED1
            SHA-512:96230293A763FED15720EB586A7D6EEFAE18BA6B74979BF51E846256422C4C85D6802C64BDFAEC59EAA9D756916EB6F5065A33E8763281AC0DD463B50DB0472B
            Malicious:false
            Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
            Category:dropped
            Size (bytes):86016
            Entropy (8bit):4.439348138240332
            Encrypted:false
            SSDEEP:384:yeaci5GkiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:1ourVgazUpUTTGt
            MD5:BD3DB7A5E03448075E360359345372DD
            SHA1:13D4BE587934E05E2E7DB514D81BD618052FF541
            SHA-256:A9140D0B414E303B7ACE6042E3A0A5C3B16DEB7CDDE800881F8DB43214820765
            SHA-512:B2FDDF9B8BFD05D18BCABE89E96EC5E90BF182A920304785BF6F0E95575EA61AB7A00F35AE93574B2146A28D2F0684914CAB2FE484019194191ACF857D5425C5
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite Rollback Journal
            Category:dropped
            Size (bytes):8720
            Entropy (8bit):3.7779506353905394
            Encrypted:false
            SSDEEP:48:7Mhp/E2ioyVlioy3DoWoy1CABoy15KOioy1noy1AYoy1Wioy1hioybioy9oy1no2:7Spjul0iA/XKQku+b9IVXEBodRBkJ
            MD5:B5325F37F57261A411B21CA0A672D008
            SHA1:2BF05A74E111C273E6385AB055C6D6C16DA80251
            SHA-256:E1B216C050D0B5014B68F5965F9798C1C2CA54A63C6A21C291F8AA78CC00A883
            SHA-512:8CE1FBF923F4F2D4401030946045196484F803272FD67CEE99DE46CDFA4C09F934B3A5BFCD5B979F23F74A1DD05DF750BD6849FF97289509B109B28F094187A7
            Malicious:false
            Preview:.... .c.....f..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:Certificate, Version=3
            Category:dropped
            Size (bytes):1391
            Entropy (8bit):7.705940075877404
            Encrypted:false
            SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
            MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
            SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
            SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
            SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
            Malicious:false
            Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
            Category:dropped
            Size (bytes):73305
            Entropy (8bit):7.996028107841645
            Encrypted:true
            SSDEEP:1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/
            MD5:83142242E97B8953C386F988AA694E4A
            SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
            SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
            SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
            Malicious:false
            Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:dropped
            Size (bytes):192
            Entropy (8bit):2.7673182398396405
            Encrypted:false
            SSDEEP:3:kkFklnthkPtfllXlE/HT8kl1NNX8RolJuRdxLlGB9lQRYwpDdt:kKveT8s7NMa8RdWBwRd
            MD5:25BCDAC3B87D6E74A66A5AB8A42E2EA1
            SHA1:EC55F3A3936051711A8022FF23317BD1CE94ED56
            SHA-256:172CD726D6B2D9BE9A703EB39A9585321B5281D98B0CEFB06B899AC3995B8C88
            SHA-512:73C7DE661E03835A933EFD37F5A4C82FB2F401BFEABC7906C7738413A2A13C31C865A6198FC8ECCCFAD248C1C8D605C3A757738B7CC0FAF8531E6C9DBF29957B
            Malicious:false
            Preview:p...... .........H......(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:modified
            Size (bytes):330
            Entropy (8bit):3.277302618519546
            Encrypted:false
            SSDEEP:6:kKqllImcQRnSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:ilemfZkPlE99SNxAhUeq8S
            MD5:232A06FFE3CB2789E701C7259728415C
            SHA1:7B15C4594D83EF612EC4470C6C2DC2E1DF9EA6A7
            SHA-256:0E4C6A0CBDA8E6E3510589F6888B99575A1524EFD9D0758D0BB9EBCECFA68163
            SHA-512:635850C4D181798CA00AFCC5F688293D638F8807A160C43D9B3C0AA8799FDE1F78D45E028A330CF976B8F24160CEFA3E415B13D9F907DD1E6C52CB87B64D3BBB
            Malicious:false
            Preview:p...... ..........P.....(....................................................... ..................(....c*.....Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PostScript document text
            Category:dropped
            Size (bytes):185099
            Entropy (8bit):5.182478651346149
            Encrypted:false
            SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
            MD5:94185C5850C26B3C6FC24ABC385CDA58
            SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
            SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
            SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
            Malicious:false
            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PostScript document text
            Category:dropped
            Size (bytes):185099
            Entropy (8bit):5.182478651346149
            Encrypted:false
            SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
            MD5:94185C5850C26B3C6FC24ABC385CDA58
            SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
            SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
            SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
            Malicious:false
            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:data
            Category:dropped
            Size (bytes):227002
            Entropy (8bit):3.392780893644728
            Encrypted:false
            SSDEEP:1536:qMKP+iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:FKPoJ/3AYvYwglFoL+sn
            MD5:C11248DE3EDEB5F39EE8D1E2C1FFE7D8
            SHA1:7EC6B85BDB7C99BA691BB08A051EF7C4D4A43231
            SHA-256:57612AEEE8F8E8471B730963F8E111C9890F83D8120380A6FF0676A3814A4B41
            SHA-512:E13FD658A42EE8BA3CDE3DE5912C3BF3F1A5D720D6C47C3FBCB9C529208DC2860A64B3C41F08660A76CAF5482CF8FDA5EEB62ACC719860AE05EE5C8369C24D9F
            Malicious:false
            Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):295
            Entropy (8bit):5.3920590549573575
            Encrypted:false
            SSDEEP:6:YEQXJ2HXPCRwDHWsGiIPEeOF0YmoDoAvJM3g98kUwPeUkwRe9:YvXKXL2sdTeOJsGMbLUkee9
            MD5:AFC9D90803B27F4BE687841038D80112
            SHA1:3538639A5C0030BC1C06E62C16F2F8C57DF7B2E7
            SHA-256:48D5B79CCC9565D4DE2E12F019EB7D3747F31888B0233A8044C4EC143C7374F0
            SHA-512:BC345AAB9C48191979A07B26C7482A6EEF30D2A19F6DA7416225852C0AEAEE89CFC08C8FBC0E5B51B4C3629996FDA13659A9B806A8A59A0FA2F7E89118476477
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"8fb5094f-45d8-4036-a635-b5c60998cd2e","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1745784931584,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):294
            Entropy (8bit):5.328680347291447
            Encrypted:false
            SSDEEP:6:YEQXJ2HXPCRwDHWsGiIPEeOF0YmoDoAvJfBoTfXpnrPeUkwRe9:YvXKXL2sdTeOJsGWTfXcUkee9
            MD5:372C645BE702AC48F482BAFEAD029089
            SHA1:27F9A40505E77D443AFF0EB821927B47BEB36A7E
            SHA-256:167A3E667674473FE82687D90735328BEF1014C6D776B857506E1447A8D46323
            SHA-512:05999508BBE7888E09F14CC958389C90916A03505913AB5959E08B203C13570578D1F8EEBCFFA21D306CB366261E3876475109DE4A0FDE70C8B28C19B141F2A7
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"8fb5094f-45d8-4036-a635-b5c60998cd2e","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1745784931584,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):294
            Entropy (8bit):5.306939842649253
            Encrypted:false
            SSDEEP:6:YEQXJ2HXPCRwDHWsGiIPEeOF0YmoDoAvJfBD2G6UpnrPeUkwRe9:YvXKXL2sdTeOJsGR22cUkee9
            MD5:9FBFE2C565B179FB9273D5559D495CF7
            SHA1:82227EDF4859A5C2A973444F4BDD77AF173637FC
            SHA-256:251A803E8112085558291B80AD0C2110D7701F19C8221649737AA94DAFA8580D
            SHA-512:1365495E893981D5A028A89132C063695C623B7A29B3CE39EB3801057977B5BAE2676F9511C513FE6C1586673990F0D73C1C5A3DA2A8230098387AA1A2FA2258
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"8fb5094f-45d8-4036-a635-b5c60998cd2e","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1745784931584,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):285
            Entropy (8bit):5.3799442236784945
            Encrypted:false
            SSDEEP:6:YEQXJ2HXPCRwDHWsGiIPEeOF0YmoDoAvJfPmwrPeUkwRe9:YvXKXL2sdTeOJsGH56Ukee9
            MD5:A4A665960064941985CE0E791C108A31
            SHA1:D363D8F7EF787AF6C6076F65E40E4D50DE472F3A
            SHA-256:945ACF2D81B55E658FBDE14B67E0F597B0F342F7A92C234837F8EB064EC22126
            SHA-512:F1E12EFFEF31DAE8864A6EBB5BB025EC50A689F0861B85B737D315600CE7E722BF53BAD12C592782A99A90614150E6871174CD8CC91BC3815BBBEFD5B6A94B35
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"8fb5094f-45d8-4036-a635-b5c60998cd2e","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1745784931584,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):2213
            Entropy (8bit):5.850362858779482
            Encrypted:false
            SSDEEP:24:Yv6XL2meOjpLgEGycjycR84b0nNFmerISIedJGWQxiEDtbpEsrAr3IAHlO25FEEa:YvQewhgly48zFm/TWCt8KOP/nDi/Vh
            MD5:1CA8EAA92756BA9B2803C40C208C201E
            SHA1:F571F2CC5BE85BC6B8A5B4F1485D9D28B97545AF
            SHA-256:844D587DA2D20CEE71A91ABBAB38121628E72DA53B581A0F981CD3B5418C2176
            SHA-512:E9BC011D99F07F135EF87CC5B0B8F5FE21C9512BF3669AD0DA6AE0758786891C60D946E989B71A8235AD120A2E8D3F9F53B4696EECB1CE03AF2BB4C0387BB137
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"8fb5094f-45d8-4036-a635-b5c60998cd2e","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1745784931584,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfaWQiOiJlYjYyOWYwOC00YmZiLTRkYmEtYjQzNC01MzUyZTg1MGU4NWYiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZW
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):289
            Entropy (8bit):5.31674710124115
            Encrypted:false
            SSDEEP:6:YEQXJ2HXPCRwDHWsGiIPEeOF0YmoDoAvJf8dPeUkwRe9:YvXKXL2sdTeOJsGU8Ukee9
            MD5:F1DC3EE25618778EF6794484CFB43623
            SHA1:149820EEB676CA74E80217B6FAAEBD2C8D32A79E
            SHA-256:3C77A66934C24650CD0765FB8E8068A7D40A9272E152CCF1C506A910ED99A105
            SHA-512:A20E978DF53074D0F306FA99E432382FD3F79A478FEB89AFA88AF9AFAD2AC65FF19D3AE676C505542947EACF10AC238AD1DD9C7CAE2D59E93B991EF5D18C338E
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"8fb5094f-45d8-4036-a635-b5c60998cd2e","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1745784931584,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):292
            Entropy (8bit):5.320457479620085
            Encrypted:false
            SSDEEP:6:YEQXJ2HXPCRwDHWsGiIPEeOF0YmoDoAvJfQ1rPeUkwRe9:YvXKXL2sdTeOJsGY16Ukee9
            MD5:F82417EFAF6A6A3B7062EF754078FE2B
            SHA1:F22212D2EF2DDF8F742BB3C204ECD7060B8FFB35
            SHA-256:9A8D1B99BA7EFB28F59DFA8F9B504AC288EA4E0973F5DACF5FD530B7BF5EB425
            SHA-512:72D09792D13FBA3663F7114FEFAC4E6DDC1A0E8BD6A2302D3BA7C1203CBCDA54F20AE617B334532C69FE8A17957A1CC4BC241BB7BA2BDD8C256C2146C95E008A
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"8fb5094f-45d8-4036-a635-b5c60998cd2e","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1745784931584,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):2160
            Entropy (8bit):5.83539968448825
            Encrypted:false
            SSDEEP:48:YvQePogbN48uOQ/GiyL4TwKOkQJi+ohJh:GQzg54nf/IQOkQJiFZ
            MD5:45C7C10F270A298AFA7BEA201FF9295B
            SHA1:A009F8239C54BD8441E5D2573D69B889FE57CB3A
            SHA-256:6C2A571982244471CA3C0187195F36677904CD063131902981D734CA0ED3D9FF
            SHA-512:A4B3459AABED5757BCB405C2E2747BA6B7216C3FE58A5887E6EBB92F604E46A32349CD983EA3B1E10F213C9BD5396973232F93258CD250A5E98CB99E3F1B901D
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"8fb5094f-45d8-4036-a635-b5c60998cd2e","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1745784931584,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfaWQiOiIzNzkzMGExNC1kOGMwLTRlZDYtYjI0Yi0zZGUzY2FlZjZlNjAiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJ
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):295
            Entropy (8bit):5.343114221726916
            Encrypted:false
            SSDEEP:6:YEQXJ2HXPCRwDHWsGiIPEeOF0YmoDoAvJfzdPeUkwRe9:YvXKXL2sdTeOJsGb8Ukee9
            MD5:162F65E257A24E84EA040CA6EF26B463
            SHA1:24CFCCC998F17001B4F74C60472C23F8B2E43343
            SHA-256:468FAFB317D972E3721F832C71D342E96120A5DD998E1CD9E6D0D4FDA3FB6C1B
            SHA-512:BB762A8F30C0C69DC972CC5203C7EB4F20E74A02B1C5B5916E26D9AD86030D9DCD22B34B03049B3C4BC78D79182A2608648D3BBDBBF01A16BA3ECE94717CB114
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"8fb5094f-45d8-4036-a635-b5c60998cd2e","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1745784931584,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):289
            Entropy (8bit):5.323957238484688
            Encrypted:false
            SSDEEP:6:YEQXJ2HXPCRwDHWsGiIPEeOF0YmoDoAvJfYdPeUkwRe9:YvXKXL2sdTeOJsGg8Ukee9
            MD5:D1551E6594EDBAA8DC3B62B2E37E6B33
            SHA1:90CE59588235AE925872A6200124E9219F741C72
            SHA-256:F950E490E46C8A620201E692A0CBEE3FF9C5E52AD8C6AA9225AC84E478976830
            SHA-512:36399837F0BC377C0E778218CD3B523B5ACEAF00011661073659F118AF236CCAC884766E3C5D6F918FC4A2C8D83B605D0C31A90B1B5BE3187C5428F9C1D592DF
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"8fb5094f-45d8-4036-a635-b5c60998cd2e","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1745784931584,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):284
            Entropy (8bit):5.310429393675248
            Encrypted:false
            SSDEEP:6:YEQXJ2HXPCRwDHWsGiIPEeOF0YmoDoAvJf+dPeUkwRe9:YvXKXL2sdTeOJsG28Ukee9
            MD5:182EA82F6F103A9A30753C4694688D9F
            SHA1:9877E71B69B017C8B53035E1404739E34C14CD16
            SHA-256:1191918609C589CF2E16E6E8BA91F313B5408A68AA2E99615C0D88781B5BA368
            SHA-512:6ED9B6D90CE3DA71D6E75C3953C8B9B79C371F2030F63B4BFD9B1DAB413078C15F4B4934CAA589491FE9FD35E56EE318084D73D27822C2E9AF3897B56C09B715
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"8fb5094f-45d8-4036-a635-b5c60998cd2e","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1745784931584,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):291
            Entropy (8bit):5.307339681598518
            Encrypted:false
            SSDEEP:6:YEQXJ2HXPCRwDHWsGiIPEeOF0YmoDoAvJfbPtdPeUkwRe9:YvXKXL2sdTeOJsGDV8Ukee9
            MD5:2F7D5B3B1F346FA1C3CC4BACACD08492
            SHA1:A4858E19082922ADBA36A560E1B339A82D393A24
            SHA-256:B465C9912C0C8F0B4AC6C0BF726E0B56FA371FA1CC117101533A2EBE27E58278
            SHA-512:FF931E1019BCF9EA0B858FE33D76DD2BC8A05A730B4852B90AA6779D747A862BB6099F6C2E2FBCF3D8ABF3B120AE5F8C3F6B4451087D69FA600D918E477EED74
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"8fb5094f-45d8-4036-a635-b5c60998cd2e","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1745784931584,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):287
            Entropy (8bit):5.3120083575807895
            Encrypted:false
            SSDEEP:6:YEQXJ2HXPCRwDHWsGiIPEeOF0YmoDoAvJf21rPeUkwRe9:YvXKXL2sdTeOJsG+16Ukee9
            MD5:5C8A7834E92B35F6F501F7A441477F34
            SHA1:127D3187CB03B71DD624D3E22A528F6B2FADF2D3
            SHA-256:9EB5105876E7B90F947AA09F695302FFFC0C9087B6789812619BA04F710ED4AB
            SHA-512:A7C830521234E3BA4AF82F0F43EC93CEC5E8B10E5204B5066512CD12692807C43FDD132063C0352030F888EE72F188ACD20B102EEF45649692A540247FA783CB
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"8fb5094f-45d8-4036-a635-b5c60998cd2e","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1745784931584,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):2112
            Entropy (8bit):5.853317771506339
            Encrypted:false
            SSDEEP:24:Yv6XL2meOTamXayLgEdycgNaLcR84brvXJkoerISIQ1iyLVFgKy1N8IAHlOBJEEM:YvQeyBgBG48kJko/SiyL4T0AFDA/Vh
            MD5:3392E4ACF535A72783AC118B4D94A023
            SHA1:0E363D4398773650C048820BE4AC4AFA8E6CE269
            SHA-256:ED980986FDA5156D07DD76EDF53038F4EF731A7792309219A68201B0230155EB
            SHA-512:1147C0D462CA53B4688EC8D3F5F6299BF8065745DB0A853C4CB7193ED8E247DFD9C468704DB112CAB768A0E87BBD24D5B1F5C3FE29BDD712F3115248973073A1
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"8fb5094f-45d8-4036-a635-b5c60998cd2e","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1745784931584,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfaWQiOiJkMDQzMmY0Yy1hNTM2LTRlMzktOGNkNS1jYThiYjRhZTY2YzIiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnV
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):286
            Entropy (8bit):5.287751534397695
            Encrypted:false
            SSDEEP:6:YEQXJ2HXPCRwDHWsGiIPEeOF0YmoDoAvJfshHHrPeUkwRe9:YvXKXL2sdTeOJsGUUUkee9
            MD5:0AC4171C862B3A605BB8823F7CDA9204
            SHA1:1D74C2D67A3C1FC31FABFFDB007D5E656F5EECBF
            SHA-256:B0A17ED1B7ECCF24E4DD15712C150092705A858DFAF5FD1C5CD52868FB85645D
            SHA-512:170CE1716FD595DDADC14F82EC92718BFB9DD5A79EAF21E1EE001F9EE4A188DB46681A67412D485F6BEC6C166CCB4FE3C347D94B03D2CBB28D327636DFF55002
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"8fb5094f-45d8-4036-a635-b5c60998cd2e","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1745784931584,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):282
            Entropy (8bit):5.306773964296145
            Encrypted:false
            SSDEEP:6:YEQXJ2HXPCRwDHWsGiIPEeOF0YmoDoAvJTqgFCrPeUkwRe9:YvXKXL2sdTeOJsGTq16Ukee9
            MD5:E73D835DDA26ACD2884E00C7EAA58313
            SHA1:60BB6E79F1110B9D90C0993C48E52B8A198A160F
            SHA-256:B9297057DB416F58822BC303653B4782CD6D6153906B8729F1BC196FAD0969D9
            SHA-512:B72E9F60838F089A9CC47A77113FF6B2F712711B5E3414E2B5101A182B17F4BA593048BC692125CA004E6A1D1FC9A0450DB2E2ABA1AE33E28745F7222851878C
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"8fb5094f-45d8-4036-a635-b5c60998cd2e","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1745784931584,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:data
            Category:dropped
            Size (bytes):4
            Entropy (8bit):0.8112781244591328
            Encrypted:false
            SSDEEP:3:e:e
            MD5:DC84B0D741E5BEAE8070013ADDCC8C28
            SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
            SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
            SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
            Malicious:false
            Preview:....
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):2815
            Entropy (8bit):5.134105988254941
            Encrypted:false
            SSDEEP:24:YRN7samaYprhayGtkK56USqXjfFzBsj0Spz3XSJ2O+2LSrCicKldeMRa5ZZX9nO+:Yiprek3G9zB+d3m9+FzcKldeMQ59B
            MD5:8F506C1FE48EF0DA36D9FD8833682F21
            SHA1:86DAB47C9349CE626776CBB6E51CD556539628A7
            SHA-256:5D7F71ED41FDCDFB17FB4D9224563B7FB1C8BC625467C864ED2EFE44D142E2EA
            SHA-512:F5842219B04962F01F68652D88F0668D5E04C031B2800DC888FDC67CF50CB2A96CA01CE3EEB5726AA129860B2E28E3BA371F2837DE6B325383877FAB508EBD73
            Malicious:false
            Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"09dbcf2a801c4bc3d04e4a81158b3277","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1745607495000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"e4f11a1f06bde154658d3638b6a3ee79","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2160,"ts":1745607495000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"e6b93136e25f843bfeed0cc725376af4","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2213,"ts":1745607495000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"246635edea4ad5812b4f3becf7d802f3","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2112,"ts":1745607495000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"11c521effbf6bfc0b36a2a4f4bac717d","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1745607495000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"245ec2f8dfebe8d52070a95de70900e0","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
            Category:dropped
            Size (bytes):12288
            Entropy (8bit):1.4542453520884149
            Encrypted:false
            SSDEEP:48:TGufl2GL7msCvrBd6dHtbGIbPe0K3+fDy2dsTP1HlpP17:lNVmsw3SHtbDbPe0K3+fDZdax7
            MD5:670D27D967F60F58BAEAAD2CCF25CA44
            SHA1:53646470F57FA271CF4C817F6C844DBEB3474B77
            SHA-256:2F8691B322D42261A3C64BE70C39550FE2D5A095C0299DAC91D1D0C85F5936B6
            SHA-512:008BD5BDDEF1CCE352A00636CFAF17C7FDC72723F10969BCDE4F8F770AF63E8BBB85C8C28807D5A60A5AB9FEC5230E98FDBC27E75B5A2216E3E6D11ACFCDE449
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite Rollback Journal
            Category:dropped
            Size (bytes):8720
            Entropy (8bit):1.9596402052530524
            Encrypted:false
            SSDEEP:48:7M2rvrBd6dHtbGIbPe0K3+fDy2dsTP1eiqFl2GL7msk:7D3SHtbDbPe0K3+fDZdaDKVmsk
            MD5:2145F81DBBB7664DA506165F360514D2
            SHA1:6409C91917C8092FFE21D0C0C308F13104D22BD7
            SHA-256:5E61D872EC16A619BA302BB4A60D2403B7049FC82598828FCF101C9C55D55772
            SHA-512:F848675DDB9DCE1F6D10500AC32294371AD5C16484D579D0FD2C5D9558AF8E52912DE15DB9183D5B0FE4961F1CBAD80F434FBE125A1D2D6B66693581C63CFC57
            Malicious:false
            Preview:.... .c..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
            Category:dropped
            Size (bytes):246
            Entropy (8bit):3.522811667751431
            Encrypted:false
            SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8+ClERjl:Qw946cPbiOxDlbYnuRK7X
            MD5:74EFC52F14C5CDF721C74D1EB6F4E03A
            SHA1:A053211A47A8DC0DCD3CE48D2FD92C72C8851143
            SHA-256:8C24DD59B5367AD14AB6AD271BEEE57B2F61F698B10AE8F7CD48C602B3DEF307
            SHA-512:F14BEEF6D86AFF6C614BE372EB4E3DFC6E01A772C4637A19291B7591ADDB93EB65829B76CF5F04E1E38A6BAA7629F917CDF2D4C1C1D1637E780EA5E6B2B19A8F
            Malicious:false
            Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.5./.0.4./.2.0.2.5. . .1.4.:.5.8.:.1.8. .=.=.=.....
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with very long lines (393)
            Category:dropped
            Size (bytes):16525
            Entropy (8bit):5.386483451061953
            Encrypted:false
            SSDEEP:384:A2+jkjVj8jujXj+jPjghjKj0jLjmF/FRFO7t75NsXNsbNsgNssNsNNsaNsliNsTY:AXg5IqTS7Mh+oXChrYhFiQHXiz1W60ID
            MD5:F49CA270724D610D1589E217EA78D6D1
            SHA1:22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3
            SHA-256:D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D
            SHA-512:181B42465DE41E298329CBEB80181CBAB77CFD1701DBA31E61B2180B483BC35E2EFAFFA14C98F1ED0EDDE67F997EE4219C5318CE846BB0116A908FB2EAB61D29
            Malicious:false
            Preview:SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:808+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig:
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with very long lines (393), with CRLF line terminators
            Category:dropped
            Size (bytes):16603
            Entropy (8bit):5.32761105017578
            Encrypted:false
            SSDEEP:384:p4yB3lhBY5UmpTcez3mf8KjOilQ9c9peMLn71pVo9X1m0pzIYDTDq1qnyHx4RQgT:nZeF
            MD5:053BF0B658EA0151F326444ABA94D3F9
            SHA1:9847AC7AF7C06C21D45433EFE76C8E40A4D9B51F
            SHA-256:26B938BB8084E9BD58CA4E22B4B926FD41707AF19DB3E68B32747FDB7D8090D6
            SHA-512:3524C125AD2DB66765ED95493E5F87CAB637C3BF951D129F718EB53B3729C3B14907D0909E653D3EA69564F4B8DBB12BF367357C40AA0A2CFE71988D8166F792
            Malicious:false
            Preview:SessionID=6569ca3c-0eed-4fae-8547-c0d5d418c734.1745607486970 Timestamp=2025-04-25T14:58:06:970-0400 ThreadID=6844 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=6569ca3c-0eed-4fae-8547-c0d5d418c734.1745607486970 Timestamp=2025-04-25T14:58:06:972-0400 ThreadID=6844 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=6569ca3c-0eed-4fae-8547-c0d5d418c734.1745607486970 Timestamp=2025-04-25T14:58:06:972-0400 ThreadID=6844 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=6569ca3c-0eed-4fae-8547-c0d5d418c734.1745607486970 Timestamp=2025-04-25T14:58:06:972-0400 ThreadID=6844 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=6569ca3c-0eed-4fae-8547-c0d5d418c734.1745607486970 Timestamp=2025-04-25T14:58:06:973-0400 ThreadID=6844 Component=ngl-lib_NglAppLib Description="SetConf
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):35815
            Entropy (8bit):5.40785198300507
            Encrypted:false
            SSDEEP:768:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRldy0+AyxkHBDgRh9gR2:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gR0
            MD5:314BA6258775A3D8D7254E7467C32FD4
            SHA1:6163F5B6E616693E61317E7BED174C1772FF16B1
            SHA-256:F9421A72D8AA3839DDAA664336551F693C8E7FD208DF846E3B17348BC55C0864
            SHA-512:4123B099B71D36DE9F5927F43C3D2EE16CECE8708F30CC1F62EBD9954796A86430B09EDD816042B41AEB976E4B35B4DC2F2CFD07FC57F1E3BA66B42385A58451
            Malicious:false
            Preview:05-10-2023 08:41:17:.---2---..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:41:17:.Closing File..05-10-
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
            Category:dropped
            Size (bytes):1419751
            Entropy (8bit):7.976496077007677
            Encrypted:false
            SSDEEP:24576:/r5eYIGNPpOWL07oBGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:T5eZGOWLxBGZN3mlind9i4ufFXpAXkru
            MD5:4CBEAB1994786A0B8AE7BAF48FAD3A6A
            SHA1:2F22D79E3DF7B249DA18F028F5A14EB65BB9C139
            SHA-256:7E6BD13795A55EFAED961CFF688D9D59401599963C4AF42FD6ABAD434E7D6088
            SHA-512:DF0BFE07CDAFBD1DE973E9C16F854AFEEA391733E87B00A358EA53FC812746E077E74B04B144DAED0B4795ECE1638D43CDE7A283024212B548AE96ED3F1BA542
            Malicious:false
            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 42290
            Category:dropped
            Size (bytes):1407294
            Entropy (8bit):7.97605879016224
            Encrypted:false
            SSDEEP:24576:6Dbdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WL07oXGZGwYIGNPJF:cb3mlind9i4ufFXpAXkrfUs0jWLxXGZY
            MD5:279B811F8FB7ED83618C0B37825CCF25
            SHA1:5718DA0EF8F5A938CB88800665F18C9B805208B2
            SHA-256:2AF4D3CE45FACE3A6DF83A17E90912767BE01A6F2C96AD8B3F270FDB13F77E46
            SHA-512:74A736359646F91F28AC496DFFF249D0E5B005AA6BB34DAFDDE3C2A29B70D52E6F865239579AC94540AAB0D20BFC03AE6501814358D2122FCB60A4591213A9B9
            Malicious:false
            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
            Category:dropped
            Size (bytes):758601
            Entropy (8bit):7.98639316555857
            Encrypted:false
            SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
            MD5:3A49135134665364308390AC398006F1
            SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
            SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
            SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
            Malicious:false
            Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
            Category:dropped
            Size (bytes):386528
            Entropy (8bit):7.9736851559892425
            Encrypted:false
            SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
            MD5:5C48B0AD2FEF800949466AE872E1F1E2
            SHA1:337D617AE142815EDDACB48484628C1F16692A2F
            SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
            SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
            Malicious:false
            Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y
            File type:PDF document, version 1.5, 1 pages
            Entropy (8bit):7.379224965713681
            TrID:
            • Adobe Portable Document Format (5005/1) 100.00%
            File name:17455269731333_5868091.pdf
            File size:42'992 bytes
            MD5:5b18cafae3ec36c301be7b5c1acb6015
            SHA1:d128870f57c0bc4a71ad6d39ead577bc2f203065
            SHA256:d0b3cddb56ecc5e3c54d84cabae6f9aa0d9dc8c47e4e349342a923b820a50e58
            SHA512:c1b84f31d5259cc087faa8eef95f5b9f6bef55b6a8e444d9c835037c46988eb9bee8cb5887b4d6a02b544545d0fdd89eea72b6f2bad464efc37aa86a3a9fc701
            SSDEEP:768:blCwcHbMQ2YAlCwcHbMQ2YOwlQPKUOcrB0qPSGNpZH576XuIzhbl:BJKQPKUOEBlSGNPH5Uu23
            TLSH:0313BF25EBA1DD1BE9CA1674346BD94CCB1EF68590CF19D2781C9F683366F818C11372
            File Content Preview:%PDF-1.5.%.....3 0 obj.<</ColorSpace/DeviceRGB/Subtype/Image/Height 249/Filter/DCTDecode/Type/XObject/Width 200/BitsPerComponent 8/Length 35378>>stream.......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2.
            Icon Hash:62cc8caeb29e8ae0

            General

            Header:%PDF-1.5
            Total Entropy:7.379225
            Total Bytes:42992
            Stream Entropy:7.403019
            Stream Bytes:38145
            Entropy outside Streams:5.350917
            Bytes outside Streams:4847
            Number of EOF found:1
            Bytes after EOF:
            NameCount
            obj19
            endobj19
            stream3
            endstream3
            xref1
            trailer1
            startxref1
            /Page1
            /Encrypt0
            /ObjStm0
            /URI0
            /JS0
            /JavaScript0
            /AA0
            /OpenAction0
            /AcroForm0
            /JBIG2Decode0
            /RichMedia0
            /Launch0
            /EmbeddedFile0
            IDDHASHMD5Preview
            38c0f0bd5975d4b07ac2599915d38a423d25ca0ffb933711f

            Download Network PCAP: filteredfull

            • Total Packets: 6
            • 80 (HTTP)
            • 53 (DNS)
            TimestampSource PortDest PortSource IPDest IP
            Apr 25, 2025 20:58:14.534104109 CEST4968580192.168.2.7184.29.21.112
            Apr 25, 2025 20:58:14.681859016 CEST8049685184.29.21.112192.168.2.7
            Apr 25, 2025 20:58:14.682018995 CEST4968580192.168.2.7184.29.21.112
            Apr 25, 2025 20:58:14.682163000 CEST4968580192.168.2.7184.29.21.112
            Apr 25, 2025 20:58:14.829809904 CEST8049685184.29.21.112192.168.2.7
            Apr 25, 2025 20:58:14.831563950 CEST8049685184.29.21.112192.168.2.7
            Apr 25, 2025 20:58:14.831635952 CEST8049685184.29.21.112192.168.2.7
            Apr 25, 2025 20:58:14.831697941 CEST4968580192.168.2.7184.29.21.112
            Apr 25, 2025 20:58:28.995703936 CEST4968580192.168.2.7184.29.21.112
            TimestampSource PortDest PortSource IPDest IP
            Apr 25, 2025 20:58:14.354258060 CEST4966653192.168.2.71.1.1.1
            Apr 25, 2025 20:58:14.505908966 CEST53496661.1.1.1192.168.2.7
            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Apr 25, 2025 20:58:14.354258060 CEST192.168.2.71.1.1.10x995Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Apr 25, 2025 20:58:14.505908966 CEST1.1.1.1192.168.2.70x995No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
            Apr 25, 2025 20:58:14.505908966 CEST1.1.1.1192.168.2.70x995No error (0)crl.root-x1.letsencrypt.org.edgekey.nete8652.dscx.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
            Apr 25, 2025 20:58:14.505908966 CEST1.1.1.1192.168.2.70x995No error (0)e8652.dscx.akamaiedge.net184.29.21.112A (IP address)IN (0x0001)false
            Apr 25, 2025 20:58:15.010019064 CEST1.1.1.1192.168.2.70x5b67No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
            Apr 25, 2025 20:58:15.010019064 CEST1.1.1.1192.168.2.70x5b67No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
            • x1.i.lencr.org
            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.749685184.29.21.112806864C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            TimestampBytes transferredDirectionData
            Apr 25, 2025 20:58:14.682163000 CEST115OUTGET / HTTP/1.1
            Connection: Keep-Alive
            Accept: */*
            User-Agent: Microsoft-CryptoAPI/10.0
            Host: x1.i.lencr.org
            Apr 25, 2025 20:58:14.831563950 CEST1358INHTTP/1.1 200 OK
            Server: nginx
            Content-Type: application/pkix-cert
            Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
            ETag: "64cd6654-56f"
            Content-Disposition: attachment; filename="ISRG Root X1.der"
            Cache-Control: max-age=36032
            Expires: Sat, 26 Apr 2025 04:58:46 GMT
            Date: Fri, 25 Apr 2025 18:58:14 GMT
            Content-Length: 1391
            Connection: keep-alive
            Data Raw: 30 82 05 6b 30 82 03 53 a0 03 02 01 02 02 11 00 82 10 cf b0 d2 40 e3 59 44 63 e0 bb 63 82 8b 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 31 35 30 36 30 34 31 31 30 34 33 38 5a 17 0d 33 35 30 36 30 34 31 31 30 34 33 38 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 [TRUNCATED]
            Data Ascii: 0k0S@YDcc0*H0O10UUS1)0'U Internet Security Research Group10UISRG Root X10150604110438Z350604110438Z0O10UUS1)0'U Internet Security Research Group10UISRG Root X10"0*H0$s7+W(8n<WxujnO(hlDck1!~3<Hy!KqiJffl~<p)"K~G|H#S8Oo.IWt/8{p!u0<cOK~w.{JL%p)S$J?aQcq.o[\4ylv;by/&676urI*Av5/(ldwnG7Y^hrA)>Y>&$ZL@F:Qn;}rxY>Qx/>{JKsP|Ctt0[q600\H;}`)A|;FH*vvj=8d+(B"']ypN:'Qnd3COB0@0U0U00UyY{sXn0*HUXPi ')au\ni/VKsY!~Lq`9!VPYYbEf|o;'}~"+"
            Apr 25, 2025 20:58:14.831635952 CEST387INData Raw: 0e 8f f2 8a 34 5b 58 d8 fc 01 c9 54 b9 b8 26 cc 8a 88 33 89 4c 2d 84 3c 82 df ee 96 57 05 ba 2c bb f7 c4 b7 c7 4e 3b 82 be 31 c8 22 73 73 92 d1 c2 80 a4 39 39 10 33 23 82 4c 3c 9f 86 b2 55 98 1d be 29 86 8c 22 9b 9e e2 6b 3b 57 3a 82 70 4d dc 09
            Data Ascii: 4[XT&3L-<W,N;1"ss993#L<U)"k;W:pMMl]+NEJ&rj,_(.{q{^FS|7B*HL9GR+3S}MmBo@'5\(3#PylFn~:R-?[$


            050100s020406080100

            Click to jump to process

            050100s0.00204060MB

            Click to jump to process

            • File
            • Registry

            Click to dive into process behavior distribution

            Target ID:0
            Start time:14:58:02
            Start date:25/04/2025
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\17455269731333_5868091.pdf"
            Imagebase:0x7ff6136a0000
            File size:5'641'176 bytes
            MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true
            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

            Target ID:1
            Start time:14:58:04
            Start date:25/04/2025
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
            Imagebase:0x7ff7e9bb0000
            File size:3'581'912 bytes
            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true
            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
            There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

            Target ID:2
            Start time:14:58:05
            Start date:25/04/2025
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1604 --field-trial-handle=1552,i,7504916880486007724,13014692017979247921,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
            Imagebase:0x7ff7e9bb0000
            File size:3'581'912 bytes
            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            No disassembly