Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
20240927102105.pdf

Overview

General Information

Sample name:20240927102105.pdf
Analysis ID:1520454
MD5:d9a3a230b5e4c8d5712abc0b1bcd3287
SHA1:b1878a18271a71ed9eae127069731536f184f15e
SHA256:d14b6f0341d5073b29abd846a8dbac6ed60e64a6103677835e9491390a13ace4
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6832 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\20240927102105.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 4924 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6592 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1736,i,11910158590496879408,606956546599633943,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.4:49748
Source: Joe Sandbox ViewIP Address: 23.41.168.139 23.41.168.139
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: classification engineClassification label: clean2.winPDF@14/45@2/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-27 05-06-52-218.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\20240927102105.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1736,i,11910158590496879408,606956546599633943,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1736,i,11910158590496879408,606956546599633943,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 20240927102105.pdfInitial sample: PDF keyword /JS count = 0
Source: 20240927102105.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: 20240927102105.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1520454 Sample: 20240927102105.pdf Startdate: 27/09/2024 Architecture: WINDOWS Score: 2 14 x1.i.lencr.org 2->14 7 Acrobat.exe 20 72 2->7         started        process3 process4 9 AcroCEF.exe 106 7->9         started        process5 11 AcroCEF.exe 2 9->11         started        dnsIp6 16 23.41.168.139, 443, 49748 ZAYO-6461US United States 11->16

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
    • URL Reputation: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    23.41.168.139
    		unknownUnited States
    		6461ZAYO-6461USfalse

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1520454
    Start date and time:2024-09-27 11:05:45 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 4m 12s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowspdfcookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:10
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:20240927102105.pdf
    Detection:CLEAN
    Classification:clean2.winPDF@14/45@2/1
    Cookbook Comments:
    • Found application associated with file extension: .pdf
    • Found PDF document
    • Close Viewer

    Warnings

    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.144.73.197, 34.193.227.236, 18.207.85.246, 107.22.247.231, 2.19.126.143, 2.19.126.149, 172.64.41.3, 162.159.61.3, 2.23.197.184
    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
    • Not all processes where analyzed, report is missing behavior information
    • VT rate limit hit for: 20240927102105.pdf

    Simulations

    Behavior and APIs

    TimeTypeDescription
    05:07:02API Interceptor1x Sleep call for process: AcroCEF.exe modified

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    23.41.168.139Steel Dynamics.pdfGet hashmaliciousUnknownBrowse
      https://seedsmarket.org/Get hashmaliciousHTMLPhisherBrowse
        1445321243TK.pdfGet hashmaliciousUnknownBrowse
          cho6043ijz.000Get hashmaliciousUnknownBrowse
            request_731.pdfGet hashmaliciousUnknownBrowse
              5ec990.msiGet hashmaliciousUnknownBrowse
                https://protect.checkpoint.com/v2/r02/___https:/clicktime.symantec.com/a/1/zPM8RRCBucIOtZGS7nBuCsGPfGeuu7uqRi7wib3E_aY=?d=NFaqzsVnaPxuUzxsp1S8ZNeTdv5RUAvfUpeVYxZKOFi_FaxMV9Y7SVV54XPcAAn6YB9QzZxIDYthMOs47JRBZ_0PV-GDVB9ATG93QO70LP8jR59aDk47QZTQk1MCrc9z0M3DqIE9FBr3JkLMrCK4n5QQgA808-LoV3aL3E5VEqB9qmOwHolNy2exhhpbmurcCABi5zh5uKgLe9rfjkQctCPzCg3AE4fvCR7U11tWATVxiJtbisJBMe_5iBhkTFjew3iq_3GEy8ZmD-34Perc98nMVcfrpi4VxTn2R85qX2fmxz3xMqJlfOHtVdD4mDJYHRlv2yYwpVXDDq31APFUszUTvBvOIHR3Pykkf75nE0oRo-IGsNY6JAjIXdEf9hc703INnKhyaOlaJqzSGk7sTDVPbYStXF2M5bSFRVWbiTwfxF2vjGvw-UOxN6lhQJBYgMpfIk92Omh-tbjm4_bTau0WyFvFbUBrukuGpdg%3D&u=http%3A%2F%2Fwww.globalindustrial.com%2F___.YzJlOmdlcmZsb3JzcGE6YzpvOjVjNDhlMDRlZTQ0YTE0ZTU3OTkxM2M3YTlmYTI1YmE4Ojc6NTQxYTpmMjVhNGFkOWJmNTc4NzRiYWUxZDE4NmIxZWVmYzYzZTI1YWI1YWJhOTNjY2IyMjY3ZjEyMTdhNjg1MjRmZGFkOmg6RjpOGet hashmaliciousUnknownBrowse
                  Houghton closure form.pdfGet hashmaliciousUnknownBrowse
                    Doc_Inv_09-12#990.pdfGet hashmaliciousUnknownBrowse
                      intro.pdfGet hashmaliciousHTMLPhisherBrowse

                        Domains

                        No context

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        ZAYO-6461USSteel Dynamics.pdfGet hashmaliciousUnknownBrowse
                        • 23.41.168.139
                        https://seedsmarket.org/Get hashmaliciousHTMLPhisherBrowse
                        • 23.41.168.139
                        1445321243TK.pdfGet hashmaliciousUnknownBrowse
                        • 23.41.168.139
                        cho6043ijz.000Get hashmaliciousUnknownBrowse
                        • 23.41.168.139
                        request_731.pdfGet hashmaliciousUnknownBrowse
                        • 23.41.168.139
                        5ec990.msiGet hashmaliciousUnknownBrowse
                        • 23.41.168.139
                        https://protect.checkpoint.com/v2/r02/___https:/clicktime.symantec.com/a/1/zPM8RRCBucIOtZGS7nBuCsGPfGeuu7uqRi7wib3E_aY=?d=NFaqzsVnaPxuUzxsp1S8ZNeTdv5RUAvfUpeVYxZKOFi_FaxMV9Y7SVV54XPcAAn6YB9QzZxIDYthMOs47JRBZ_0PV-GDVB9ATG93QO70LP8jR59aDk47QZTQk1MCrc9z0M3DqIE9FBr3JkLMrCK4n5QQgA808-LoV3aL3E5VEqB9qmOwHolNy2exhhpbmurcCABi5zh5uKgLe9rfjkQctCPzCg3AE4fvCR7U11tWATVxiJtbisJBMe_5iBhkTFjew3iq_3GEy8ZmD-34Perc98nMVcfrpi4VxTn2R85qX2fmxz3xMqJlfOHtVdD4mDJYHRlv2yYwpVXDDq31APFUszUTvBvOIHR3Pykkf75nE0oRo-IGsNY6JAjIXdEf9hc703INnKhyaOlaJqzSGk7sTDVPbYStXF2M5bSFRVWbiTwfxF2vjGvw-UOxN6lhQJBYgMpfIk92Omh-tbjm4_bTau0WyFvFbUBrukuGpdg%3D&u=http%3A%2F%2Fwww.globalindustrial.com%2F___.YzJlOmdlcmZsb3JzcGE6YzpvOjVjNDhlMDRlZTQ0YTE0ZTU3OTkxM2M3YTlmYTI1YmE4Ojc6NTQxYTpmMjVhNGFkOWJmNTc4NzRiYWUxZDE4NmIxZWVmYzYzZTI1YWI1YWJhOTNjY2IyMjY3ZjEyMTdhNjg1MjRmZGFkOmg6RjpOGet hashmaliciousUnknownBrowse
                        • 23.41.168.139
                        Houghton closure form.pdfGet hashmaliciousUnknownBrowse
                        • 23.41.168.139
                        Doc_Inv_09-12#990.pdfGet hashmaliciousUnknownBrowse
                        • 23.41.168.139
                        intro.pdfGet hashmaliciousHTMLPhisherBrowse
                        • 23.41.168.139

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):292
                        Entropy (8bit):5.2430700985756475
                        Encrypted:false
                        SSDEEP:6:PEsd6ryq2Pwkn2nKuAl9OmbnIFUt82Esd6tVdAz1Zmw+2Esd6tcMjRkwOwkn2nKZ:PEFWvYfHAahFUt82EFtVw1/+2EFtHF50
                        MD5:AB19D7D9941B0C31F8E1BD4D90129102
                        SHA1:CB8649D9EF18074A89B5B3209393B564D887E87C
                        SHA-256:8E7B6770D1F916F8B8E5BFAEAF07CB79706BBCDAFF23CEE7F84D39D7BC0B6334
                        SHA-512:3A01E8FF2EA3C8708A5B819F12F0C924561184D3235EBE53ABC9A852E774039FE92BC9FD3165D9112B0C042617FEA65938724A24DE43FAB76F582E6DCCB1EADF
                        Malicious:false
                        Reputation:low
                        Preview:2024/09/27-05:06:49.988 1794 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/09/27-05:06:49.990 1794 Recovering log #3.2024/09/27-05:06:49.991 1794 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):292
                        Entropy (8bit):5.2430700985756475
                        Encrypted:false
                        SSDEEP:6:PEsd6ryq2Pwkn2nKuAl9OmbnIFUt82Esd6tVdAz1Zmw+2Esd6tcMjRkwOwkn2nKZ:PEFWvYfHAahFUt82EFtVw1/+2EFtHF50
                        MD5:AB19D7D9941B0C31F8E1BD4D90129102
                        SHA1:CB8649D9EF18074A89B5B3209393B564D887E87C
                        SHA-256:8E7B6770D1F916F8B8E5BFAEAF07CB79706BBCDAFF23CEE7F84D39D7BC0B6334
                        SHA-512:3A01E8FF2EA3C8708A5B819F12F0C924561184D3235EBE53ABC9A852E774039FE92BC9FD3165D9112B0C042617FEA65938724A24DE43FAB76F582E6DCCB1EADF
                        Malicious:false
                        Reputation:low
                        Preview:2024/09/27-05:06:49.988 1794 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/09/27-05:06:49.990 1794 Recovering log #3.2024/09/27-05:06:49.991 1794 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):336
                        Entropy (8bit):5.205277584397921
                        Encrypted:false
                        SSDEEP:6:PEsk0q2Pwkn2nKuAl9Ombzo2jMGIFUt82EskjEZZmw+2EskjEgFkwOwkn2nKuAlx:PEovYfHAa8uFUt82EnEZ/+2EkgF5JfHA
                        MD5:26E4A101A2751E3D6D244E8D14326C33
                        SHA1:D8573AB4DD24D84E5D517F8E56F7F29DE3E98F04
                        SHA-256:07FCF14B177285A926509F6A1429B4396769C4FC2AD4C7F6BAF2E516BF4E6A60
                        SHA-512:8F4E20E70A1C63E4EB2800C53AF5B488AF88B9B0D01B6FFBFEE6AD94C3625FE9D7B13561BAB6B2E310782716D0E81C1F89E0A291F4A0769608B93AA34805E17A
                        Malicious:false
                        Reputation:low
                        Preview:2024/09/27-05:06:50.081 1a94 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/09/27-05:06:50.082 1a94 Recovering log #3.2024/09/27-05:06:50.083 1a94 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):336
                        Entropy (8bit):5.205277584397921
                        Encrypted:false
                        SSDEEP:6:PEsk0q2Pwkn2nKuAl9Ombzo2jMGIFUt82EskjEZZmw+2EskjEgFkwOwkn2nKuAlx:PEovYfHAa8uFUt82EnEZ/+2EkgF5JfHA
                        MD5:26E4A101A2751E3D6D244E8D14326C33
                        SHA1:D8573AB4DD24D84E5D517F8E56F7F29DE3E98F04
                        SHA-256:07FCF14B177285A926509F6A1429B4396769C4FC2AD4C7F6BAF2E516BF4E6A60
                        SHA-512:8F4E20E70A1C63E4EB2800C53AF5B488AF88B9B0D01B6FFBFEE6AD94C3625FE9D7B13561BAB6B2E310782716D0E81C1F89E0A291F4A0769608B93AA34805E17A
                        Malicious:false
                        Reputation:low
                        Preview:2024/09/27-05:06:50.081 1a94 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/09/27-05:06:50.082 1a94 Recovering log #3.2024/09/27-05:06:50.083 1a94 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):475
                        Entropy (8bit):4.972225950634431
                        Encrypted:false
                        SSDEEP:12:YH/um3RA8sqzvWsBdOg2H7Acaq3QYiubInP7E4T3y:Y2sRds4zdMHf3QYhbG7nby
                        MD5:6F7C6C69C41319AC65D7F84051321567
                        SHA1:7DF8FBE3AFA4137A04493CB35799A4DD4CF3B818
                        SHA-256:FEE79CBBD5BE175A04101E30D6A775D87BF51F2A1769674441063081DF9D14C1
                        SHA-512:B1A02046A46C407A0A653CA812771CCBA2780CAC2E93D5338F6479CA07B350228FF34D775EA63B53C1A4FDAB0FF3F2009A147FA5C9179BF831A3F0A718DF7910
                        Malicious:false
                        Reputation:low
                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371988022510367","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":132846},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\af2bccc6-5ad1-4e98-b292-4a4596955b6a.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:JSON data
                        Category:modified
                        Size (bytes):475
                        Entropy (8bit):4.972225950634431
                        Encrypted:false
                        SSDEEP:12:YH/um3RA8sqzvWsBdOg2H7Acaq3QYiubInP7E4T3y:Y2sRds4zdMHf3QYhbG7nby
                        MD5:6F7C6C69C41319AC65D7F84051321567
                        SHA1:7DF8FBE3AFA4137A04493CB35799A4DD4CF3B818
                        SHA-256:FEE79CBBD5BE175A04101E30D6A775D87BF51F2A1769674441063081DF9D14C1
                        SHA-512:B1A02046A46C407A0A653CA812771CCBA2780CAC2E93D5338F6479CA07B350228FF34D775EA63B53C1A4FDAB0FF3F2009A147FA5C9179BF831A3F0A718DF7910
                        Malicious:false
                        Reputation:low
                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371988022510367","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":132846},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):4730
                        Entropy (8bit):5.258562560702671
                        Encrypted:false
                        SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7cDe+mnTDkCArD8mZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goo
                        MD5:6D75F5D5ED585823DDA1C22E28CF7E08
                        SHA1:0CC5D7D9DEDAB9AE83305B819F48328D038449B0
                        SHA-256:6EC2F2792BA1366F46644F6BAB7A252CC55914D5E795A03CF226117AB6436FE1
                        SHA-512:689F5E05FBD228A3BBA69E0621E50FE18F33B7828074B73B13B12ED4A2AF98BB9EEE80F15AF1867D306C7F23D6A31AADEA70CF98F42D6A555478661F9992A194
                        Malicious:false
                        Reputation:low
                        Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):324
                        Entropy (8bit):5.215622474127717
                        Encrypted:false
                        SSDEEP:6:PEskpxq2Pwkn2nKuAl9OmbzNMxIFUt82Esk09Zmw+2EskiojzkwOwkn2nKuAl9Ob:PEbvYfHAa8jFUt82Ew9/+2E9P5JfHAab
                        MD5:243C99D85FED5552E108BFF1F0C3A00F
                        SHA1:79CBB49A0052B9706DFB90C63FA609D00EAAB647
                        SHA-256:DEDD80F59A00EE0D7C398D59B77524EE8358A06D6E4FD61E905C6A23D79A837C
                        SHA-512:2FF1E1C18461FA2845477D688477588CA4571769487952FD1F6FBA3D7BAF29BE927FC0FDB76E3FF4114D5EE11660B83A166AD8A6237D4D547B6CABAF219CC685
                        Malicious:false
                        Reputation:low
                        Preview:2024/09/27-05:06:50.314 1a94 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/09/27-05:06:50.316 1a94 Recovering log #3.2024/09/27-05:06:50.317 1a94 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):324
                        Entropy (8bit):5.215622474127717
                        Encrypted:false
                        SSDEEP:6:PEskpxq2Pwkn2nKuAl9OmbzNMxIFUt82Esk09Zmw+2EskiojzkwOwkn2nKuAl9Ob:PEbvYfHAa8jFUt82Ew9/+2E9P5JfHAab
                        MD5:243C99D85FED5552E108BFF1F0C3A00F
                        SHA1:79CBB49A0052B9706DFB90C63FA609D00EAAB647
                        SHA-256:DEDD80F59A00EE0D7C398D59B77524EE8358A06D6E4FD61E905C6A23D79A837C
                        SHA-512:2FF1E1C18461FA2845477D688477588CA4571769487952FD1F6FBA3D7BAF29BE927FC0FDB76E3FF4114D5EE11660B83A166AD8A6237D4D547B6CABAF219CC685
                        Malicious:false
                        Preview:2024/09/27-05:06:50.314 1a94 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/09/27-05:06:50.316 1a94 Recovering log #3.2024/09/27-05:06:50.317 1a94 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240927090654Z-153.bmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                        Category:dropped
                        Size (bytes):65110
                        Entropy (8bit):3.523084141976745
                        Encrypted:false
                        SSDEEP:768:gHmjghKF8Zf0xF9z/s3IAHNKuJu9QcuGxQy6Ow6:q8MKF8Gxf43IwKuJyQcixOw6
                        MD5:A33CFEAC332D8A5E2CEBCF1E08596240
                        SHA1:61AABB910157FF9306CDE7BF7B54E51CA8C17815
                        SHA-256:4C6D58E2329DB46E91521B41075EFA33912D49CB2E8DD118A8D24F264B73335E
                        SHA-512:5CDC036718EA4B8525607BCCA146357DB888F566E55DFAE3BFCBCDC29861EA5CED0B1ED8FB28408768F15BFA4D853B922013664BE84D7821150279AA66C62225
                        Malicious:false
                        Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                        Category:dropped
                        Size (bytes):86016
                        Entropy (8bit):4.44472060524489
                        Encrypted:false
                        SSDEEP:384:yezci5t+iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rRs3OazzU89UTTgUL
                        MD5:C7E792DFCDA42A91252ECF24E13A8F4F
                        SHA1:F99E67D1F9E283301894C9A9AEFB3E960B8E7DF0
                        SHA-256:F21DA543D7F9167649C7F10A094AABF885F96F7DCD5BE339A7B9AD7302361ED0
                        SHA-512:EDFBD98CB5077EA2F4B371EC7B37761E4892E26C9139756E121410111E6D07BB0AF3876ABD70B42BFA95FD0A6B357D3686D7716CCFF669FC8D37956106D945E3
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite Rollback Journal
                        Category:dropped
                        Size (bytes):8720
                        Entropy (8bit):3.774047271212034
                        Encrypted:false
                        SSDEEP:48:7Mhip/E2ioyV3ioy9oWoy1Cwoy17KOioy1noy1AYoy1Wioy1hioybioyroy1noyZ:7zpju3FSXKQ2Qxb9IVXEBodRBkQ
                        MD5:835B1AA2F8865FA40758CF9678310C00
                        SHA1:B15E79C83898B59C4713E6709C9F770ADDD89EC5
                        SHA-256:C14B2326A3AB4A5A7177E064E9D31D3AA649C4E3EFD7F9522C5B8A768D83309F
                        SHA-512:D34A07903EAE8C885108F2883D0E73B52B47F06EBE665B5C632CC4788720DFEFDB92FF7C088BA446659713DB9C2C6050735BBBABA6F7CF592CD4165CCF95FAFC
                        Malicious:false
                        Preview:.... .c.......I................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:Certificate, Version=3
                        Category:dropped
                        Size (bytes):1391
                        Entropy (8bit):7.705940075877404
                        Encrypted:false
                        SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                        MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                        SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                        SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                        SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                        Malicious:false
                        Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):192
                        Entropy (8bit):2.727684695701949
                        Encrypted:false
                        SSDEEP:3:kkFkldnt1pl/tfllXlE/HT8k3zvNNX8RolJuRdxLlGB9lQRYwpDdt:kKS1L/eT8YzVNMa8RdWBwRd
                        MD5:492B0801836AA87A521A0CFB9B9E4D50
                        SHA1:33F9CF77803B6C5FD27B524C748329679EC561B6
                        SHA-256:854835291760D1B3E6D4E22B8B8620F2B4393A06023CEE091273089D1FEA6EFD
                        SHA-512:338CD7738F47A8AC7FC2FB8ED6D45598B579E7D8F58FB7209F8DE29FEFA819321B58F1655DFA96D7AB9B215A56B7D93F6DBBD571E3B2F32185DB8B22D56B2366
                        Malicious:false
                        Preview:p...... ................(....................................................... ..........W.....j..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7104

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:PostScript document text
                        Category:dropped
                        Size (bytes):185099
                        Entropy (8bit):5.182478651346149
                        Encrypted:false
                        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                        MD5:94185C5850C26B3C6FC24ABC385CDA58
                        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                        Malicious:false
                        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:PostScript document text
                        Category:dropped
                        Size (bytes):185099
                        Entropy (8bit):5.182478651346149
                        Encrypted:false
                        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                        MD5:94185C5850C26B3C6FC24ABC385CDA58
                        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                        Malicious:false
                        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):243196
                        Entropy (8bit):3.3450692389394283
                        Encrypted:false
                        SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
                        MD5:F5567C4FF4AB049B696D3BE0DD72A793
                        SHA1:EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
                        SHA-256:D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
                        SHA-512:E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
                        Malicious:false
                        Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):295
                        Entropy (8bit):5.361253781411831
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXuTygYUVoZcg1vRcR0YX9DoAvJM3g98kUwPeUkwRe9:YvXKXuTyTVZc0vOqGMbLUkee9
                        MD5:30BA22E9A658CDB9627FFBD70400AC62
                        SHA1:68A61AD6D5CDE7F304346A5A081BAF198E01D294
                        SHA-256:9FB004151D5E60259BCF4CC3AECBA11F644B39DE5ED8FE07E2E3524B7770F8C7
                        SHA-512:A72833013E8C186C061D762829A448938B78B2650055F788760DEDCB2821596D9FB5137C447017A1606454C4D5D1603C7EEF101F5ADCA20BA160E13845D5BA3E
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"b0f8e394-171e-4e27-80ec-427fdf03cd52","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727606590847,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):294
                        Entropy (8bit):5.30746044907956
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXuTygYUVoZcg1vRcR0YX9DoAvJfBoTfXpnrPeUkwRe9:YvXKXuTyTVZc0vOqGWTfXcUkee9
                        MD5:8398530248B9298DC73F7AF4F843D524
                        SHA1:F273B33C6560D1FDD4C7B14F6BE4518646FD4ECF
                        SHA-256:F147143B106E8EB55A37D17256A3D84983B5EB40A67E38A469F88726EBFC6844
                        SHA-512:41CA814CDF6272F5E9AEDA3BD2FB345B19AB525695D67F3F573F15E8267D6A6850587E3E3C5AF5CBC7AE42F044C90359E26C77ACC38579AD3B1047A4D70512D9
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"b0f8e394-171e-4e27-80ec-427fdf03cd52","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727606590847,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):294
                        Entropy (8bit):5.286539913284521
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXuTygYUVoZcg1vRcR0YX9DoAvJfBD2G6UpnrPeUkwRe9:YvXKXuTyTVZc0vOqGR22cUkee9
                        MD5:6DFEA0D28B2E2AD63BFD90D0FDE0D3D9
                        SHA1:4C7183D5AC041505C11302759DE9DAFFD8DEA193
                        SHA-256:4B5DC8366756BCF3A596623804221F4AE321A00455D59D3312F2310FBF5F37F9
                        SHA-512:4FDABF2DA6CF13CE8DA9FB7B57B01F46A83BEA350238E913F8E8A10F71B9A90A1AC9B65CC4D3AF3799C2021F32FEE213D5A368DFA08CC217D8407EF6D51947D9
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"b0f8e394-171e-4e27-80ec-427fdf03cd52","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727606590847,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):285
                        Entropy (8bit):5.3481902663822405
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXuTygYUVoZcg1vRcR0YX9DoAvJfPmwrPeUkwRe9:YvXKXuTyTVZc0vOqGH56Ukee9
                        MD5:2A93FCCAFBC5A7E1A52C38077158C63D
                        SHA1:332BD431FECD55A45B6591070C41AD2921F0906C
                        SHA-256:874C258030420535033B00A3C1D380E05B975CA7CF400A58781353CDE1982503
                        SHA-512:67C75DF7EA0B933DDF2D05598D261996DBCC7846023C57CC30D3170CF9D70DF7A43B0C8088549D602372DEE9860DD12F949132ABA89E5DB62E59F2C519678E53
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"b0f8e394-171e-4e27-80ec-427fdf03cd52","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727606590847,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1063
                        Entropy (8bit):5.664089933423719
                        Encrypted:false
                        SSDEEP:24:Yv6XjVzvmpLgEFqciGennl0RCmK8czOCY4w2CF:YvaOhgLtaAh8cvYv1F
                        MD5:C7BC660B287E8B349A4E7897856B0A13
                        SHA1:D2003CE0C7275CF1B9604C83E27B058F266C8B6B
                        SHA-256:544B10114495A646E4A28A7EE3A7DD7F10ED4234971C2B2AE76FF55CD6BB6CB3
                        SHA-512:3EBA3BA896F9202D6EEE206B505CD4F2CD15C2AFAD0587ED85C7C24A7B8C70EE2DA458183C0BBE02A0A236295EB55EC9C3C3ABF05C0445F344147A5C8A50DD0E
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"b0f8e394-171e-4e27-80ec-427fdf03cd52","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727606590847,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1050
                        Entropy (8bit):5.655600667977356
                        Encrypted:false
                        SSDEEP:24:Yv6XjVzvQVLgEF0c7sbnl0RCmK8czOCYHflEpwiVCF:YvaYFg6sGAh8cvYHWpwfF
                        MD5:D370576A678E3DFEE3B9C29976D9276B
                        SHA1:BA4C28E032E40CA7A29C0847275B6C3E6582AFDC
                        SHA-256:5BA74E31CF83DCB67285259407F88DE211AACD5B25972914BCD6CAFFB6471B01
                        SHA-512:AB14A04AC5D00817750D5F1EB5F91BD2B2262640CBC5238C03C7F20F70666C3F9E40EE9CA08A9F0EB9EB5261A718D7D0BDC400C87106ECE4820F4A235CD2A546
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"b0f8e394-171e-4e27-80ec-427fdf03cd52","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727606590847,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):292
                        Entropy (8bit):5.296274677618165
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXuTygYUVoZcg1vRcR0YX9DoAvJfQ1rPeUkwRe9:YvXKXuTyTVZc0vOqGY16Ukee9
                        MD5:AE7F273A8B7F51E042C5DFCB0672FB89
                        SHA1:A40EFCB615A9011B788AEB1B8D76B46997517A84
                        SHA-256:335A9DAFDE908171FDF5E92D78BC5070D9B5222CDD1008F91C2ECDC195817F06
                        SHA-512:616353061AB1F4BFAE702E6AE8B47553E4BF9D40F88EBAE68AAFA7CB607ADACFBFE862B2953C2DD4CBDB39C0774165650149042909AEA2B09B82C3C77E4397D2
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"b0f8e394-171e-4e27-80ec-427fdf03cd52","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727606590847,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1038
                        Entropy (8bit):5.646827886511124
                        Encrypted:false
                        SSDEEP:24:Yv6XjVzv12LgEF7cciAXs0nl0RCmK8czOCAPtciBCF:Yvadogc8hAh8cvA0F
                        MD5:8F4AD8311BE60CAE4388B99701C3DF51
                        SHA1:59508D6DC4B0902BB38DE0FDCDD05C23E2BEA5AB
                        SHA-256:33FFE67F9039E4853A134BC112C6F0418142AFCB833D3D2A0F82B0B0C553A10A
                        SHA-512:75A6CC5F4474DC6938692E10CED12E0107301DD9A295EBD4FE2F799A9C8C44917B84395A29FA9AA67F65734F3B7CE4601F55E35407389FF548C5358EB4C395F0
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"b0f8e394-171e-4e27-80ec-427fdf03cd52","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727606590847,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1164
                        Entropy (8bit):5.699631391178184
                        Encrypted:false
                        SSDEEP:24:Yv6XjVzvdKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5CF:Yva1EgqprtrS5OZjSlwTmAfSKIF
                        MD5:95DB1215076E67CD8C42C9EBA9F32D3E
                        SHA1:5CB6878F34FBDB1791E316267E715E4FB7FB16EF
                        SHA-256:B04DFEEED422167A48FBCE58EF6D25B411C141457B39A837D081D972D2C1D0B9
                        SHA-512:B662F42A8AB436828721F490BE7FAD2FE91CCBDC8AE40F3E91BFCA1B3336C7EEAB80D62A7B70BB73F620D02B6285269E43B1DA912F50B1B7616792E5A9A26034
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"b0f8e394-171e-4e27-80ec-427fdf03cd52","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727606590847,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):289
                        Entropy (8bit):5.29923081422381
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXuTygYUVoZcg1vRcR0YX9DoAvJfYdPeUkwRe9:YvXKXuTyTVZc0vOqGg8Ukee9
                        MD5:299B92C1C9791E68A331BC278B934722
                        SHA1:0BBF67E1C647D31081BC0F783FD449D0E513A0F1
                        SHA-256:5EF112DAB580205590B727A127E168D98410EAE64C77266177143C8FDBEA3588
                        SHA-512:3B183F5B45954685DEC8C684DAC77B59869DA0DBDFA9AE9090ED772123C28EB9D2353F4E01CCAB62E252A472EF35A7A42C892A36BF95BF03713484B715FAC896
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"b0f8e394-171e-4e27-80ec-427fdf03cd52","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727606590847,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1395
                        Entropy (8bit):5.7788097195240375
                        Encrypted:false
                        SSDEEP:24:Yv6XjVzvgrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNqF:YvaoHgDv3W2aYQfgB5OUupHrQ9FJIF
                        MD5:8949D762C53C66B5D367771FA08C4DB2
                        SHA1:72AAAF88FCD74E9EB0DFA5A5C14DE4FF9522FA9A
                        SHA-256:0EA9E0C6832B27B1319B28884F71B6BACF088891CA902C237D14B6191B1F4B1A
                        SHA-512:593AE486C61C4FB01D6D1CB779A5B793FD091FFBB970E70237B724C3C654A739D1C9D41CA3E22C57BB0963640F045B54021039269F9250FBCEE58276EB249BF4
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"b0f8e394-171e-4e27-80ec-427fdf03cd52","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727606590847,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):291
                        Entropy (8bit):5.282783198397853
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXuTygYUVoZcg1vRcR0YX9DoAvJfbPtdPeUkwRe9:YvXKXuTyTVZc0vOqGDV8Ukee9
                        MD5:E6ECD28368140A351BDC5F2FE67C6765
                        SHA1:DB1FAD719470E74B3596540DDF285BC4B4D24092
                        SHA-256:2E314822E7223E8BF3C1C75E7FB89B229FB46F2D4DC90C60AB899722571C28E5
                        SHA-512:3501B009EBF8B3E2636B9385032D4A935924B12C7F46DD555964DD20631A28C6B968597595F287B3DF34BB20E0AB083AEF31FD2E9B91FFBC1066989F5954477C
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"b0f8e394-171e-4e27-80ec-427fdf03cd52","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727606590847,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):287
                        Entropy (8bit):5.286774254263909
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXuTygYUVoZcg1vRcR0YX9DoAvJf21rPeUkwRe9:YvXKXuTyTVZc0vOqG+16Ukee9
                        MD5:47609E049C87BA0EA9E8952A79FC3DA4
                        SHA1:E1008644CE7B863F58853E76A9432E7E96DE19BB
                        SHA-256:12304F27ED652DCD8ADBE713B8779CBEDB7597ADE22D30E6DB84E0846C234DC5
                        SHA-512:4ADD450889C2BC49B9949FCD1AEB7F3357E463E904824641F9433B98FD835C245DEFFAED901FBB76FA8207EA2499F054D1929ADC2ACBED965875225AA94C1A64
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"b0f8e394-171e-4e27-80ec-427fdf03cd52","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727606590847,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1058
                        Entropy (8bit):5.65396377860096
                        Encrypted:false
                        SSDEEP:24:Yv6XjVzv6amXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BCF:YvasBguOAh8cv+NKNF
                        MD5:7C9AEFF4AAC90A38DDEA4C6EC99B7BBB
                        SHA1:C54019C8ACC970CE55B3BE57328A773BD7ECA095
                        SHA-256:E0E83B6AC16239D6C659EC54DC1A382CF6E10CB30844957EC259178BD1731EF7
                        SHA-512:10D8A226F100F0D9A553AC2AA875747C736C8061B52CAB8AD18CBEA97B2FEA0547BFAAB491E85FD58EE8ADF28FAA0367D0BFE9EB6018CBC447AC6505EFF7A97F
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"b0f8e394-171e-4e27-80ec-427fdf03cd52","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727606590847,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):286
                        Entropy (8bit):5.263608647088845
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXuTygYUVoZcg1vRcR0YX9DoAvJfshHHrPeUkwRe9:YvXKXuTyTVZc0vOqGUUUkee9
                        MD5:F157C27083D2D7F84D5CAAD0C5B4FD78
                        SHA1:9392188BACD8FB3FD609CBCE4EBDAE52BC469797
                        SHA-256:CEE600185C40D766BE0664246ED286F8D4548861977F364FE393565308F05C79
                        SHA-512:29938277B20D18F50B0078DB1236E5A139428A1298BFA02AC8DED2D56842FFAC11EE430AECF98932FE3E3CCA6F2491BDBCCFADE1C8517DB4F5CE19B2443A16B0
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"b0f8e394-171e-4e27-80ec-427fdf03cd52","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727606590847,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):782
                        Entropy (8bit):5.365304166815584
                        Encrypted:false
                        SSDEEP:12:YvXKXuTyTVZc0vOqGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWmF:Yv6XjVzvN168CgEXX5kcIfANhfF
                        MD5:361AFA21D73DF082F232F44D49BCA8C6
                        SHA1:E91C0F36A31B2C51BABC6769B3CFB77F7EBC94DE
                        SHA-256:C030DF9315D992C6EC3FB6FE38A598B0BD618651E22E84F6CFD2279BAED0AFC4
                        SHA-512:EDB77B837C98A55918DF26777518413848BD4351BA1D129FC16D2D96948F2F408DFA7ADB09E6746DC16CF2607E8695F20ABBE0DC339802D0B7D76842F229598C
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"b0f8e394-171e-4e27-80ec-427fdf03cd52","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1727606590847,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1727428015877}}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):4
                        Entropy (8bit):0.8112781244591328
                        Encrypted:false
                        SSDEEP:3:e:e
                        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                        Malicious:false
                        Preview:....

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):2818
                        Entropy (8bit):5.138333840892529
                        Encrypted:false
                        SSDEEP:24:YpyEP3UOaaayM4TS5RcWKZCBs6LfyxDWeEEP81BZfTMHjoNj0SaHqeh/1a2C2LSw:YpJJuCdRIcDWdMg6o9ehQH4Bvrlh94e
                        MD5:734D093F20BAE8A2E740475ED9B9170D
                        SHA1:076DDCD01DF46A1068A692686B38213B31C51BAB
                        SHA-256:2B7B61F6B1F3AA07B724C9105DA9EB5F70A19F887120191C5386CA925949347F
                        SHA-512:2FA6F3C4CFE2ABC11226D5ED3F283E2DF9F532B0B0609BBB52CDD14BAA5E6FF8513627D68E25411109468EBE6185667F5296A23517AC95C1D4752D47CEB8433E
                        Malicious:false
                        Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"68e8d9579bf21aad8143b4af1b07d1a7","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1727428015000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"b835fd1a94aa886e8cb909856fc37de4","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1727428015000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"bb247e6002d686e08e5002ab1b6a0cb4","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1727428015000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"5aed848fb8e6901736c793ebbb62315a","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1727428015000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"1bbe114a690587d39d1bf6c803424975","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1727428015000},{"id":"Edit_InApp_Aug2020","info":{"dg":"d50569407c21d4d4cafd663df0926306","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                        Category:dropped
                        Size (bytes):12288
                        Entropy (8bit):1.187041591212825
                        Encrypted:false
                        SSDEEP:48:TGufl2GL7msEHUUUUUUUU70SvR9H9vxFGiDIAEkGVvpna:lNVmswUUUUUUUU70+FGSIt7a
                        MD5:85638C9126F9B49045205046E90517BD
                        SHA1:0E9E2C0E79FCA42007B3CCD1B463F31A44C95737
                        SHA-256:63652DB930B2B4731690294C5CF19D02DD03780DE6ED12FAD34C203A51DC6035
                        SHA-512:E7193C96A13EEDB64B9BAA9028D6582D3396C7313DEBF8B95F5095CE513B93520B48B0CCDD146314AECBCF6A620AB40D46CA89C861E950D1FDC1409346FA691F
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite Rollback Journal
                        Category:dropped
                        Size (bytes):8720
                        Entropy (8bit):1.6073373049270505
                        Encrypted:false
                        SSDEEP:48:7MPKUUUUUUUUUU7WvR9H9vxFGiDIAEkGVvDqFl2GL7mse:71UUUUUUUUUU7aFGSItxKVmse
                        MD5:F22DEC7A39356BAF6DDCE31F066E4FD0
                        SHA1:3110A14341B57A8EAD5262C11985E25CFBF2315C
                        SHA-256:9BA30008E2270846F23B0CBCF360ED3E9479430D7DFEA167C24B9EE267E88C1F
                        SHA-512:5B9441D07F4829886D3D0C3A6557405F2112F4D721F74A438CBCCF723283E8C29354CB24EFC7C3E2A55FD80B532361D936F38F9465D82FD9404B0472FDED61F8
                        Malicious:false
                        Preview:.... .c...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\MSIc075e.LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):246
                        Entropy (8bit):3.5421404787358357
                        Encrypted:false
                        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8ofPpw:Qw946cPbiOxDlbYnuRKRxw
                        MD5:25A1C31CF582EF731F756D4812B5084D
                        SHA1:209472739EAB4DA5A91421AD8353658237C46E96
                        SHA-256:A63BBD9C57EBA80F12B25C7C333611F5816ADCEE19CDD56FA8B77A1D77555C3A
                        SHA-512:895BB497EE10A0035783F5564673D3CC57214243814D36A69D6110C205B70BBE465FC3D16CF13B224FE94354EE26F19CACAB196CFA495BC8C162239DAA1BBC02
                        Malicious:false
                        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.7./.0.9./.2.0.2.4. . .0.5.:.0.6.:.5.8. .=.=.=.....

                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-27 05-06-52-218.log

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with very long lines (393)
                        Category:dropped
                        Size (bytes):16525
                        Entropy (8bit):5.345946398610936
                        Encrypted:false
                        SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                        MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                        SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                        SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                        SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                        Malicious:false
                        Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with very long lines (393), with CRLF line terminators
                        Category:dropped
                        Size (bytes):15114
                        Entropy (8bit):5.340996968234535
                        Encrypted:false
                        SSDEEP:384:SqJGfGuGnGVGwGbNFoFXFBFYFqQN9DY9E9kcOcSHoHc6f6L6y6t6fHXfKzKdKphx:Fl3
                        MD5:5DE26D0F7FD677AB527C3164FB19B5E9
                        SHA1:39062AF78BBDFF2394654D3839E54912A9242C6E
                        SHA-256:A9EE01C07818EC4B80EFBBE29A96505BA12C0ABFC74713B06330DD419105D753
                        SHA-512:86B58899144D805C4AF5C844EEDF62C12C10FD3414435ECFDBBAB06A3E77B6FF1C4CAE8F293BEFC00800AA0F20A108C33C1FD6B44B1331A7A021DF3968745053
                        Malicious:false
                        Preview:SessionID=c4412ef4-9ff5-42ad-9f81-4c19e0c68e88.1727428012233 Timestamp=2024-09-27T05:06:52:233-0400 ThreadID=7584 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=c4412ef4-9ff5-42ad-9f81-4c19e0c68e88.1727428012233 Timestamp=2024-09-27T05:06:52:237-0400 ThreadID=7584 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=c4412ef4-9ff5-42ad-9f81-4c19e0c68e88.1727428012233 Timestamp=2024-09-27T05:06:52:237-0400 ThreadID=7584 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=c4412ef4-9ff5-42ad-9f81-4c19e0c68e88.1727428012233 Timestamp=2024-09-27T05:06:52:237-0400 ThreadID=7584 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=c4412ef4-9ff5-42ad-9f81-4c19e0c68e88.1727428012233 Timestamp=2024-09-27T05:06:52:237-0400 ThreadID=7584 Component=ngl-lib_NglAppLib Description="SetConf

                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):29752
                        Entropy (8bit):5.396194239799176
                        Encrypted:false
                        SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rX:j
                        MD5:5101A7394D9266FBC5C6482EB1F6D9C9
                        SHA1:829F6EEAEE7C3DA3022A6F8D36732513C7DE08E6
                        SHA-256:FE318C5E579A320296D20173E21B7A8D319073AB451E6D32845B3DCD6281BD81
                        SHA-512:0F7EF8ACDF3B05CC415824B06F358A38CD139A7D4A1BFA05224D12ADFAA2B24BE10FF7A13D8FBB5BDE95F2D8ED87B44D53690EBD8BAE9017C5A4519257CFE0C3
                        Malicious:false
                        Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                        C:\Users\user\AppData\Local\Temp\acrocef_low\3c75c4dc-38b0-4b09-8cb9-9a898c12b2b2.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                        Category:dropped
                        Size (bytes):758601
                        Entropy (8bit):7.98639316555857
                        Encrypted:false
                        SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                        MD5:3A49135134665364308390AC398006F1
                        SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                        SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                        SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                        Malicious:false
                        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                        C:\Users\user\AppData\Local\Temp\acrocef_low\445b266d-31d4-44d5-bc65-19149401b2e2.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                        Category:dropped
                        Size (bytes):386528
                        Entropy (8bit):7.9736851559892425
                        Encrypted:false
                        SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                        MD5:5C48B0AD2FEF800949466AE872E1F1E2
                        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                        Malicious:false
                        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                        C:\Users\user\AppData\Local\Temp\acrocef_low\458b9913-de60-42a6-a056-cf52791db169.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                        Category:dropped
                        Size (bytes):1419751
                        Entropy (8bit):7.976496077007677
                        Encrypted:false
                        SSDEEP:24576:/xA7ouWLgGZtwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVuWLgGZtwZGk3mlind9i4ufFXpAXkru
                        MD5:A8E5C37206C98D1B655FF994A420FFB6
                        SHA1:827237782AB5971EC205C3BCECCC7950BE9F84C3
                        SHA-256:F1F755059AF7C2CBC36920337941AEFB18FBDB3CD14D3239CBBBCF0CB8F208EA
                        SHA-512:12DE33EB7624458AEC44D83D4E2C09E626F8E54E177FC0C26EEBA232935F34FAAAEB71FBB025EB7C53BEA9933C46ADCE759C32516D1B80C03B6734C61D61CEB2
                        Malicious:false
                        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                        C:\Users\user\AppData\Local\Temp\acrocef_low\88e84910-0dea-47cf-b26a-9f9793d87999.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                        Category:dropped
                        Size (bytes):1407294
                        Entropy (8bit):7.97605879016224
                        Encrypted:false
                        SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                        MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                        SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                        SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                        SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                        Malicious:false
                        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                        Static File Info

                        General

                        File type:PDF document, version 1.4, 1 pages
                        Entropy (8bit):7.759946493106042
                        TrID:
                        • Adobe Portable Document Format (5005/1) 100.00%
                        File name:20240927102105.pdf
                        File size:223'164 bytes
                        MD5:d9a3a230b5e4c8d5712abc0b1bcd3287
                        SHA1:b1878a18271a71ed9eae127069731536f184f15e
                        SHA256:d14b6f0341d5073b29abd846a8dbac6ed60e64a6103677835e9491390a13ace4
                        SHA512:a5dd5467341366eefbef6252648458eb379cbfe13b014b99e7d2d6d4ec80f0054e7ea0161b429e7991f3ded9d72b8ae137da1ab9732c4ef78ad2cce3c11481bc
                        SSDEEP:6144:FV6XoFtj8PyyKfSpqwr9DYKGHJfIdwPuTV/2rNqOb+:FF6K6pqiEJfywPuTl2Ia+
                        TLSH:0724124218DBC748ECAF341D4A7DBA2D480FB084F6CAF672B8794A6FDD443069550AE7
                        File Content Preview:%PDF-1.4.%......1 0 obj.<< ./Type /Catalog ./Pages 2 0 R ./OutputIntents 10 0 R ./Metadata 11 0 R .>> .endobj.3 0 obj.<< ./Type /Page ./MediaBox [ 0 0 595.2 841.67999 ] ./CropBox [ 0 0 595.2 841.67999 ] ./Parent 2 0 R ./Rotate 0 ./Resources << /ProcSet [

                        File Icon

                        Icon Hash:62cc8caeb29e8ae0

                        Static PDF Info

                        General

                        Header:%PDF-1.4
                        Total Entropy:7.759946
                        Total Bytes:223164
                        Stream Entropy:7.759162
                        Stream Bytes:221405
                        Entropy outside Streams:5.073143
                        Bytes outside Streams:1759
                        Number of EOF found:1
                        Bytes after EOF:

                        Keywords Statistics

                        NameCount
                        obj11
                        endobj11
                        stream4
                        endstream4
                        xref1
                        trailer1
                        startxref1
                        /Page1
                        /Encrypt0
                        /ObjStm0
                        /URI0
                        /JS0
                        /JavaScript0
                        /AA0
                        /OpenAction0
                        /AcroForm0
                        /JBIG2Decode0
                        /RichMedia0
                        /Launch0
                        /EmbeddedFile0

                        Network Behavior

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Sep 27, 2024 11:07:03.149450064 CEST49748443192.168.2.423.41.168.139
                        Sep 27, 2024 11:07:03.149497986 CEST4434974823.41.168.139192.168.2.4
                        Sep 27, 2024 11:07:03.149590015 CEST49748443192.168.2.423.41.168.139
                        Sep 27, 2024 11:07:03.149785995 CEST49748443192.168.2.423.41.168.139
                        Sep 27, 2024 11:07:03.149802923 CEST4434974823.41.168.139192.168.2.4
                        Sep 27, 2024 11:07:03.725883007 CEST4434974823.41.168.139192.168.2.4
                        Sep 27, 2024 11:07:03.726222992 CEST49748443192.168.2.423.41.168.139
                        Sep 27, 2024 11:07:03.726241112 CEST4434974823.41.168.139192.168.2.4
                        Sep 27, 2024 11:07:03.727341890 CEST4434974823.41.168.139192.168.2.4
                        Sep 27, 2024 11:07:03.727405071 CEST49748443192.168.2.423.41.168.139
                        Sep 27, 2024 11:07:03.777858019 CEST49748443192.168.2.423.41.168.139
                        Sep 27, 2024 11:07:03.778060913 CEST4434974823.41.168.139192.168.2.4
                        Sep 27, 2024 11:07:03.778125048 CEST49748443192.168.2.423.41.168.139
                        Sep 27, 2024 11:07:03.819403887 CEST4434974823.41.168.139192.168.2.4
                        Sep 27, 2024 11:07:03.828665018 CEST49748443192.168.2.423.41.168.139
                        Sep 27, 2024 11:07:03.828685045 CEST4434974823.41.168.139192.168.2.4
                        Sep 27, 2024 11:07:03.875508070 CEST49748443192.168.2.423.41.168.139
                        Sep 27, 2024 11:07:03.878211021 CEST4434974823.41.168.139192.168.2.4
                        Sep 27, 2024 11:07:03.878308058 CEST4434974823.41.168.139192.168.2.4
                        Sep 27, 2024 11:07:03.878365040 CEST49748443192.168.2.423.41.168.139
                        Sep 27, 2024 11:07:03.878897905 CEST49748443192.168.2.423.41.168.139
                        Sep 27, 2024 11:07:03.878918886 CEST4434974823.41.168.139192.168.2.4

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Sep 27, 2024 11:07:02.737267971 CEST5156153192.168.2.41.1.1.1
                        Sep 27, 2024 11:07:18.775667906 CEST4916753192.168.2.41.1.1.1

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Sep 27, 2024 11:07:02.737267971 CEST192.168.2.41.1.1.10x1010Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                        Sep 27, 2024 11:07:18.775667906 CEST192.168.2.41.1.1.10xf0c1Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Sep 27, 2024 11:07:02.744801998 CEST1.1.1.1192.168.2.40x1010No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                        Sep 27, 2024 11:07:18.784584045 CEST1.1.1.1192.168.2.40xf0c1No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

                        HTTP Request Dependency Graph

                        • armmf.adobe.com

                        HTTPS Proxied Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.44974823.41.168.1394436592C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        TimestampBytes transferredDirectionData
                        2024-09-27 09:07:03 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                        Host: armmf.adobe.com
                        Connection: keep-alive
                        Accept-Language: en-US,en;q=0.9
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                        Sec-Fetch-Site: same-origin
                        Sec-Fetch-Mode: no-cors
                        Sec-Fetch-Dest: empty
                        Accept-Encoding: gzip, deflate, br
                        If-None-Match: "78-5faa31cce96da"
                        If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                        2024-09-27 09:07:03 UTC198INHTTP/1.1 304 Not Modified
                        Content-Type: text/plain; charset=UTF-8
                        Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                        ETag: "78-5faa31cce96da"
                        Date: Fri, 27 Sep 2024 09:07:03 GMT
                        Connection: close


                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:05:06:49
                        Start date:27/09/2024
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\20240927102105.pdf"
                        Imagebase:0x7ff6bc1b0000
                        File size:5'641'176 bytes
                        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:1
                        Start time:05:06:49
                        Start date:27/09/2024
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                        Imagebase:0x7ff74bb60000
                        File size:3'581'912 bytes
                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:3
                        Start time:05:06:49
                        Start date:27/09/2024
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1736,i,11910158590496879408,606956546599633943,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                        Imagebase:0x7ff74bb60000
                        File size:3'581'912 bytes
                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        Disassembly

                        No disassembly