Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
maliciouspdf.pdf

Overview

General Information

Sample name:maliciouspdf.pdf
Analysis ID:1501488
MD5:fea26c05a0e34c85dcace36d02ecac9f
SHA1:8160f922fdb287274a5962ed49d9e62b7d1b24d8
SHA256:f161a489dd4aa6e48c77717deae162f52b917da5550fde450d1bfb3e154a3dfc
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
IP address seen in connection with other malware
PDF has an OpenAction (likely to launch a dropper script)
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6532 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\maliciouspdf.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 5404 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7360 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1744,i,11800254572130627882,10832229251146507829,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: maliciouspdf.pdfAvira: detected
Multi AV Scanner detection for submitted file
Source: maliciouspdf.pdfReversingLabs: Detection: 73%
Machine Learning detection for sample
Source: maliciouspdf.pdfJoe Sandbox ML: detected
Source: global trafficDNS query: name: 18.31.95.13.in-addr.arpa
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.7:49717
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.7:49717
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.7:49717
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.7:49717
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.7:49717
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.7:49717
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.7:49717
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.7:49717
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.7:49717
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.7:49717
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.7:49717 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.7:49717
Source: Joe Sandbox ViewIP Address: 23.56.162.185 23.56.162.185
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: 18.31.95.13.in-addr.arpa
Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.2.drString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: ReaderMessages.0.drString found in binary or memory: https://www.adobe.co
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: classification engineClassification label: mal60.winPDF@14/48@1/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5420Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-29 18-37-32-677.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: maliciouspdf.pdfReversingLabs: Detection: 73%
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\maliciouspdf.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1744,i,11800254572130627882,10832229251146507829,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1744,i,11800254572130627882,10832229251146507829,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: maliciouspdf.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: maliciouspdf.pdfInitial sample: PDF keyword /OpenAction
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
maliciouspdf.pdf73%ReversingLabsDocument-PDF.Exploit.Pdfka
maliciouspdf.pdf100%AviraHTML/Malicious.PDF.Gen3
maliciouspdf.pdf100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.adobe.co0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		unknown
    windowsupdatebg.s.llnwi.net
    		87.248.204.0
    		truefalse
      		unknown
      18.31.95.13.in-addr.arpa
      		unknown
      		unknownfalse
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://www.adobe.coReaderMessages.0.drfalse
        • URL Reputation: safe
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        23.56.162.185
        		unknownUnited States
        		16625AKAMAI-ASUSfalse

        General Information

        Joe Sandbox version:40.0.0 Tourmaline
        Analysis ID:1501488
        Start date and time:2024-08-30 00:36:37 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 4m 0s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowspdfcookbook.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:26
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:maliciouspdf.pdf
        Detection:MAL
        Classification:mal60.winPDF@14/48@1/1
        Cookbook Comments:
        • Found application associated with file extension: .pdf
        • Found PDF document
        • Close Viewer

        Warnings

        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe, UsoClient.exe
        • Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.144.73.197, 107.22.247.231, 34.193.227.236, 18.207.85.246, 162.159.61.3, 172.64.41.3, 199.232.210.172, 2.19.126.149, 2.19.126.143, 95.101.54.195, 2.16.202.123
        • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, identrust.edgesuite.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, settings-win.data.microsoft.com, ctldl.windowsupdate.com, time.windows.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, a1952.dscq.akamai.net, login.live.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, apps.identrust.com
        • Not all processes where analyzed, report is missing behavior information
        • VT rate limit hit for: maliciouspdf.pdf

        Simulations

        Behavior and APIs

        TimeTypeDescription
        18:37:42API Interceptor3x Sleep call for process: AcroCEF.exe modified

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        23.56.162.185eicar-adobe-acrobat-attachment.pdfGet hashmaliciousEICARBrowse
          Madisonwellsmedia546.pdfGet hashmaliciousUnknownBrowse
            signature.pdfGet hashmaliciousUnknownBrowse
              AG Uncorked IRMI Wine Mixer Invite.pdfGet hashmaliciousHTMLPhisherBrowse
                Gov Annual Salary + Employer - Provided Benefits2.pdfGet hashmaliciousPhisherBrowse
                  Remittance 728 Norriselectric0032xslx.pdfGet hashmaliciousHTMLPhisherBrowse
                    Secured Doc-[Rmz-67847].pdfGet hashmaliciousUnknownBrowse
                      GONZALES, ALFREDO 0012104586, 0010640472 b .pdfGet hashmaliciousUnknownBrowse
                        Corp.AcctPayable Payment Update.pdfGet hashmaliciousUnknownBrowse

                          Domains

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          bg.microsoft.map.fastly.nethttp://bafybeigjidxqtoucur5xi5femvsdkhgl6eznot7yws66pbkncd57dhp5qm.ipfs.dweb.link/Get hashmaliciousUnknownBrowse
                          • 199.232.210.172
                          http://lloydschatonline.com/Get hashmaliciousUnknownBrowse
                          • 199.232.214.172
                          http://btinternet-108389.weeblysite.com/Get hashmaliciousUnknownBrowse
                          • 199.232.210.172
                          http://bt-109929.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                          • 199.232.210.172
                          http://meettamask-logiinii.gitbook.io/us/Get hashmaliciousUnknownBrowse
                          • 199.232.210.172
                          http://westburypublishing.com/Get hashmaliciousUnknownBrowse
                          • 199.232.210.172
                          http://mail-107765.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                          • 199.232.214.172
                          http://walletconnect.pages.dev/Get hashmaliciousUnknownBrowse
                          • 199.232.210.172
                          http://dhl-tracking-au.blogspot.tw/Get hashmaliciousUnknownBrowse
                          • 199.232.214.172
                          windowsupdatebg.s.llnwi.nethttp://general72.s3-website.us-east-2.amazonaws.comGet hashmaliciousUnknownBrowse
                          • 87.248.204.0
                          https://set.page/cdtautomotive/Get hashmaliciousUnknownBrowse
                          • 87.248.205.0
                          https://allegro-2000.com/Get hashmaliciousHTMLPhisherBrowse
                          • 87.248.205.0
                          http://www.bmkts.dheetrekirx.com/Get hashmaliciousUnknownBrowse
                          • 46.228.146.128
                          http://bellantonicioccolato.it/wp-content/uploads/2020/11/gutweedtE.exeGet hashmaliciousUnknownBrowse
                          • 87.248.205.0
                          http://portal.mx-concord.sbsGet hashmaliciousHTMLPhisherBrowse
                          • 87.248.204.0
                          qbvytVOPN0.exeGet hashmaliciousLummaC, Go Injector, LummaC StealerBrowse
                          • 87.248.204.0
                          http://pub-4fc2ac5871b646109dbe90ceb8933125.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                          • 87.248.204.0
                          https://2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--BenerailETicket&~campaign=WebToApp&~tags=locale%3Dnl_NL&~tags=version%3D1&~tags=marketing_code%3DBSH3675&$android_url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.thetrainline%26hl%3Dnl-NL&$android_deepview=false&$android_passive_deepview=false&$ios_url=https%3A%2F%2Fitunes.apple.com%2FNL%2Fapp%2Fthetrainline%2Fid334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=//pub-f6244fe9c7374698a595b626f3787308.r2.dev/serverDCCCCCCC.html#mhebert@vib.techGet hashmaliciousHTMLPhisherBrowse
                          • 87.248.204.0
                          San Xavier District of the Tohono O#U2019odham Nation.pdfGet hashmaliciousUnknownBrowse
                          • 87.248.204.0

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          AKAMAI-ASUShttp://lloydschatonline.com/Get hashmaliciousUnknownBrowse
                          • 23.36.238.55
                          http://westburypublishing.com/Get hashmaliciousUnknownBrowse
                          • 184.28.90.27
                          Stacey Opted PYMT Tokyo electron limited.docxGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                          • 184.28.90.27
                          Uredospore8.exeGet hashmaliciousTinbaBrowse
                          • 173.222.162.64
                          https://cvccworks-my.sharepoint.com/:o:/g/personal/tbrosseau_cvccworks_edu/Eq-UyPVcAplCp0EtULhG-vgBSBG-0YnvqRHIOFaj8gAVeA?e=0GtZle&c=E,1,DChFGbEapD80-9FdFFEzIgnps7b6noVGZQKGJYQxe5NZ1bO4xoHQSXTZoDZYFQom26YXPkpXr4g-Zcy6HwaX1DHyE-5Bk2WBwo9od82Z27DPdBWYzulyG2zvnA,,&typo=1Get hashmaliciousHTMLPhisherBrowse
                          • 184.28.89.164
                          https://outbound.knectit.co.uk/u/click?_t=bnBkL3ZkcGpzYnVvcHV0c2pnQW9icGUvenNzYmMwd2ZlL3RzZmxzcHgvNjYxNHNmb3NmeHQvZm9qbmJnM29wbzAwO3RxdXVpGet hashmaliciousUnknownBrowse
                          • 23.197.9.160
                          file.exeGet hashmaliciousUnknownBrowse
                          • 23.223.209.213
                          http://www.water-filter.comGet hashmaliciousHTMLPhisherBrowse
                          • 23.216.205.249
                          https://rebrand.ly/340957Get hashmaliciousUnknownBrowse
                          • 2.19.126.211

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):300
                          Entropy (8bit):5.266524329181214
                          Encrypted:false
                          SSDEEP:6:N52WRRyq2PcNwi2nKuAl9OmbnIFUt8852WRyz1Zmw+852WRylRkwOcNwi2nKuAlz:N90vLZHAahFUt889I1/+89654ZHAaSJ
                          MD5:FCAD97396FFCE26A7A61C15D687A3009
                          SHA1:AF4715DA4F104240F1688FA7099A5D663E820363
                          SHA-256:DBA884AA58C129AF838DB456EE2D5DCAF17D75CD65E9583CB51CF608AEF7AE46
                          SHA-512:DC34B643483D8680C8796918FD06A9900EE7E7A9E802C31BAEF23816694309877AE967D66084014FB681060FB5EC8CA4AAEFEFBBFE9FC74BC7A9024CDBF2DE21
                          Malicious:false
                          Reputation:low
                          Preview:2024/08/29-18:37:30.678 1c14 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/08/29-18:37:30.680 1c14 Recovering log #3.2024/08/29-18:37:30.680 1c14 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):300
                          Entropy (8bit):5.266524329181214
                          Encrypted:false
                          SSDEEP:6:N52WRRyq2PcNwi2nKuAl9OmbnIFUt8852WRyz1Zmw+852WRylRkwOcNwi2nKuAlz:N90vLZHAahFUt889I1/+89654ZHAaSJ
                          MD5:FCAD97396FFCE26A7A61C15D687A3009
                          SHA1:AF4715DA4F104240F1688FA7099A5D663E820363
                          SHA-256:DBA884AA58C129AF838DB456EE2D5DCAF17D75CD65E9583CB51CF608AEF7AE46
                          SHA-512:DC34B643483D8680C8796918FD06A9900EE7E7A9E802C31BAEF23816694309877AE967D66084014FB681060FB5EC8CA4AAEFEFBBFE9FC74BC7A9024CDBF2DE21
                          Malicious:false
                          Reputation:low
                          Preview:2024/08/29-18:37:30.678 1c14 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/08/29-18:37:30.680 1c14 Recovering log #3.2024/08/29-18:37:30.680 1c14 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):344
                          Entropy (8bit):5.22082045689789
                          Encrypted:false
                          SSDEEP:6:N52WR8mq2PcNwi2nKuAl9Ombzo2jMGIFUt8852WRepXZmw+852WRepFkwOcNwi2g:N98mvLZHAa8uFUt889el/+89e354ZHAv
                          MD5:6036BFF992B83E89F1883B5E6EB68146
                          SHA1:DF84EFBCC41D3DD35B410D78013E68960ECC3ECE
                          SHA-256:91569BBB6856EDA8D7056614A1F09B97BB3F9EFAAAF860E51C776E673BF7047F
                          SHA-512:42DD879AB7F0966CF560C52E53C8B88301A6D56D020EF5EDE1B9E54A0BF8417E209E51B46946CE9E1FBC9F68754696A7A28416A0DD2F86D3ECC60417BA5827B7
                          Malicious:false
                          Reputation:low
                          Preview:2024/08/29-18:37:30.682 1d00 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/08/29-18:37:30.684 1d00 Recovering log #3.2024/08/29-18:37:30.684 1d00 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):344
                          Entropy (8bit):5.22082045689789
                          Encrypted:false
                          SSDEEP:6:N52WR8mq2PcNwi2nKuAl9Ombzo2jMGIFUt8852WRepXZmw+852WRepFkwOcNwi2g:N98mvLZHAa8uFUt889el/+89e354ZHAv
                          MD5:6036BFF992B83E89F1883B5E6EB68146
                          SHA1:DF84EFBCC41D3DD35B410D78013E68960ECC3ECE
                          SHA-256:91569BBB6856EDA8D7056614A1F09B97BB3F9EFAAAF860E51C776E673BF7047F
                          SHA-512:42DD879AB7F0966CF560C52E53C8B88301A6D56D020EF5EDE1B9E54A0BF8417E209E51B46946CE9E1FBC9F68754696A7A28416A0DD2F86D3ECC60417BA5827B7
                          Malicious:false
                          Reputation:low
                          Preview:2024/08/29-18:37:30.682 1d00 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/08/29-18:37:30.684 1d00 Recovering log #3.2024/08/29-18:37:30.684 1d00 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\02085a0d-4f93-4115-85e4-12447d1f482f.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:modified
                          Size (bytes):475
                          Entropy (8bit):4.969550278956958
                          Encrypted:false
                          SSDEEP:12:YH/um3RA8sqosBdOg2H8Acaq3QYiubSpDyP7E4T3y:Y2sRdsgdMHW3QYhbSpDa7nby
                          MD5:01C4BF8608F7FB2FAFBB2FD55655615C
                          SHA1:25FD4234C76486211D0605EDE6E9BC2E0CE4FF67
                          SHA-256:F807146DD73480A4FA497217BD139A8C1321C643720C2F317A44C1134259208B
                          SHA-512:D921A9581467C53EF4E06E0B1B2162D4BF6030CC23F9DDCC09B88C15A294F48B72FC6053EA187FB3848EA7B6B0A75F74730665172C7014B52FFEA4339EFEC568
                          Malicious:false
                          Reputation:low
                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369531062476383","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":132140},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):475
                          Entropy (8bit):4.969814904260269
                          Encrypted:false
                          SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
                          MD5:7BE9C8316EB1B7252CB363207744A145
                          SHA1:57861355BE6541501AED40F896891579DCF473BF
                          SHA-256:B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
                          SHA-512:2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
                          Malicious:false
                          Reputation:moderate, very likely benign file
                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF693b74.TMP (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):475
                          Entropy (8bit):4.969814904260269
                          Encrypted:false
                          SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
                          MD5:7BE9C8316EB1B7252CB363207744A145
                          SHA1:57861355BE6541501AED40F896891579DCF473BF
                          SHA-256:B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
                          SHA-512:2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
                          Malicious:false
                          Reputation:moderate, very likely benign file
                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c973a4cf-774b-48c2-820a-b8b3e86e5100.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):475
                          Entropy (8bit):4.969814904260269
                          Encrypted:false
                          SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
                          MD5:7BE9C8316EB1B7252CB363207744A145
                          SHA1:57861355BE6541501AED40F896891579DCF473BF
                          SHA-256:B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
                          SHA-512:2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
                          Malicious:false
                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):4509
                          Entropy (8bit):5.237659553944381
                          Encrypted:false
                          SSDEEP:96:CwNwpDGHqPySfkcr2smSX8I2OQCDh28wDtPAf6s0w3ofSZ:CwNw1GHqPySfkcigoO3h28ytPi6s0w35
                          MD5:353D85BB7F30A17B77B29014D80179A5
                          SHA1:C414E40CF522944115124DA9D1157D380065FB8D
                          SHA-256:A3A414A01B6E21382C3D3E01BBA00367015530C2357006100F8E75D9E8F384C5
                          SHA-512:0C78BD37751152456380B0FBDA9B8864D839FB1050733C3C308E4A4E7C63375420636B42144A4257E8253102F0FE4F5AA682B9022092EEEDE0E3E39629DA98BA
                          Malicious:false
                          Preview:*...#................version.1..namespace-.aw.o................next-map-id.1.Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.0I.$.r................next-map-id.2.Snamespace-9a9aa6d6_c307_4dda_b6c0_dc91084c8e68-https://rna-v2-resource.acrobat.com/.1!...r................next-map-id.3.Snamespace-1fbd9dc5_70a3_4975_91b4_966e0915c27a-https://rna-v2-resource.acrobat.com/.2..N.o................next-map-id.4.Pnamespace-0e0aed8d_6d6f_4be0_b28f_8e02158bc792-https://rna-resource.acrobat.com/.3*.z.o................next-map-id.5.Pnamespace-52652c26_09c2_43f2_adf7_da56a1f00d32-https://rna-resource.acrobat.com/.4.{.^...............Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.C..r................next-map-id.6.Snamespace-3a89c6b0_72b9_411a_9e44_fa247f34ac91-https://rna-v2-resource.acrobat.com/.5.q._r................next-map-id.7.Snamespace-02b23955_9103_42e0_ba64_3f8683969652-https://rna-v2-resource.acrobat.com/.6..d.o..............

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):332
                          Entropy (8bit):5.222677279405834
                          Encrypted:false
                          SSDEEP:6:N52WVAmq2PcNwi2nKuAl9OmbzNMxIFUt8852WV7+XZmw+852WVZCkwOcNwi2nKuP:NmmvLZHAa8jFUt888/+8nC54ZHAa84J
                          MD5:5E95266515A478DEDCC6BC93CED424A0
                          SHA1:03B7F56565572D82566599C2144BE60B55237DF6
                          SHA-256:84F53B52626BE51A3001254A0869CFCD903E5559E57E3EF329D1B83360A9683B
                          SHA-512:0F6E6D23EAFB138ACC2F8FAA2E1F7D30D08EDFD3C6894A1A9EF3D1CF5E7DC7BB24D6F680E89F5CFFEB1FD18A387883221C925AC4C3B5BE3BA7168B3370207A56
                          Malicious:false
                          Preview:2024/08/29-18:37:31.337 1d00 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/08/29-18:37:31.348 1d00 Recovering log #3.2024/08/29-18:37:31.360 1d00 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):332
                          Entropy (8bit):5.222677279405834
                          Encrypted:false
                          SSDEEP:6:N52WVAmq2PcNwi2nKuAl9OmbzNMxIFUt8852WV7+XZmw+852WVZCkwOcNwi2nKuP:NmmvLZHAa8jFUt888/+8nC54ZHAa84J
                          MD5:5E95266515A478DEDCC6BC93CED424A0
                          SHA1:03B7F56565572D82566599C2144BE60B55237DF6
                          SHA-256:84F53B52626BE51A3001254A0869CFCD903E5559E57E3EF329D1B83360A9683B
                          SHA-512:0F6E6D23EAFB138ACC2F8FAA2E1F7D30D08EDFD3C6894A1A9EF3D1CF5E7DC7BB24D6F680E89F5CFFEB1FD18A387883221C925AC4C3B5BE3BA7168B3370207A56
                          Malicious:false
                          Preview:2024/08/29-18:37:31.337 1d00 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/08/29-18:37:31.348 1d00 Recovering log #3.2024/08/29-18:37:31.360 1d00 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240829223734Z-166.bmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                          Category:dropped
                          Size (bytes):71190
                          Entropy (8bit):0.009534523076837647
                          Encrypted:false
                          SSDEEP:3:uIX0llBasxRj:ujlhj
                          MD5:F9CA182432AC0D508B998F53FD4D6FE2
                          SHA1:8137FA76C0B7B396461FC49FC0EB59B365D8872A
                          SHA-256:922B024D0B9175F6D8747AC5B4C8C5C6E50BE4BE106A08A1D20D788C528B4EC6
                          SHA-512:B345B30911E52E863BB66C25B303D670FC64A75C802E4682C8BFE73F9360595B8ACC3A138DED96414ADB9C19E7C9B3B062D08AC9A2566ACF6AAB5C7FB64CB559
                          Malicious:false
                          Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                          Category:dropped
                          Size (bytes):86016
                          Entropy (8bit):4.439255743836526
                          Encrypted:false
                          SSDEEP:384:yeaci5GoiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:1EurVgazUpUTTGt
                          MD5:99A976CEE56925EDB04BFE699FD2331B
                          SHA1:933BEF9D8F9CB56DC4516D9411034BC5AB836972
                          SHA-256:47BFF7D67C1D3818844F4AB0A80C849D859B9689AF15F647A12A82EFE15D74B6
                          SHA-512:40E7123316CA6E8D6AFD011D0A590E5327543CEEC92226EA5377E1DE0D830B9168F2A390C6E9B41D71B83E963979F2558116A5DCF0813C1F18BE74513617FE99
                          Malicious:false
                          Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite Rollback Journal
                          Category:dropped
                          Size (bytes):8720
                          Entropy (8bit):3.7803001129188476
                          Encrypted:false
                          SSDEEP:48:7MkAp/E2ioyVhioy3DoWoy1CABoy1pKOioy1noy1AYoy1Wioy1hioybioypoy1nG:7DApjuh0iAHXKQglb9IVXEBodRBke
                          MD5:BF5ABCCB9165C954217DFCB53AF86A93
                          SHA1:9D5B2B3F50BD608548FDEFA4728F713BDAA36BEE
                          SHA-256:4D1BF35FD939F01078D8C74FBC103024BE32CC0854D281CD12A7FE295FF27883
                          SHA-512:13549FDE7D1D7F015A57BEF86992CEE6A76E099FF8A8799C0E718B6422B6D2DE8A58947403A1C253702FED545493C868BE893521663740EA957F4C9FBF802919
                          Malicious:false
                          Preview:.... .c.......J...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                          Category:dropped
                          Size (bytes):71954
                          Entropy (8bit):7.996617769952133
                          Encrypted:true
                          SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                          MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                          SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                          SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                          SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                          Malicious:false
                          Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):893
                          Entropy (8bit):7.366016576663508
                          Encrypted:false
                          SSDEEP:24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
                          MD5:D4AE187B4574036C2D76B6DF8A8C1A30
                          SHA1:B06F409FA14BAB33CBAF4A37811B8740B624D9E5
                          SHA-256:A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
                          SHA-512:1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
                          Malicious:false
                          Preview:0..y..*.H.........j0..f...1.0...*.H.........N0..J0..2.......D....'..09...@k0...*.H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0...*.H.............0..........P..W..be......,k0.[...}.@......3vI*.?!I..N..>H.e...!.e.*.2....w..{........s.z..2..~..0....*8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.*....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i....*.)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0...*.H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..|.Wv..(9..e...w.j..w.......)...55.1.

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:modified
                          Size (bytes):328
                          Entropy (8bit):3.227991388555789
                          Encrypted:false
                          SSDEEP:6:kKVT9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:kDImsLNkPlE99SNxAhUe/3
                          MD5:0ED7AAB6815C8BAE87351E9888805EE2
                          SHA1:C9212EE0508D8F0FE6C92D549088E1B3517407E1
                          SHA-256:C645EC4A7E96B9F62A8E2C13722D2F65F16E9D10CC9768A7D536D0FA2644AA80
                          SHA-512:8D940F567CC67A2C0A0A132E590465033A2E3A1932BACCC9FC3AA067F6B91580C4F6F7009740115FAF654E4679A95F1A449B3C4052E2EB0E47C365CD37652FA4
                          Malicious:false
                          Preview:p...... ........L..3d...(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):252
                          Entropy (8bit):3.0050916095715485
                          Encrypted:false
                          SSDEEP:3:kkFklIqp/kNvfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7F:kKdqClxliBAIdQZV7I7kc3
                          MD5:4C014D5EB800B821CF395A9DDA119F75
                          SHA1:052FCF22CE494798949C26BD29B41235C7572701
                          SHA-256:520AFF8AA384C204C396E5389C357F32A0EBEFB6A406C246EB3415E80AC3CF7A
                          SHA-512:B9444231A492750C2C3C8899C76A739D8382FFDDEEE7A37ADE671491604291DC3CA23D481208C6F5D94008B9073F5408DFCEB0798E9B97D776FF294F14C44633
                          Malicious:false
                          Preview:p...... ....`.......d...(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5420

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):185099
                          Entropy (8bit):5.182478651346149
                          Encrypted:false
                          SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                          MD5:94185C5850C26B3C6FC24ABC385CDA58
                          SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                          SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                          SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                          Malicious:false
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):185099
                          Entropy (8bit):5.182478651346149
                          Encrypted:false
                          SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                          MD5:94185C5850C26B3C6FC24ABC385CDA58
                          SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                          SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                          SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                          Malicious:false
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):295
                          Entropy (8bit):5.391564001931194
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXuel8xT3ZnYWsGiIPEeOF0YLeoAvJM3g98kUwPeUkwRe9:YvXKXueGTpn7sdTeOhGMbLUkee9
                          MD5:A193E6DA213AB3A1689B8BE70A6A5267
                          SHA1:3B2D2E8ECB30B836077C207FA60AF76FCDDF26EE
                          SHA-256:07816B0A03A707AA3ABBD2B130EE4F9E4BD6CF766BCA126137E7EC11858274A4
                          SHA-512:97E5E578EB2386C422A5CE07123E3AA2BBEE5ED96256230DDFB95D5C41451549B0836B41D7F175D81F628AFB1806A7237C32C2473C9AB0835AF9D32C4CE6B511
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"3b99176b-fb8e-43cf-91e4-67c079d6f15b","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1725146437108,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.326438825991143
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXuel8xT3ZnYWsGiIPEeOF0YLeoAvJfBoTfXpnrPeUkwRe9:YvXKXueGTpn7sdTeOhGWTfXcUkee9
                          MD5:125523B8EFDA1C2F030985DD87A5C855
                          SHA1:5CA4DF4055FBBBD8A0FD48D1B7E9562C0B51E5A2
                          SHA-256:18D2DCB23E21DC1F471BA5699E64D9E5818A7FEA831D695BE71A4EC1B25EA95A
                          SHA-512:4EA75F072F1D4D80BAB0752589498FB0609C15FB6A3B4546E2B64B7EA572B800FAFCE3C31B5A1B8F82987FD962A9C046EF15BDF8451BBE1A151BD2E840BD7D6D
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"3b99176b-fb8e-43cf-91e4-67c079d6f15b","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1725146437108,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.304987142517147
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXuel8xT3ZnYWsGiIPEeOF0YLeoAvJfBD2G6UpnrPeUkwRe9:YvXKXueGTpn7sdTeOhGR22cUkee9
                          MD5:EDBC37EB627CBE9A7F62FE228BB65893
                          SHA1:AADA9C6A1B3B86E87E9188456799722F764B74FD
                          SHA-256:5FBCFDECCC324ADCCA88F576513A0BD5432A8AEB7E5C6EEEA56F16E2E3B09CFB
                          SHA-512:F14CD4AD8C7EBD0F5E542B081D2CB75190CCABBFF58FE3084054125C52B591C196104963A9F05FB40A7D793E4C47548F7E819AE7FB2B14F949CF87D60007332A
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"3b99176b-fb8e-43cf-91e4-67c079d6f15b","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1725146437108,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):285
                          Entropy (8bit):5.3794318003707104
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXuel8xT3ZnYWsGiIPEeOF0YLeoAvJfPmwrPeUkwRe9:YvXKXueGTpn7sdTeOhGH56Ukee9
                          MD5:12A86194545674A2BBB0DB6B2264F524
                          SHA1:16481D8C8DD7EC35D57DE4AC257064D51FF40C25
                          SHA-256:A37A5E382C5D3F0513914308349B01E60258C2786C308C761819DF5AEFCD1D80
                          SHA-512:3F5CCBCEB39430FBE5576FADF27A49BF899EF3C112CE9372384822E20D62D773E1574369B22547084B352C74C7E414CA96ECF9293A0A712C4F6B2B18C27910FE
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"3b99176b-fb8e-43cf-91e4-67c079d6f15b","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1725146437108,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1063
                          Entropy (8bit):5.674679639598838
                          Encrypted:false
                          SSDEEP:24:Yv6XMn7meOGpLgEFqciGennl0RCmK8czOCY4w2SY:YvpqeJhgLtaAh8cvYvzY
                          MD5:594B379255B8851D700EDA6C7178C2C2
                          SHA1:E0CC77392DDE5AB74687FD04BBD6F33A6B83C345
                          SHA-256:CA7EB7C02F64BBF7E4BBD6ECD99598914EAF73ABBAEB450265675A69997E7105
                          SHA-512:9A87C38C501085B08E0E9F78F4620F49161BE424C33E89D1515D5FAAD1312A534520B60FEA4222FC6AE31EE8D33E354C247090C075FDADD186BA560A23E493A0
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"3b99176b-fb8e-43cf-91e4-67c079d6f15b","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1725146437108,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1050
                          Entropy (8bit):5.658345276555933
                          Encrypted:false
                          SSDEEP:24:Yv6XMn7meOwVLgEF0c7sbnl0RCmK8czOCYHflEpwiVr:YvpqelFg6sGAh8cvYHWpwu
                          MD5:90DE606197311B74BB3BC0C22DA4912E
                          SHA1:C40D84F77AE2D70C168DF3D3295039AD5D8C4CFA
                          SHA-256:E9E0C70E392206AC6A3C97BF3BC8B19A48985778AF9713FAA6A7512B3B3D7468
                          SHA-512:60227A23C9629C39B35FFDC0A8BF0BBBC3363C7796600778A45739E52664EFD5DA4EFC266AB10B2244CD1088E9E70BCDC959ABD17A92856CCC0472D814593DFF
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"3b99176b-fb8e-43cf-91e4-67c079d6f15b","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1725146437108,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):292
                          Entropy (8bit):5.320276300286173
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXuel8xT3ZnYWsGiIPEeOF0YLeoAvJfQ1rPeUkwRe9:YvXKXueGTpn7sdTeOhGY16Ukee9
                          MD5:FFE66C6F1A0A6DF194D02611387E517B
                          SHA1:C6610223291FE219C7C0D2B0C6AABC5D485060A7
                          SHA-256:89402FCF0A9B830BD157F927D1682955C0D56DDEA5D7304DEC5682E9F7AEB387
                          SHA-512:62ACF3266E4C971C4725B6A1F1262B190E1CAB4F7ECD05CC859AF5B755F120C2665673AD7730360E14B5B2E69A383EBDFB1BD4BB871E1AA51B83DF47DC592D08
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"3b99176b-fb8e-43cf-91e4-67c079d6f15b","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1725146437108,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1038
                          Entropy (8bit):5.65700135945953
                          Encrypted:false
                          SSDEEP:24:Yv6XMn7meOV2LgEF7cciAXs0nl0RCmK8czOCAPtciBSY:YvpqeEogc8hAh8cvAIY
                          MD5:144466265EDE4ED242B9755ADAFB422C
                          SHA1:57F1025DF4A5F9B85594700371584F6D33571E17
                          SHA-256:CB7BC64E7EE027B4CDA230870E1404ABA2A0F0AE80AAE5004AF777610D2A1042
                          SHA-512:2D74462F8DA5A8E48DADA1C6CDF940C024AF93AB0EC3DBFE662013CAA485840A0955904ACB9C329E0ADF9752C9C5DB339A484C2159ACA0DC2FE36A013100E0DF
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"3b99176b-fb8e-43cf-91e4-67c079d6f15b","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1725146437108,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1164
                          Entropy (8bit):5.7036514221973595
                          Encrypted:false
                          SSDEEP:24:Yv6XMn7meO9KLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5SY:YvpqeUEgqprtrS5OZjSlwTmAfSKcY
                          MD5:0820E9927FC21366151ACD61B15DBDCA
                          SHA1:D1A19FA3F005839D8CE3FF78FFAD02B4633DC072
                          SHA-256:A86DD2C7DC6D963473BAA1C46EACD0887901B0125F28E69A63D855F9A9ED12B2
                          SHA-512:0535749394CB1F96A265BA1F3D29F82D860299F15146955DEE0EFADCDCA407FB356A4F10109B3F3A6E20854B0B9B67FFE4058322EA38192D762672AFCBF0FCF6
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"3b99176b-fb8e-43cf-91e4-67c079d6f15b","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1725146437108,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):289
                          Entropy (8bit):5.324107226979665
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXuel8xT3ZnYWsGiIPEeOF0YLeoAvJfYdPeUkwRe9:YvXKXueGTpn7sdTeOhGg8Ukee9
                          MD5:240A056E990D539B683516C049D42ABD
                          SHA1:002F19B13C868F6485F9F199A276D1CF68510A03
                          SHA-256:2598708748EBEEE11734B36E6CC83E11FC33B7E4169E6003BF0DFAFC8EE75CBB
                          SHA-512:EC10C762E7F9257A27239C9CBBB31FA68FE7ABF584EC9222C8F273873635B01514B140A37AA7E78E5C7309F87652E54D861E94ABFD0036FE9FFE913798318ECF
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"3b99176b-fb8e-43cf-91e4-67c079d6f15b","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1725146437108,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1395
                          Entropy (8bit):5.777029970892026
                          Encrypted:false
                          SSDEEP:24:Yv6XMn7meOArLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNT:Yvpqe7HgDv3W2aYQfgB5OUupHrQ9FJt
                          MD5:64C4616A15D9EB6EAB504C3CE6FE6A43
                          SHA1:164AFB6E40A699C7DA0FE9FAA331188E39CA3444
                          SHA-256:D689AEBDE4EC29247DAAB55735AA48CEFC7FB1864D65DB50BCB55D12BFDF7E9C
                          SHA-512:7D83B19694B7A1A6D764412AC9630DDFE2B22B18806658186A656F0BF75A10FBC79396C7C6123AFB9F9055C83EC044F2CD4449EE39F32806905B088BE98B05F9
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"3b99176b-fb8e-43cf-91e4-67c079d6f15b","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1725146437108,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):291
                          Entropy (8bit):5.307488639244733
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXuel8xT3ZnYWsGiIPEeOF0YLeoAvJfbPtdPeUkwRe9:YvXKXueGTpn7sdTeOhGDV8Ukee9
                          MD5:3F575844CEFE0301F1B33004F8C60EA4
                          SHA1:BC17C56F2D0423BE7B91B24804D26EC61E4F575F
                          SHA-256:A83AABAAA83A3F1B17ECD38D8CF1ECBDF71DFE22BA3EDAA6DA2D9251696FA61B
                          SHA-512:5C6D3661FD8D8EED0A5A7E8BF9DE6EB6500E9620E27E021E6ECB32DBEA42D2628FC16AFFCCFDE26EB6354631ACA8E57ABC342A2791776297CB2B85EB65873CCF
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"3b99176b-fb8e-43cf-91e4-67c079d6f15b","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1725146437108,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):287
                          Entropy (8bit):5.3118240218124875
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXuel8xT3ZnYWsGiIPEeOF0YLeoAvJf21rPeUkwRe9:YvXKXueGTpn7sdTeOhG+16Ukee9
                          MD5:38476253E6FAE072094FBCB747B8D19F
                          SHA1:F6CBD4FB0930218A905059E62D8255A6125D0AC3
                          SHA-256:2B9FFA389693CE9CA0B6053A54DD4E943379A6FC2831AF7BD5D3F68E54277079
                          SHA-512:BA8BA64B681AAB838AE2B1E5881DEB1985DCD2AB5855998FB91271E48738B5EEF1683EF7DB6083F96A0FE278474221D4A93A03C38E613A764144BFB9806CBFF6
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"3b99176b-fb8e-43cf-91e4-67c079d6f15b","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1725146437108,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1058
                          Entropy (8bit):5.660273076618353
                          Encrypted:false
                          SSDEEP:24:Yv6XMn7meOaamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BSY:YvpqeFBguOAh8cv+NKbY
                          MD5:85C0D7DF9B37F211135AACDC93D6B605
                          SHA1:3DAF5C677C20B8DA7DCDC403C79E12B82854B591
                          SHA-256:97184C7FFC324F8399360774EB0F5B47C47D6B1221774DD8B074C3E4EE0FAB28
                          SHA-512:BD91D0BD291E29BB31A8AFBE26F09C701E3883A382B0E677C6892E4B1E3210BE41C0B811007D3100DD44F4462EEC2C7DEFAA0B4C6EBAE599DAE7C0F800B890AA
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"3b99176b-fb8e-43cf-91e4-67c079d6f15b","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1725146437108,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):286
                          Entropy (8bit):5.289215709761161
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXuel8xT3ZnYWsGiIPEeOF0YLeoAvJfshHHrPeUkwRe9:YvXKXueGTpn7sdTeOhGUUUkee9
                          MD5:C36D1912489037158DCC8ECC17B3D627
                          SHA1:BB835EA603A39C308E155A3C64CB581583411B79
                          SHA-256:AE3C8F6865D1332B8D17A210E1CA43A5EEE05D5022656C63BAED32E3AA919B3A
                          SHA-512:7FCE6FA8426725D8C2711F45B4A6079EE5EDA499929BEF79697436DEEC0B83CDA5435A2B0703F829A5C08B38580F98FB4CDB24AFCD2BE7B22B9A28DA720EED47
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"3b99176b-fb8e-43cf-91e4-67c079d6f15b","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1725146437108,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):782
                          Entropy (8bit):5.3814562719561305
                          Encrypted:false
                          SSDEEP:12:YvXKXueGTpn7sdTeOhGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW/f:Yv6XMn7meOt168CgEXX5kcIfANhu
                          MD5:5DB3B84AD1114AD7934FEB12C2802B43
                          SHA1:C8F804401CCCA3C1E83F68C9D698FAF49EE2C290
                          SHA-256:2D7A797362273D437C0DE96E1526E549E0E9EEAB924CBC2F1CAE1996910C4B2F
                          SHA-512:111E274167FD767D7CEC946E165D65C43040E50D1514E5540FB09AB6AEEC91FF90768EB57E20EDEFFE8FA8944072DAB83FD58FC4A5DB5FB4C5A7439F31A41EE8
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"3b99176b-fb8e-43cf-91e4-67c079d6f15b","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1725146437108,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1724971057139}}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):4
                          Entropy (8bit):0.8112781244591328
                          Encrypted:false
                          SSDEEP:3:e:e
                          MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                          SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                          SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                          SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                          Malicious:false
                          Preview:....

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):2818
                          Entropy (8bit):5.140576199083875
                          Encrypted:false
                          SSDEEP:24:YRrlyxPWaDayHjPcPWXCvUoLiY124munjsM2j0StXF228v2LS/et3Lem5E9Xccue:YR8v0PgLgN1OisMIfr8v1c36mi9X7
                          MD5:BE32B0ACBF4D98CC1C80251188E841AB
                          SHA1:ADB174364061F67E17E5713A27DB3DB21079013B
                          SHA-256:735E817B2D8969BF37689FC18104FC0CAB8FE0CECB9FA7E26869A3482D6372F8
                          SHA-512:75284FCAC8C76779D554C11DC7BB9932648AE5B0951947DEA7BAD08414CDDD798F66D67E2BED2D312CA70905F2EF2DD3195B610C483DEB6834AC447E409A6052
                          Malicious:false
                          Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"b18b6e923bc3ebfd763349559f302f79","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1724971056000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"841457e6b61728ebd92460c1d827acb6","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1724971056000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"3b0bf75027e780ca12e0c261c3dc9bd8","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1724971056000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"ecb5831cc2cd0a4c00d250fce9c3e0a6","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1724971056000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"b2c439fba078da869450116df1c9116e","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1724971056000},{"id":"Edit_InApp_Aug2020","info":{"dg":"722e9a0233938111e727fc482d959261","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                          Category:dropped
                          Size (bytes):12288
                          Entropy (8bit):1.4533140010945313
                          Encrypted:false
                          SSDEEP:48:TGufl2GL7msCvrBd6dHtbGIbPe0K3+fDy2dskntlCnx:lNVmsw3SHtbDbPe0K3+fDZdQ
                          MD5:C1DF130FFADBBF2EA372A71524596C02
                          SHA1:6B26E8ACDE513D021132926D7FA3EC1C01AB7ADC
                          SHA-256:209C649117925FECBF3E6FC19A4E5BCE8717A42FB196276A0615460CC788185E
                          SHA-512:2965087AC128129B308DD5B2067523397BCF42E7F3BE7B271C8FB12F97E8CBAE6C79245A4E65FB9FE179D7B97C16FDB300DB336905D0B83D95479FA541764663
                          Malicious:false
                          Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite Rollback Journal
                          Category:dropped
                          Size (bytes):8720
                          Entropy (8bit):1.9558632736779407
                          Encrypted:false
                          SSDEEP:48:7MorvrBd6dHtbGIbPe0K3+fDy2dskn47qFl2GL7msY:7h3SHtbDbPe0K3+fDZdAKVmsY
                          MD5:5D092E20C35441BDB42AEAAE31FD559E
                          SHA1:12D30F4B6B8C5F701A8BCEA1ABB72ACF1CFA20EA
                          SHA-256:443CF4A235CC1717698A6ED3CB523BC5750B95F120B31E6AB7BDC8C23EFB11A8
                          SHA-512:36A695B86C0F6954E22802F466170624376FBC3C642AFE3ABC76EFDCC5844740B74FEFA69DAE4AD331F1511740FBE565C2571F456028F8E13793AF565B7B6E91
                          Malicious:false
                          Preview:.... .c.....,,........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Temp\MSI9006e.LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):246
                          Entropy (8bit):3.536003181970279
                          Encrypted:false
                          SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8xIAFElBf9:Qw946cPbiOxDlbYnuRKJz
                          MD5:9E008C5514735B5CAD3CF3692AB55120
                          SHA1:F01FB11E0FFF25A85FA4EDC2ABF6A88A49EBB1A9
                          SHA-256:3B8781168E996D8A0964512EF362302ED1D6FA06B2C34663690F4CC125E4749D
                          SHA-512:F0FBF346017D8825AEB91C2D008D65EBE6DBD308850E0A6BA845C818D254D9B91C8ED65C92174E4DCF489600D4967821615C5A5CE8D1831B2C70859903D43B22
                          Malicious:false
                          Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.9./.0.8./.2.0.2.4. . .1.8.:.3.7.:.3.8. .=.=.=.....

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-29 18-37-32-677.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with very long lines (393)
                          Category:dropped
                          Size (bytes):16525
                          Entropy (8bit):5.386483451061953
                          Encrypted:false
                          SSDEEP:384:A2+jkjVj8jujXj+jPjghjKj0jLjmF/FRFO7t75NsXNsbNsgNssNsNNsaNsliNsTY:AXg5IqTS7Mh+oXChrYhFiQHXiz1W60ID
                          MD5:F49CA270724D610D1589E217EA78D6D1
                          SHA1:22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3
                          SHA-256:D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D
                          SHA-512:181B42465DE41E298329CBEB80181CBAB77CFD1701DBA31E61B2180B483BC35E2EFAFFA14C98F1ED0EDDE67F997EE4219C5318CE846BB0116A908FB2EAB61D29
                          Malicious:false
                          Preview:SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:808+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig:

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with very long lines (393), with CRLF line terminators
                          Category:dropped
                          Size (bytes):15114
                          Entropy (8bit):5.348556989700785
                          Encrypted:false
                          SSDEEP:384:pRPsnlGHBO/x2OB6DjC2wb+qpcTSMDnxSFwKJNXEFXL0uxz+Q1GkYJYpg0m8Z2eM:lal
                          MD5:54D495BA457DE218081E2B55A207E58A
                          SHA1:F71761F86EE40366B53E957D6541D8EEE195A938
                          SHA-256:1E8079BB7119838D893A3D4F1710E8C3F7C1081FDB796FAE37D3C9C67D6A035E
                          SHA-512:AB54ED4E48CBF93B6D1041191CF3303875F2C96724798259A00252F4086368363213821BE836AB458B85228D17428E17C912D1052EB6E55ADE0F7C6E47783FF7
                          Malicious:false
                          Preview:SessionID=04b98aff-d1c1-4e4a-b708-338c9192cf48.1724971052702 Timestamp=2024-08-29T18:37:32:702-0400 ThreadID=7948 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=04b98aff-d1c1-4e4a-b708-338c9192cf48.1724971052702 Timestamp=2024-08-29T18:37:32:703-0400 ThreadID=7948 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=04b98aff-d1c1-4e4a-b708-338c9192cf48.1724971052702 Timestamp=2024-08-29T18:37:32:703-0400 ThreadID=7948 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=04b98aff-d1c1-4e4a-b708-338c9192cf48.1724971052702 Timestamp=2024-08-29T18:37:32:703-0400 ThreadID=7948 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=04b98aff-d1c1-4e4a-b708-338c9192cf48.1724971052702 Timestamp=2024-08-29T18:37:32:703-0400 ThreadID=7948 Component=ngl-lib_NglAppLib Description="SetConf

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):35721
                          Entropy (8bit):5.419876977125563
                          Encrypted:false
                          SSDEEP:768:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRldy0+AyxkHBDgRh9gRm0:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gR1
                          MD5:FE4F82FE2D86F3636DC9041293701667
                          SHA1:92C34C293DB12EEEF2A834E911E349EA014EC7DC
                          SHA-256:BC006CC2630CEF921C663AADDF9ED6578F6C17A46786B8B1D41E59A02FAC1C95
                          SHA-512:F6C1C61E04DAFFE87F9EBC627C9FC72588AF984561C694B6F9A2153FDF4AA53C71D956119CCA9D3D9DED0CD47D6467FB5309986CABD7685545A0239808C12C98
                          Malicious:false
                          Preview:05-10-2023 08:41:17:.---2---..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:41:17:.Closing File..05-10-

                          C:\Users\user\AppData\Local\Temp\acrocef_low\25e0e97c-c372-4d29-9546-e4c83f7c12c3.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                          Category:dropped
                          Size (bytes):758601
                          Entropy (8bit):7.98639316555857
                          Encrypted:false
                          SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                          MD5:3A49135134665364308390AC398006F1
                          SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                          SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                          SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                          Malicious:false
                          Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                          C:\Users\user\AppData\Local\Temp\acrocef_low\5e59ce00-a904-4af0-b7a3-575585b211b3.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                          Category:dropped
                          Size (bytes):1407294
                          Entropy (8bit):7.97605879016224
                          Encrypted:false
                          SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                          MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                          SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                          SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                          SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                          Malicious:false
                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                          C:\Users\user\AppData\Local\Temp\acrocef_low\76c63f63-2e99-48af-b757-adebe95b39c0.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                          Category:dropped
                          Size (bytes):386528
                          Entropy (8bit):7.9736851559892425
                          Encrypted:false
                          SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                          MD5:5C48B0AD2FEF800949466AE872E1F1E2
                          SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                          SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                          SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                          Malicious:false
                          Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                          C:\Users\user\AppData\Local\Temp\acrocef_low\b3f8d9e5-3fd0-49f1-b611-c02574b62287.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                          Category:dropped
                          Size (bytes):1419751
                          Entropy (8bit):7.976496077007677
                          Encrypted:false
                          SSDEEP:24576:/xA7owWLkwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLkwZGuGZn3mlind9i4ufFXpAXkru
                          MD5:CA6B0D9F8DDC295DACE8157B69CA7CF6
                          SHA1:6299B4A49AB28786E7BF75E1481D8011E6022AF4
                          SHA-256:A933C727CE6547310A0D7DAD8704B0F16DB90E024218ACE2C39E46B8329409C7
                          SHA-512:9F150CDA866D433BD595F23124E369D2B797A0CA76A69BA98D30DF462F0A95D13E3B0834887B5CD2A032A55161A0DC8BB30C16AA89663939D6DCF83FAC056D34
                          Malicious:false
                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                          Static File Info

                          General

                          File type:PDF document, version 1.5
                          Entropy (8bit):7.909297610640294
                          TrID:
                          • Adobe Portable Document Format (5005/1) 100.00%
                          File name:maliciouspdf.pdf
                          File size:7'342 bytes
                          MD5:fea26c05a0e34c85dcace36d02ecac9f
                          SHA1:8160f922fdb287274a5962ed49d9e62b7d1b24d8
                          SHA256:f161a489dd4aa6e48c77717deae162f52b917da5550fde450d1bfb3e154a3dfc
                          SHA512:077bdd40c4b6b2e554520b8fa303107cb88ad14203ffe30aa04161bf1e07e389c6fc1f1b953d1dbb86e55bb2bf50b98ac63159631d5c457341ea9a482285da81
                          SSDEEP:192:u+PDhOWcKuQu7ZgRXbvJ51FxJln4R7qJ6Jm1aHH+eX:HPdOWHA1qXbvD1rqj2y+eX
                          TLSH:E2E19E24048AB98CFB71526D82B7BCDD60C8369168C875C643F0EE2F7781FB85972350
                          File Content Preview:%PDF-1.5..%......1 0 obj<</T#79pe/Ca#74a#6co#67/Ou#74lin#65#73 2 0 R/Pa#67es 3 0 R/#4fp#65n#41cti#6fn 5 0 R>>endobj..2 0 obj<</#54yp#65/#4f#75tl#69#6ees/#43o#75#6e#74 0>>endobj..3 0 obj<</T#79#70e/#50age#73/Kid#73[4 0 R]/Co#75nt 1>>endobj..4 0 obj<</#54y#

                          File Icon

                          Icon Hash:62cc8caeb29e8ae0

                          Static PDF Info

                          General

                          Header:%PDF-1.5
                          Total Entropy:7.909298
                          Total Bytes:7342
                          Stream Entropy:7.967120
                          Stream Bytes:6609
                          Entropy outside Streams:4.862696
                          Bytes outside Streams:733
                          Number of EOF found:1
                          Bytes after EOF:

                          Keywords Statistics

                          NameCount
                          obj6
                          endobj6
                          stream1
                          endstream1
                          xref1
                          trailer1
                          startxref1
                          /Page1
                          /Encrypt0
                          /ObjStm0
                          /URI0
                          /JS1
                          /JavaScript1
                          /AA0
                          /OpenAction1
                          /AcroForm0
                          /JBIG2Decode0
                          /RichMedia0
                          /Launch0
                          /EmbeddedFile0

                          Network Behavior

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Aug 30, 2024 00:37:43.419969082 CEST49717443192.168.2.723.56.162.185
                          Aug 30, 2024 00:37:43.420001030 CEST4434971723.56.162.185192.168.2.7
                          Aug 30, 2024 00:37:43.420150042 CEST49717443192.168.2.723.56.162.185
                          Aug 30, 2024 00:37:43.420356035 CEST49717443192.168.2.723.56.162.185
                          Aug 30, 2024 00:37:43.420372963 CEST4434971723.56.162.185192.168.2.7
                          Aug 30, 2024 00:37:43.995405912 CEST4434971723.56.162.185192.168.2.7
                          Aug 30, 2024 00:37:43.995662928 CEST49717443192.168.2.723.56.162.185
                          Aug 30, 2024 00:37:43.995675087 CEST4434971723.56.162.185192.168.2.7
                          Aug 30, 2024 00:37:43.996956110 CEST4434971723.56.162.185192.168.2.7
                          Aug 30, 2024 00:37:43.997020006 CEST49717443192.168.2.723.56.162.185
                          Aug 30, 2024 00:37:44.016997099 CEST49717443192.168.2.723.56.162.185
                          Aug 30, 2024 00:37:44.017139912 CEST4434971723.56.162.185192.168.2.7
                          Aug 30, 2024 00:37:44.017167091 CEST49717443192.168.2.723.56.162.185
                          Aug 30, 2024 00:37:44.064502954 CEST4434971723.56.162.185192.168.2.7
                          Aug 30, 2024 00:37:44.072434902 CEST49717443192.168.2.723.56.162.185
                          Aug 30, 2024 00:37:44.072443962 CEST4434971723.56.162.185192.168.2.7
                          Aug 30, 2024 00:37:44.119323015 CEST49717443192.168.2.723.56.162.185
                          Aug 30, 2024 00:37:44.174114943 CEST4434971723.56.162.185192.168.2.7
                          Aug 30, 2024 00:37:44.174190998 CEST4434971723.56.162.185192.168.2.7
                          Aug 30, 2024 00:37:44.174299955 CEST49717443192.168.2.723.56.162.185
                          Aug 30, 2024 00:37:44.175087929 CEST49717443192.168.2.723.56.162.185
                          Aug 30, 2024 00:37:44.175106049 CEST4434971723.56.162.185192.168.2.7

                          UDP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Aug 30, 2024 00:38:01.551116943 CEST5350862162.159.36.2192.168.2.7
                          Aug 30, 2024 00:38:02.053623915 CEST5032353192.168.2.71.1.1.1
                          Aug 30, 2024 00:38:02.061785936 CEST53503231.1.1.1192.168.2.7

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Aug 30, 2024 00:38:02.053623915 CEST192.168.2.71.1.1.10xd866Standard query (0)18.31.95.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Aug 30, 2024 00:37:38.616189957 CEST1.1.1.1192.168.2.70x9f2eNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                          Aug 30, 2024 00:37:38.616189957 CEST1.1.1.1192.168.2.70x9f2eNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                          Aug 30, 2024 00:38:02.061785936 CEST1.1.1.1192.168.2.70xd866Name error (3)18.31.95.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                          Aug 30, 2024 00:38:08.672575951 CEST1.1.1.1192.168.2.70x573fNo error (0)windowsupdatebg.s.llnwi.net87.248.204.0A (IP address)IN (0x0001)false

                          HTTP Request Dependency Graph

                          • armmf.adobe.com

                          HTTPS Proxied Packets

                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.74971723.56.162.1854437360C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          TimestampBytes transferredDirectionData
                          2024-08-29 22:37:44 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                          Host: armmf.adobe.com
                          Connection: keep-alive
                          Accept-Language: en-US,en;q=0.9
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                          Sec-Fetch-Site: same-origin
                          Sec-Fetch-Mode: no-cors
                          Sec-Fetch-Dest: empty
                          Accept-Encoding: gzip, deflate, br
                          If-None-Match: "78-5faa31cce96da"
                          If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                          2024-08-29 22:37:44 UTC198INHTTP/1.1 304 Not Modified
                          Content-Type: text/plain; charset=UTF-8
                          Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                          ETag: "78-5faa31cce96da"
                          Date: Thu, 29 Aug 2024 22:37:44 GMT
                          Connection: close


                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:0
                          Start time:18:37:28
                          Start date:29/08/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\maliciouspdf.pdf"
                          Imagebase:0x7ff702560000
                          File size:5'641'176 bytes
                          MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:2
                          Start time:18:37:29
                          Start date:29/08/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                          Imagebase:0x7ff6c3ff0000
                          File size:3'581'912 bytes
                          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:4
                          Start time:18:37:30
                          Start date:29/08/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1744,i,11800254572130627882,10832229251146507829,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                          Imagebase:0x7ff6c3ff0000
                          File size:3'581'912 bytes
                          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          Disassembly

                          No disassembly