Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
uPXZIHuz.pdf

Overview

General Information

Sample name:uPXZIHuz.pdf
Analysis ID:1524321
MD5:629274c10e2539158d124e150add83e8
SHA1:2572737c016f6ef291f19e32a47d2d59b9bb036f
SHA256:c2608132fded62398f96c8cd497e21b88f6f50cc69ff03d22d7575448902ff94
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 3040 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\uPXZIHuz.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 2976 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6204 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1724 --field-trial-handle=1568,i,17717744455474703836,17105930129994550002,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.17:49711 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.17:49711 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.17:49711 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.17:49711 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.17:49711 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.17:49711 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.17:49711 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.17:49711 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.17:49711 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.17:49711 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.17:49711 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.17:49711 -> 23.203.104.175:443
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.17:49711
Source: global trafficTCP traffic: 192.168.2.17:49711 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.17:49711 -> 23.203.104.175:443
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.17:49711
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.17:49711
Source: global trafficTCP traffic: 192.168.2.17:49711 -> 23.203.104.175:443
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.17:49711
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.17:49711
Source: global trafficTCP traffic: 192.168.2.17:49711 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.17:49711 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.17:49711 -> 23.203.104.175:443
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.17:49711
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.17:49711
Source: global trafficTCP traffic: 192.168.2.17:49711 -> 23.203.104.175:443
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.17:49711
Source: global trafficTCP traffic: 192.168.2.17:49711 -> 23.203.104.175:443
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.17:49711
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.17:49711
Source: global trafficTCP traffic: 192.168.2.17:49711 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.17:49711 -> 23.203.104.175:443
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.17:49711
Source: Joe Sandbox ViewIP Address: 23.203.104.175 23.203.104.175
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: classification engineClassification label: clean2.winPDF@16/55@1/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-02 11-23-34-758.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\uPXZIHuz.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1724 --field-trial-handle=1568,i,17717744455474703836,17105930129994550002,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1724 --field-trial-handle=1568,i,17717744455474703836,17105930129994550002,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: uPXZIHuz.pdfInitial sample: PDF keyword /JS count = 0
Source: uPXZIHuz.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: uPXZIHuz.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: uPXZIHuz.pdfInitial sample: PDF keyword obj count = 56
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1524321 Sample: uPXZIHuz.pdf Startdate: 02/10/2024 Architecture: WINDOWS Score: 2 14 x1.i.lencr.org 2->14 7 Acrobat.exe 16 73 2->7         started        process3 process4 9 AcroCEF.exe 132 7->9         started        process5 11 AcroCEF.exe 4 9->11         started        dnsIp6 16 23.203.104.175, 443, 49711 AKAMAI-ASUS United States 11->16

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
    • URL Reputation: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    23.203.104.175
    		unknownUnited States
    		16625AKAMAI-ASUSfalse

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1524321
    Start date and time:2024-10-02 17:23:01 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 4m 25s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowsinteractivecookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:22
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:uPXZIHuz.pdf
    Detection:CLEAN
    Classification:clean2.winPDF@16/55@1/1
    Cookbook Comments:
    • Found application associated with file extension: .pdf

    Warnings

    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, TextInputHost.exe
    • Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.227.187.23, 52.202.204.11, 52.5.13.197, 23.22.254.206, 162.159.61.3, 172.64.41.3, 93.184.221.240, 2.19.126.143, 2.19.126.149, 2.23.197.184, 2.16.164.129, 2.16.164.120, 2.16.164.122, 2.16.164.128, 2.16.164.10, 2.16.164.115, 2.16.164.112, 2.16.164.131, 2.16.164.121, 2.16.164.66, 2.16.164.18, 2.16.164.83, 2.16.164.74, 2.16.164.51, 2.16.164.58, 2.16.164.65, 2.16.164.35, 2.16.164.80
    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, wu.azureedge.net, acroipm2.adobe.com, ocsp.digicert.com, login.live.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, www.bing.com, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, evoke-windowsservices-tas.msedge.net, geo2.adobe.com
    • Not all processes where analyzed, report is missing behavior information
    • Report size exceeded maximum capacity and may have missing behavior information.
    • VT rate limit hit for: uPXZIHuz.pdf

    Simulations

    Behavior and APIs

    TimeTypeDescription
    11:23:44API Interceptor3x Sleep call for process: AcroCEF.exe modified

    LLM Input / Output

    InputOutput
    URL: PDF document Model: jbxai
    Joe Sandbox View / Context
    IPs
    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    23.203.104.175Final_Contract_Copy-532392974.pdfGet hashmaliciousUnknownBrowse
      Hamilton Associates, PC..pdfGet hashmaliciousUnknownBrowse
        #U0631#U0648#U0632 #U0633#U06cc#U0627#U0647 #U06a9#U0627#U0631#U06af#U0631.exeGet hashmaliciousUnknownBrowse
          Inv_Doc_18#908.pdfGet hashmaliciousUnknownBrowse
            IN-ORDER.pdfGet hashmaliciousUnknownBrowse
              EXTERNALInvoice 3388 from Mazzitti  Sullivan EAP.msgGet hashmaliciousUnknownBrowse
                https://cloudsds1-my.sharepoint.com/:f:/g/personal/soumitra_cloudsds_com/Ei6OHXc0_bNHleZYwdiea4gBdHbOiJReQ2tSzcE567VwIQ?e=C01mZ0&xsdata=MDV8MDJ8ZGVzdGluLmNvbGVAeGNlbGVuZXJneS5jb218NGY4MDM5MDliNTcwNDQ5MDRmNTMwOGRjZDFkNTZmZTl8MjRiMmE1ODM1YzA1NGI2YWI0ZTk0ZTEyZGMwMDI1YWR8MHwwfDYzODYxNTk2MTg1OTEwMjA0MHxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=bUh6aFliRUZYLzNBRGdPWk1kTFd6R0o5N3pKdkxXSnNpUVptVUFXZXYwZz0%3dGet hashmaliciousHTMLPhisherBrowse
                  Employee Appraisal Egrazak Hilcorp Agreement Signature Required.pdfGet hashmaliciousUnknownBrowse
                    Payment.pdfGet hashmaliciousHTMLPhisherBrowse
                      Madisonwellsmedia546.pdfGet hashmaliciousHTMLPhisherBrowse
                        Domains
                        No context
                        ASNs
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        AKAMAI-ASUShttp://view.flodesk.com/emails/66fd2053af85c99dd55d1461Get hashmaliciousUnknownBrowse
                        • 2.19.126.198
                        file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                        • 104.102.49.254
                        test.exeGet hashmaliciousBabadedaBrowse
                        • 23.223.209.207
                        kuly.exeGet hashmaliciousLummaCBrowse
                        • 104.102.49.254
                        webNY0O9Sr.exeGet hashmaliciousLummaCBrowse
                        • 104.102.49.254
                        klFMCT64RF.exeGet hashmaliciousLummaCBrowse
                        • 104.102.49.254
                        EKAHephXb2.exeGet hashmaliciousLummaC, Go Injector, LummaC StealerBrowse
                        • 104.102.49.254
                        webNY0O9Sr.exeGet hashmaliciousLummaCBrowse
                        • 104.102.49.254
                        klFMCT64RF.exeGet hashmaliciousLummaCBrowse
                        • 104.102.49.254
                        IGAnbXyZVx.exeGet hashmaliciousLummaC, Go Injector, LummaC StealerBrowse
                        • 104.102.49.254
                        JA3 Fingerprints
                        No context
                        Dropped Files
                        No context
                        Created / dropped Files
                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):294
                        Entropy (8bit):5.116434520198066
                        Encrypted:false
                        SSDEEP:6:W6hOq2PsHO2nKuAl9OmbnIFUt8B63Zmw+B6WkwOsHO2nKuAl9OmbjLJ:WvkHVHAahFUt8O/+B51HVHAaSJ
                        MD5:2A919BFA3AFDF97FBEA9D87098BAC804
                        SHA1:657704B1EF9E6BF5DC3C750F6FD528FDEBC32DE1
                        SHA-256:E721F63330D663DB3C909123D6B28E5E626B546A32967075BE9DDAC13E008803
                        SHA-512:BD38C70F5D224E2561A006B9B314CCE114A9D7392D5B85CBBB9245522E05A1A6E0435FD87A583856863196DE57B3CE215A5556CD06CD962EC7B9AD8A9341CFFC
                        Malicious:false
                        Reputation:low
                        Preview:2024/10/02-11:23:32.813 1830 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/02-11:23:32.815 1830 Recovering log #3.2024/10/02-11:23:32.816 1830 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):294
                        Entropy (8bit):5.116434520198066
                        Encrypted:false
                        SSDEEP:6:W6hOq2PsHO2nKuAl9OmbnIFUt8B63Zmw+B6WkwOsHO2nKuAl9OmbjLJ:WvkHVHAahFUt8O/+B51HVHAaSJ
                        MD5:2A919BFA3AFDF97FBEA9D87098BAC804
                        SHA1:657704B1EF9E6BF5DC3C750F6FD528FDEBC32DE1
                        SHA-256:E721F63330D663DB3C909123D6B28E5E626B546A32967075BE9DDAC13E008803
                        SHA-512:BD38C70F5D224E2561A006B9B314CCE114A9D7392D5B85CBBB9245522E05A1A6E0435FD87A583856863196DE57B3CE215A5556CD06CD962EC7B9AD8A9341CFFC
                        Malicious:false
                        Reputation:low
                        Preview:2024/10/02-11:23:32.813 1830 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/02-11:23:32.815 1830 Recovering log #3.2024/10/02-11:23:32.816 1830 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):338
                        Entropy (8bit):5.143667399346449
                        Encrypted:false
                        SSDEEP:6:W6qV+q2PsHO2nKuAl9Ombzo2jMGIFUt8B6qx5Zmw+B6qxtVkwOsHO2nKuAl9OmbX:pvkHVHAa8uFUt8z5/+zT51HVHAa8RJ
                        MD5:29E89960807CAF936A6374AB57BD39C1
                        SHA1:688043CB598BDC202614AB3C07AA3BBE393BB4DC
                        SHA-256:97615CED328B0F9B7928933946D9B659B072375BB6B06DFB9B6E7A44179D7F64
                        SHA-512:B8F1552C2133CB97C36CF530984CCBCE1A6C2BFF729CE07B0EC34F3F20F3A8E2D748457CBDFF678ED21CBFD62986D0C33CA97D1970FF4EF7433195A0C9D59B76
                        Malicious:false
                        Reputation:low
                        Preview:2024/10/02-11:23:32.717 1858 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/02-11:23:32.720 1858 Recovering log #3.2024/10/02-11:23:32.720 1858 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):338
                        Entropy (8bit):5.143667399346449
                        Encrypted:false
                        SSDEEP:6:W6qV+q2PsHO2nKuAl9Ombzo2jMGIFUt8B6qx5Zmw+B6qxtVkwOsHO2nKuAl9OmbX:pvkHVHAa8uFUt8z5/+zT51HVHAa8RJ
                        MD5:29E89960807CAF936A6374AB57BD39C1
                        SHA1:688043CB598BDC202614AB3C07AA3BBE393BB4DC
                        SHA-256:97615CED328B0F9B7928933946D9B659B072375BB6B06DFB9B6E7A44179D7F64
                        SHA-512:B8F1552C2133CB97C36CF530984CCBCE1A6C2BFF729CE07B0EC34F3F20F3A8E2D748457CBDFF678ED21CBFD62986D0C33CA97D1970FF4EF7433195A0C9D59B76
                        Malicious:false
                        Reputation:low
                        Preview:2024/10/02-11:23:32.717 1858 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/02-11:23:32.720 1858 Recovering log #3.2024/10/02-11:23:32.720 1858 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):476
                        Entropy (8bit):4.97491519936409
                        Encrypted:false
                        SSDEEP:12:YH/um3RA8sqXQsBdOg2Hucaq3QYiubEP7E4T3y:Y2sRdsYdMHR3QYhbY7nby
                        MD5:1C143C7888510EEF2D70C65A73C5EEF5
                        SHA1:1AC2851C35A50DE8E2B3B47100CEAC47792F87F9
                        SHA-256:3C3D7D733B7954734D5C71C11F8C3703B531CEC66CB4E293443848A0650E8062
                        SHA-512:866C5B1666C36D196CBE8124336BDA7EEBBB6F9FFF67A9B616066D8196CE3557D346D8DCE5009BE1261F71FD6B1160CE99AD9C2774D6D9B44F5005DA50C02023
                        Malicious:false
                        Reputation:low
                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372442624408790","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":119106},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d1f47bfb-a32a-489f-a4c0-37ea1a1e0ce5.tmp
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:JSON data
                        Category:modified
                        Size (bytes):476
                        Entropy (8bit):4.97491519936409
                        Encrypted:false
                        SSDEEP:12:YH/um3RA8sqXQsBdOg2Hucaq3QYiubEP7E4T3y:Y2sRdsYdMHR3QYhbY7nby
                        MD5:1C143C7888510EEF2D70C65A73C5EEF5
                        SHA1:1AC2851C35A50DE8E2B3B47100CEAC47792F87F9
                        SHA-256:3C3D7D733B7954734D5C71C11F8C3703B531CEC66CB4E293443848A0650E8062
                        SHA-512:866C5B1666C36D196CBE8124336BDA7EEBBB6F9FFF67A9B616066D8196CE3557D346D8DCE5009BE1261F71FD6B1160CE99AD9C2774D6D9B44F5005DA50C02023
                        Malicious:false
                        Reputation:low
                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372442624408790","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":119106},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):6495
                        Entropy (8bit):5.243257353824833
                        Encrypted:false
                        SSDEEP:192:TUi8h+F8Aj8DRCGwtqzmsLnNreR2ZpjRe4I8qr9jnNI92D3jC+3ETKEAE8eoO1Z:jX8eQ/
                        MD5:349334FACDDDDFED9DCFF03D66776C5B
                        SHA1:381FA38FD190A022A3144F1BFEABD4575858F58A
                        SHA-256:EA3C54A2BAFE58611665865579BBAEF332EB1CE7403CC03F649F0DB676B5FA9F
                        SHA-512:5D3B2E6FDE54C4582DC0DD62CA24E394CD6199B4514489F64E7A0174A603F199BF8642012C16035CC48491E3FD45F3CD14848B46D1DE9E7ECA452BB120DADE8C
                        Malicious:false
                        Reputation:low
                        Preview:*...#................version.1..namespace-....o................next-map-id.1.Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/.0F...r................next-map-id.2.Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/.1.p..r................next-map-id.3.Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/.2....o................next-map-id.4.Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.3..).^...............Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/...^...............Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.{VUa...............Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/....a...............Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/yATuo................next-map-id.5.Pnamespace-eb3aef6d_d129_430c_a353_
                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):326
                        Entropy (8bit):5.152762419133268
                        Encrypted:false
                        SSDEEP:6:W6Ht+q2PsHO2nKuAl9OmbzNMxIFUt8B68+Zmw+B6SEVkwOsHO2nKuAl9OmbzNMFd:dovkHVHAa8jFUt8b+/+A51HVHAa84J
                        MD5:333194D23AAE482AC2A3D8FBB43F77FB
                        SHA1:BDA27DFC089728D08AEF96E603EFC571BFE43F5B
                        SHA-256:3190CE91604D0DB02891E08B724B204876E5976109EE3C0BCFDE252DF213F074
                        SHA-512:2FF6FF8D4D76D1C53DB8AAB5A89F2D63715827AA360772B95F9E4C8C15EC753E021FE3F52FC88259FA659F9BF2EABE7466E918EA437E3B1AA5B657787407B777
                        Malicious:false
                        Preview:2024/10/02-11:23:32.842 1858 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/02-11:23:32.844 1858 Recovering log #3.2024/10/02-11:23:32.846 1858 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):326
                        Entropy (8bit):5.152762419133268
                        Encrypted:false
                        SSDEEP:6:W6Ht+q2PsHO2nKuAl9OmbzNMxIFUt8B68+Zmw+B6SEVkwOsHO2nKuAl9OmbzNMFd:dovkHVHAa8jFUt8b+/+A51HVHAa84J
                        MD5:333194D23AAE482AC2A3D8FBB43F77FB
                        SHA1:BDA27DFC089728D08AEF96E603EFC571BFE43F5B
                        SHA-256:3190CE91604D0DB02891E08B724B204876E5976109EE3C0BCFDE252DF213F074
                        SHA-512:2FF6FF8D4D76D1C53DB8AAB5A89F2D63715827AA360772B95F9E4C8C15EC753E021FE3F52FC88259FA659F9BF2EABE7466E918EA437E3B1AA5B657787407B777
                        Malicious:false
                        Preview:2024/10/02-11:23:32.842 1858 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/02-11:23:32.844 1858 Recovering log #3.2024/10/02-11:23:32.846 1858 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000001.dbtmp
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):16
                        Entropy (8bit):3.2743974703476995
                        Encrypted:false
                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                        MD5:46295CAC801E5D4857D09837238A6394
                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                        Malicious:false
                        Preview:MANIFEST-000001.
                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:data
                        Category:modified
                        Size (bytes):161
                        Entropy (8bit):4.6019309720363095
                        Encrypted:false
                        SSDEEP:3:KXt1HcZUV/TrvHrulll11HcZUV/TW1t9aRDcEkG31HcZUV/TgllPyIW:KXtVnVPHW9VnV6ncRAEkG3VnV8/W
                        MD5:F7AC3CE75325A2821BD3E073DAFBB968
                        SHA1:0F0DC37BDB98FD4BC0ABC3410DEDB557EDA3190A
                        SHA-256:1A87D805B5F3C42726D96A40A5D1769426B7FF5EAF00F60BDD6D88A6E01B5ADA
                        SHA-512:BBEAA6C4EBAD9FD220978CF0D60CA2A40EBF89AA8E6B01B3567039B50F8A6883466B98E14774A03D423B6A480B93B04F71383B6A01553F4D11846B8AE8A8D634
                        Malicious:false
                        Preview:..../................22_11|360x240|60........9.ge.$yB.../................22_11|360x240|60........9h.ge.$yB.....................22_11|360x240|60..x....9.ge.$yB
                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\CURRENT (copy)
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):16
                        Entropy (8bit):3.2743974703476995
                        Encrypted:false
                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                        MD5:46295CAC801E5D4857D09837238A6394
                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                        Malicious:false
                        Preview:MANIFEST-000001.
                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\LOG
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):283
                        Entropy (8bit):5.168193797962186
                        Encrypted:false
                        SSDEEP:6:W6HYm81sHO2nKuAl9OmbzfXkrl2KLlw6HrwQ+q2PsHO2nKuAl9OmbzfXkrK+IFUv:am7HVHAa8/uLRwQ+vkHVHAa8/F3FUv
                        MD5:79DFA35F4244686D8D57AF23513E3ECF
                        SHA1:66E279B1C2C3C96A111C9E19A18B3BBDEC3EBB37
                        SHA-256:6695327F7E5978B1580E1143C55BB6E2FDF3BE599C71F8C954BC5CBA6FDA7EDD
                        SHA-512:08938D40BF5411FFF75808A718D90363A6642AEF24AFE6877B658AE7ECFE24EEF9E6106E4B130D06EFA962C795C12E25B760419C5BBA68C5218649CAEE77FC59
                        Malicious:false
                        Preview:2024/10/02-11:25:45.449 3dc Creating DB C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db since it was missing..2024/10/02-11:25:45.457 3dc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db/MANIFEST-000001.
                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\MANIFEST-000001
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:OpenPGP Secret Key
                        Category:dropped
                        Size (bytes):41
                        Entropy (8bit):4.704993772857998
                        Encrypted:false
                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                        Malicious:false
                        Preview:.|.."....leveldb.BytewiseComparator......
                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000001.dbtmp
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):16
                        Entropy (8bit):3.2743974703476995
                        Encrypted:false
                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                        MD5:46295CAC801E5D4857D09837238A6394
                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                        Malicious:false
                        Preview:MANIFEST-000001.
                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):126
                        Entropy (8bit):3.6123534208443075
                        Encrypted:false
                        SSDEEP:3:G0XttkJcsRwI9tkJcsSaJkG3mH2lztzlkzXlfmH2lG:G0XtqcsqczaJf3mH2lztzl4mH2lG
                        MD5:A05963DD9E2C7C3F13C18A9245AD5934
                        SHA1:15A87493591860C6C22499DF3A705ACB3CB466BD
                        SHA-256:F40B7EF0FE0B676871403B8DD21CE42AF8E482DC8B81F09D93CB2C48CCD112B4
                        SHA-512:E67833950A3DB8D4C27FC851C7DF9AEBB85699024F805E98A2951E9E9FC3B606F10EAD23CE0A3B97484A18A9A52520540FB29787178BFEB9FBD8D46D0AA492A2
                        Malicious:false
                        Preview:.h.6.................__global... .t...................__global... ..7..................22_......u...................22_.....
                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\CURRENT (copy)
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):16
                        Entropy (8bit):3.2743974703476995
                        Encrypted:false
                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                        MD5:46295CAC801E5D4857D09837238A6394
                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                        Malicious:false
                        Preview:MANIFEST-000001.
                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):301
                        Entropy (8bit):5.119488346322568
                        Encrypted:false
                        SSDEEP:6:W6H981sHO2nKuAl9OmbzfXkrzs52KLlw6HzQ+q2PsHO2nKuAl9OmbzfXkrzAdIF2:77HVHAa8/N9LhQ+vkHVHAa8/iFUv
                        MD5:9255041AED913F507305D7888CC9592D
                        SHA1:C5AD4522FC65BB473060D34314FECDB2BF5068AA
                        SHA-256:8889E015F22590EF2F6EC3DC46CC6F09CC67C4B299FF2CE5AA3F1E0394CE48B8
                        SHA-512:53E4C21231E6FB7DF8C6629A349350ACFCE5A04A9C93B1326470E3B871C5AD73E84F38566FE3B4507A70EF0B6B759B3864136BBA2D841F4BB258A7B2D2841352
                        Malicious:false
                        Preview:2024/10/02-11:25:45.429 3dc Creating DB C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata since it was missing..2024/10/02-11:25:45.441 3dc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata/MANIFEST-000001.
                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\MANIFEST-000001
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:OpenPGP Secret Key
                        Category:dropped
                        Size (bytes):41
                        Entropy (8bit):4.704993772857998
                        Encrypted:false
                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                        Malicious:false
                        Preview:.|.."....leveldb.BytewiseComparator......
                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241002152336Z-168.bmp
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                        Category:dropped
                        Size (bytes):65110
                        Entropy (8bit):1.7520354971043854
                        Encrypted:false
                        SSDEEP:384:fstl2oJCDvsPdBKbpIHJUdl39G49k/hC1:UtngvsPdBuZHG4931
                        MD5:274DB4789949E95359564F1EAAA9CC4A
                        SHA1:06058DA86F195DE98031C7B67AAFC3F84B4FDBB7
                        SHA-256:56B0508F5C7667063622306C74D690CF218D7920C29C09508624F806EBBDDF62
                        SHA-512:41E3BA122F2097F9B1546EF69BF1BAE792C4EE148E728B5457288C42D466B31FAA10293B38A027CDFF5E548B7430684D4BEB404EAEB340B98F73CC9C3A0B593F
                        Malicious:false
                        Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
                        Category:dropped
                        Size (bytes):86016
                        Entropy (8bit):4.444773793665108
                        Encrypted:false
                        SSDEEP:384:yeZci5t9iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:FWs3OazzU89UTTgUL
                        MD5:BD0696CD0A8236EFD30BAC0BDC66AD68
                        SHA1:2DA1E3562A02935629EFD529F0BF7F7E3089F84A
                        SHA-256:AE93AF97CD9467236F5B38E263CBF71F82DF2AA8D99D9D11692384F4FB7D7BAC
                        SHA-512:6DFE4ED673D517525A4B53BF3A5F916C90D8A822ECE07B07FB75EC971B10A365C11AFCB5E7B056E16F684A76807873F6E428C307288FFA076838190998D91EA1
                        Malicious:false
                        Preview:SQLite format 3......@  ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite Rollback Journal
                        Category:dropped
                        Size (bytes):8720
                        Entropy (8bit):3.769436607359921
                        Encrypted:false
                        SSDEEP:48:7MIp7JioyV+ioysoy1C7oy16oy1sKOioy1noy1AYoy1Wioy1oioykioyBoy1noyL:7NJu+cjXjBijb9IVXEBodRBkJ
                        MD5:EBAAA96FA4C7233BB76447F91A060A09
                        SHA1:D0B63320FEA9EC0A393CB43935335348F38D65A5
                        SHA-256:1D87492E6DDAAB23862281994FE054F51FA8D7E0B2988C2D2A67A6216DA14394
                        SHA-512:EE6FE0A479A42C64DA2C8573E7F6E2A62645E7BCA2E3BE305731EFEA5BBEBB73810A4BFC28BD8C9CD8FB6DFAAD0B4275F34C62FA13D31885ABDB59D8260DBE66
                        Malicious:false
                        Preview:.... .c.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:Certificate, Version=3
                        Category:dropped
                        Size (bytes):1391
                        Entropy (8bit):7.705940075877404
                        Encrypted:false
                        SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                        MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                        SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                        SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                        SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                        Malicious:false
                        Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......
                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                        Category:dropped
                        Size (bytes):71954
                        Entropy (8bit):7.996617769952133
                        Encrypted:true
                        SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                        MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                        SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                        SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                        SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                        Malicious:false
                        Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...
                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):192
                        Entropy (8bit):2.7673182398396405
                        Encrypted:false
                        SSDEEP:3:kkFklqq64kfllXlE/HT8k/pjNNX8RolJuRdxLlGB9lQRYwpDdt:kKzaT82pRNMa8RdWBwRd
                        MD5:D50C0E6A59D6A78CB0218B16BF6A4DEA
                        SHA1:C5E27CC33FE405D2CB7E650B559F7E1716CF78AB
                        SHA-256:059810C64514373103042CD85D3706E679EF05651CF01107A3525954BA9E29BF
                        SHA-512:2A35331509A43750FC57F5533182554082CA7DDF6EC3A5FA93F80115FCDE931C6D06ECC8C40AC0AEADB335DBCC6EA964A1186364D8F84649AA55E74FDD3240E5
                        Malicious:false
                        Preview:p...... ........Y.......(....................................................... ..........W....Z...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...
                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):328
                        Entropy (8bit):3.136375242144002
                        Encrypted:false
                        SSDEEP:6:kKTgZ9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:rgIDnLNkPlE99SNxAhUe/3
                        MD5:1A892FFE1E374A5EA9BC70F36EDCA3A1
                        SHA1:DA5A9EDBFF4BB71656D6F459DFCFFAD52D5CEB8E
                        SHA-256:0D76643E35EB4B255E06CFF1BD5FDDD9D58C24678CF78427143B646AE2F84B45
                        SHA-512:1A7FD4D94FD89EE88986803CC9E719C2108A4DE13ABD0B79A6A92A58CE83616767687F2DCC73B708461C0C3EA83AB6EE8056A0E790FBFE91BAE46245AC06A362
                        Malicious:false
                        Preview:p...... .........d6....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...
                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):295
                        Entropy (8bit):5.3680001156256205
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXPeWmI0Jfjx6mJ0YGVbWTTKoAvJM3g98kUwPeUkwRe9:YvXKX2Wm1Jfjx6mWQ5GMbLUkee9
                        MD5:5EE6D8F8A34D1DEFB3FA9B58A17A11AF
                        SHA1:F7119F528E68782EAF5D14E3F8637386D8B6C8C9
                        SHA-256:675DD905579A63996D60675C8D8DDB0CE3344D5C75D78BFC22F860BADB860C9E
                        SHA-512:7CB41E32652C66C9A034F248AC283B1FDE8275BD60C0C921784DA255BF740F05D9417444B59A70263D1B2218E22189D2C423CF1867F206DD5233B42860435587
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"860b6586-c46c-499a-b2a4-ef137258e590","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728062364756,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):294
                        Entropy (8bit):5.3153916951731315
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXPeWmI0Jfjx6mJ0YGVbWTTKoAvJfBoTfXpnrPeUkwRe9:YvXKX2Wm1Jfjx6mWQ5GWTfXcUkee9
                        MD5:319F893138537A8E373B5BA33BE0C3CA
                        SHA1:4F6CC4BF26B0850D99DEDECB10F2FFC77025B148
                        SHA-256:6FB46BE9F67593D174449F77736EA9BAFED45EF7E78419000C4E10B52C1DB4AE
                        SHA-512:680B5D7EAE0387F6F7C87BC04ED095D78FA4420030AE613546D5858D2A7E8664178D10DD1EE8CF274B2A90A8B94D33D0B4F6349482EC8E24EA90A1966DD61700
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"860b6586-c46c-499a-b2a4-ef137258e590","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728062364756,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):294
                        Entropy (8bit):5.293940011699137
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXPeWmI0Jfjx6mJ0YGVbWTTKoAvJfBD2G6UpnrPeUkwRe9:YvXKX2Wm1Jfjx6mWQ5GR22cUkee9
                        MD5:08B8C658C5F5440136FC9D893FA9AAD7
                        SHA1:4499079E9F45B2BDD774DC2488E00C6F2DA53315
                        SHA-256:30CB6DB2A0689EE3450F322B2DCD62FB4F60639D1F5E7A523FB87C603FBBD78A
                        SHA-512:5DF143C12DD432E4F140A4DA4A95128C21779139907585C662905D43943C1ADDBC46D2EBAFFED0EE4ED6745D16AA50B2B1DBB3B932C425903AECF14B3F6F1589
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"860b6586-c46c-499a-b2a4-ef137258e590","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728062364756,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):285
                        Entropy (8bit):5.354259291645561
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXPeWmI0Jfjx6mJ0YGVbWTTKoAvJfPmwrPeUkwRe9:YvXKX2Wm1Jfjx6mWQ5GH56Ukee9
                        MD5:C4BE41159189B11CB4330FF37BB8B0E2
                        SHA1:DA6CBAC475C454647555AABA4138190B043C452B
                        SHA-256:D625C795B0F557D327F9C170D94A7D2D025D14293F0047C0B575B171FE4528AD
                        SHA-512:4D78FEEEC61E13C378AF4BEC74A6BE3CDE1308EF46F9A8A9D92B2BBAB40DA4FD7514CD8D717EA640BCB7A6443E29661B341EF4E51D262E036FB9763AFC5B4D71
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"860b6586-c46c-499a-b2a4-ef137258e590","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728062364756,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1063
                        Entropy (8bit):5.672755224122253
                        Encrypted:false
                        SSDEEP:24:Yv6XIJfd6+epLgEFqciGennl0RCmK8czOCY4w2Z:YvTf8RhgLtaAh8cvYv+
                        MD5:96C3D0B65B80C2034EEF704B28860A07
                        SHA1:DF5E0607D7A97048799AA72733363E3955B8E5A0
                        SHA-256:DE8E3646A74BFEF60E18BE69D4ABFC84B7D24F6ADA10D23A6F56DD2697E3D700
                        SHA-512:64C935B2DD83534008A874D6CFC799AE36C2AB24BDD70F3B832F0F338E1CB705C78E3B690BA40BE806A587AA3079ECA564C03394FB9E708EE81C49484926F5C5
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"860b6586-c46c-499a-b2a4-ef137258e590","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728062364756,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc
                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1050
                        Entropy (8bit):5.6623624039893405
                        Encrypted:false
                        SSDEEP:24:Yv6XIJfd6+IVLgEF0c7sbnl0RCmK8czOCYHflEpwiVZ:YvTf8NFg6sGAh8cvYHWpww
                        MD5:3ED33E409AB213DC654119A5B96ED550
                        SHA1:585A41A3D4D7DA487189CFA7441278A33897F26E
                        SHA-256:B7A42FBBC49C17B5D1EB4C1E6C36D8FB909AED0C8EA089DF88186446FB86BD8A
                        SHA-512:6D899FC54F5234536A805C31111321AD1B8A40C60AF596BE7B1C61625D465054E171F3A92D6A423EDFC5DA352560701864FCCF17318CB5FFDB3420D4262B0EBE
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"860b6586-c46c-499a-b2a4-ef137258e590","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728062364756,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"
                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):292
                        Entropy (8bit):5.307331350162423
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXPeWmI0Jfjx6mJ0YGVbWTTKoAvJfQ1rPeUkwRe9:YvXKX2Wm1Jfjx6mWQ5GY16Ukee9
                        MD5:B1E21CA664EF6D4958E0CFB3C1EC2E94
                        SHA1:4A61EA4CCA377A36E7CF977A52A01D3B151E8416
                        SHA-256:812C00B47001278F9FF672D3CA4E4406F4B6A620BE04887BF28237F262DA4BDE
                        SHA-512:AAD684C182DF7156566BD1C4DB63CACB00B09AF90A1C28ED69D13374FE2527FBF665AE97AA624A84F0208D0E94B1FC33802F5BB7F4B7B66961742713FC0AE4E6
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"860b6586-c46c-499a-b2a4-ef137258e590","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728062364756,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1038
                        Entropy (8bit):5.655453369690812
                        Encrypted:false
                        SSDEEP:24:Yv6XIJfd6+N2LgEF7cciAXs0nl0RCmK8czOCAPtciBZ:YvTf8Mogc8hAh8cvAj
                        MD5:B2391FA0C4C3EDAA561DD84A162F3F36
                        SHA1:B85B5B6DF24F91C7ADFC53EAB9C2487B08C5D349
                        SHA-256:B3EE8DF45ECD3A9381E7DC5ABB51E68B8A935DAAF827903EB37B58C509929E3E
                        SHA-512:5342704C3FC0F7B7667F2B77FEAE41EBF2D5BF05740D536FDFE26E87A572043334D00BC1BBB8A0237F3A005CB34FAC865E1A99E55494843BC874D41AB17DE62E
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"860b6586-c46c-499a-b2a4-ef137258e590","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728062364756,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744
                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1164
                        Entropy (8bit):5.702219843338029
                        Encrypted:false
                        SSDEEP:24:Yv6XIJfd6+lKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5Z:YvTf8MEgqprtrS5OZjSlwTmAfSKX
                        MD5:EDE60AD3FDB647850988E708D925136C
                        SHA1:4B697D9BE3AF5B32D7E33B73B4F9ADE173F4D82B
                        SHA-256:CA66CE4AA042AC25CC5AF2BDC20E903056581910E6A8182E7FAB62BBC2361F57
                        SHA-512:DFEA3542F275517911DDC25D10C4A030F42FC3B874B8E12C09E2AD814ACD92B66D9DAF81B59B3A9E2AFCAE64B515DEC450C7740C35D0D0E0A5F4CC534471CA27
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"860b6586-c46c-499a-b2a4-ef137258e590","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728062364756,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo
                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):289
                        Entropy (8bit):5.3133402694025165
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXPeWmI0Jfjx6mJ0YGVbWTTKoAvJfYdPeUkwRe9:YvXKX2Wm1Jfjx6mWQ5Gg8Ukee9
                        MD5:078C8AAD9C3BF78254531010ED54A0EA
                        SHA1:D86B255DF232100BA2ED1C9FE0FA623AAADEA165
                        SHA-256:ED2E37CB0E305026D698CB78FB97F71FCCAB588B773DFAF5C0717D6F2C6C86AD
                        SHA-512:E6571BC0B3709E62BDB59BF0F6DB1B6CFAE0058EDB6E65B7413C18E4199BB2CEE045B236A82E00C44BC66B73ABC85F71F423345364C6DE885C6C6609BBFC633A
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"860b6586-c46c-499a-b2a4-ef137258e590","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728062364756,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1395
                        Entropy (8bit):5.779478169557467
                        Encrypted:false
                        SSDEEP:24:Yv6XIJfd6+YrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNw:YvTf8DHgDv3W2aYQfgB5OUupHrQ9FJm
                        MD5:C1C2A475BC8589101C6834CB8E8DCA50
                        SHA1:98553370EE563F2CE57F6E6C9F34D6A09A095276
                        SHA-256:0D81A8D1C1065BAE4ED24E3C33193FA57EE474DB7FD841BE8BBED8CB219F96E8
                        SHA-512:C1D212ECB6834A5FE7A6740D2A6B4C30D420BA1CD93BE4487E1C25AD9488DAB4A10E478298C314739F1D8341746A0935DB0F726D36CB9176F4CCC4B56DA7ADA0
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"860b6586-c46c-499a-b2a4-ef137258e590","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728062364756,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0
                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):291
                        Entropy (8bit):5.296795681376019
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXPeWmI0Jfjx6mJ0YGVbWTTKoAvJfbPtdPeUkwRe9:YvXKX2Wm1Jfjx6mWQ5GDV8Ukee9
                        MD5:D5CC9499679EF6727A52602532790F62
                        SHA1:C066D930DC31A9A48A206B5A22D9878CF6003787
                        SHA-256:965395AED5A9E8F73AFC34EEADA9C6DD99FDF91637CBB3979FA193A4D4762CD3
                        SHA-512:922B30E995DD2EB566F6FCE025BF7BA9DAD2B9EA0718A87C0579D0008968860B255DCBFF117C2ABA5ABEF0D4C01A2E3E742B23045EBF125731A224DBE82BC9D6
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"860b6586-c46c-499a-b2a4-ef137258e590","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728062364756,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):287
                        Entropy (8bit):5.29865354990958
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXPeWmI0Jfjx6mJ0YGVbWTTKoAvJf21rPeUkwRe9:YvXKX2Wm1Jfjx6mWQ5G+16Ukee9
                        MD5:48DFB332A29FD1D9C3B6259CC0AADE17
                        SHA1:5792F0228E7CCB79AC223A064EC8022D544ABE85
                        SHA-256:EFBA86B29C9D414245650B7ED2A86B2F17DAD8AB0AB41D8865211751C70BD248
                        SHA-512:45D5E6FECB77677B78ECF8005810E5F3D769081E4A57E457107700F7C7636BD8C097936CFE15E17A377888AC4DEF23BBAD767D4CEF7D0ECB506547ADE59F82E3
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"860b6586-c46c-499a-b2a4-ef137258e590","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728062364756,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1058
                        Entropy (8bit):5.662116683310077
                        Encrypted:false
                        SSDEEP:24:Yv6XIJfd6+CamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BZ:YvTf89BguOAh8cv+NKW
                        MD5:2816D2022AFB16321674C0F328AA566F
                        SHA1:22414363CD662B35B36194241709D9F382290500
                        SHA-256:03D8A3DDC3DF2C3A46DA87CAE31BAE881248A101A15D71101DF573563EC9F5CC
                        SHA-512:AD0A9C1AC9D52E658A8980D4167996EED55BAE47DCF1F4B0F3225359CC87B26B9BA3AA03B23337692788125342F5DCCEFC2DCF2313D5DE8C187CD9FBB96F74A7
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"860b6586-c46c-499a-b2a4-ef137258e590","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728062364756,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"
                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):286
                        Entropy (8bit):5.276621738658123
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXPeWmI0Jfjx6mJ0YGVbWTTKoAvJfshHHrPeUkwRe9:YvXKX2Wm1Jfjx6mWQ5GUUUkee9
                        MD5:46E248EAAD6A5E581ADCDC62884C4111
                        SHA1:34A88898055AF0B67566484FA8CAF05D68825E60
                        SHA-256:9D7F1F4188D3FEEC141510272550F526AEB9B2D25DA7F14CC2C23638192735D1
                        SHA-512:02C1EE1C2B9A4B0F283666EA827314123C5E6A915373BFF8E4B7B0FC6D3D80A75F8DB2896B56B80246E78274D0EEA8B64C308E9EC1072B8A8BF8C5311DD24C8A
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"860b6586-c46c-499a-b2a4-ef137258e590","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728062364756,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):782
                        Entropy (8bit):5.370076740355527
                        Encrypted:false
                        SSDEEP:12:YvXKX2Wm1Jfjx6mWQ5GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWoI:Yv6XIJfd6+V168CgEXX5kcIfANhw
                        MD5:CC771CFB99FCC0DD5ECE975A3BB46768
                        SHA1:BAD3654D0681379D03B72C4A4AC3B7359BC8D671
                        SHA-256:C9F4C59CE0BF96DB571361ABF72BAF2B26F3A8432E796A0C10F71A67257DBE50
                        SHA-512:586B93E8D27159A97AF1DFA92AB70866E14BCD9A54F004BB7D8997ADC46BEC8B618026AC8DA60AFD5199234F5A64170FA9A7D9219B76D8E946867B2C967F193D
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"860b6586-c46c-499a-b2a4-ef137258e590","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728062364756,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1727882619791}}}}
                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):4
                        Entropy (8bit):0.8112781244591328
                        Encrypted:false
                        SSDEEP:3:e:e
                        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                        Malicious:false
                        Preview:....
                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):2818
                        Entropy (8bit):5.132731960144116
                        Encrypted:false
                        SSDEEP:24:YOKZVi5kaADuayE6JvS29CfLFM1XLVnoVYFTp5j9Blj0SDwv27LK2LSNJ9I5lO9b:YOKqqDX68WaL+9ZnoVu9Pij3rIfO99B
                        MD5:F15349031EC09091FD54C1708C0B448F
                        SHA1:3074DBE7ED01872C7A01F50BE113702F980D0684
                        SHA-256:7288A40C1A197962D84EACBC31A9708DE0FB3CBDAA40B38383D9DABA07DEA6A3
                        SHA-512:810C0338F8293C15C8B273782A6E53A950BC8DAA8A1C53375D5D6167B49320B31768F1B4DBFEC8D77826BB0D37D2AC4E32A4D0855E723BEE54DADCA89DCDE4EE
                        Malicious:false
                        Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"de07cae03c8f49014fda0a6c61bcfe6b","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1727882618000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"7556dd7781434afa0877271661fb5a23","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1727882618000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"a06fbdb842ac926ff0d155193c052172","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1727882618000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"7da0ba7217cd4ccf9be858c1da1b2855","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1727882618000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"2eb7f7229b98fc04f6a803205dfd0cc7","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1727882618000},{"id":"Edit_InApp_Aug2020","info":{"dg":"464fa7d77a6f173edff678960f9f7099","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17
                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 23
                        Category:dropped
                        Size (bytes):12288
                        Entropy (8bit):1.3566032838138011
                        Encrypted:false
                        SSDEEP:48:TVl2GL7msncRVbjVpOV6cV6+VZeVZvVZCVZW/Vk/Vhjv2ubCs22Led5BvP+h:vVmssZnrFPt+
                        MD5:AAAA5186F1E6F0E0582A54D182A2CA3C
                        SHA1:6E573D6C2DB14AC03A3F98E131FB62E545E492D2
                        SHA-256:393A24932034C9F9795C9CD73A78AD551319F25B9194252691DA73B13C7970E3
                        SHA-512:C3AC123851B35D0C1327CEC69DD99DABC6D35DECF54752D8EB72A6966CF4375FCE1CDAE2D5B67DCA8C90B51C54E38C906DEED82E4FDA9E4C265D6D5CE6F66112
                        Malicious:false
                        Preview:SQLite format 3......@  ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite Rollback Journal
                        Category:dropped
                        Size (bytes):8720
                        Entropy (8bit):1.8292926088027233
                        Encrypted:false
                        SSDEEP:48:7MoWcRVbjVpOV6cV6+VZeVZvVZCVZW/Vk/Vhjv2ubCs22Le0BvPxcZqll2GL7msY:7ZZnrF8tMqVmsY
                        MD5:8A9AA076137A177B1778321EA3E73620
                        SHA1:038611598DC9D3F7C722E13DC995742AF6189191
                        SHA-256:E996FC75DDA2C9C8B15D59F493C46093A084DABC13E774F94E04C8E5DC4DA586
                        SHA-512:E6FDCFD1D01F32C49722C83C06FADE9468B777275062D5609AE48443949770DAA69CED38DA7E0F137871E4E4AD7B24C324A4045D9443F621DCA99ECFA4C229C5
                        Malicious:false
                        Preview:.... .c...../m".......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././.-.-.-.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................
                        C:\Users\user\AppData\Local\Temp\MSI67270.LOG
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):246
                        Entropy (8bit):3.501595078528367
                        Encrypted:false
                        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8gjqQlH:Qw946cPbiOxDlbYnuRKLT9
                        MD5:16E4F47AA7F9B70D8CF7B546DC1C0552
                        SHA1:C38DAD7534E288996F813CB88BBF82872F025506
                        SHA-256:B8596578DE1A8F27DD5BC6391337D403604117A41396C3290959F623FF539CB8
                        SHA-512:CE9D352BFD0F26595FDD81FE76656FA9853CB7F37F53CF2B73DF43A83C3549A671D624F3F3D2CD1C1A25EAA2F698A5021136B58D6425F255BB0232CE0FA814D4
                        Malicious:false
                        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.2./.1.0./.2.0.2.4. . .1.1.:.2.3.:.4.3. .=.=.=.....
                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-02 11-23-34-758.log
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with very long lines (393)
                        Category:dropped
                        Size (bytes):16525
                        Entropy (8bit):5.359827924713262
                        Encrypted:false
                        SSDEEP:384:yNDmLJAZYTtvEcrd/GVMimVRMTzpCeb9sJVPbvHktuFKr4Bnk2DfNSNq8iwyhZ9u:bAPaRH9E3/
                        MD5:06DEAEDB81D09FD8FB5FF668D8E09CB2
                        SHA1:28A02BCBD5975117B97A08AFB049F2C94F334726
                        SHA-256:D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64
                        SHA-512:948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936
                        Malicious:false
                        Preview:SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:755+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: 
                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with very long lines (393), with CRLF line terminators
                        Category:dropped
                        Size (bytes):15114
                        Entropy (8bit):5.381384929790849
                        Encrypted:false
                        SSDEEP:384:b10N8g5a5VWRA6av0c9tHBwtFuJKe5pmnpJtnPfzpy9OYV1KEFwiEpxYtrN6k91H:n/V
                        MD5:F9A5478CD1E76F64E1D5876883CC1213
                        SHA1:8FEA69F779AED428A494C8328C6A05A0B4A5D35B
                        SHA-256:18392835E8EA4CA601F3AF62461495DE181770D1A04550F74276ECD5B300D67D
                        SHA-512:0A9BE14582A1FCD6B7BCA750EFB224B47A5E5D4F35A0D8AA7FBCD25E620C30AA6963CE9AA920F0AE6D56EB00B365D01B7E48D6A6DB4D72F4060ADB1B3810517C
                        Malicious:false
                        Preview:SessionID=51ff1404-d532-4878-b789-5bc9696ad91d.1727882614772 Timestamp=2024-10-02T11:23:34:772-0400 ThreadID=2388 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=51ff1404-d532-4878-b789-5bc9696ad91d.1727882614772 Timestamp=2024-10-02T11:23:34:774-0400 ThreadID=2388 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=51ff1404-d532-4878-b789-5bc9696ad91d.1727882614772 Timestamp=2024-10-02T11:23:34:775-0400 ThreadID=2388 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=51ff1404-d532-4878-b789-5bc9696ad91d.1727882614772 Timestamp=2024-10-02T11:23:34:775-0400 ThreadID=2388 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=51ff1404-d532-4878-b789-5bc9696ad91d.1727882614772 Timestamp=2024-10-02T11:23:34:775-0400 ThreadID=2388 Component=ngl-lib_NglAppLib Description="SetConf
                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):35721
                        Entropy (8bit):5.419637485588362
                        Encrypted:false
                        SSDEEP:192:fcbmI6ccb9cb+IqccbdcbIIl3cbXcbWIS+cb4cbIIJzcbgncb0Iqocbx:g6sqGlVS/JCqn
                        MD5:E92D367EC746F73040A48BE3AC76BFA7
                        SHA1:46956987C4B5370631F20F4C063E489E79FC4DE2
                        SHA-256:851746040D3AB06A57FBA36A16F008544D6C4892F95624F7E742CE9A69D542C3
                        SHA-512:096790EE937FF68EAE97398383163A8F093572746AFA39C4C917A8713E086ED1273820423E993C666F69C9524EF4B9C91DD36E9418D0B3DE5C758CD61896EEC6
                        Malicious:false
                        Preview:06-10-2023 11:44:59:.---2---..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ********  Starting new session ********..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 :::::    Configuring as AcrobatReader1..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 11:44:59:.Closing File..06-10-
                        C:\Users\user\AppData\Local\Temp\acrocef_low\16ef93ac-0d17-4e7f-8f3f-3c3e3601f8b0.tmp
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 160932
                        Category:dropped
                        Size (bytes):543911
                        Entropy (8bit):7.977303608379539
                        Encrypted:false
                        SSDEEP:12288:ONh3P65+Tegs6121D1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9UZ+bvHs:O3Pjegf121DMNB1DofjgJJJJm94+g
                        MD5:5B21A6981E55EF9576D169BBED44BCDB
                        SHA1:B3A14100B7E7C2C01D61B010A54937952D111E20
                        SHA-256:9555E661370D1DC26605DAE88BDBC1ABA68038C769BF6E354A256B1A1C4C110E
                        SHA-512:FCA72A5131D8780A17DF65BBFF37FBA88DBEA3B7AE991C3D893B21B9E6C1EED44DC12945C8DA39DE471FAC5013BE71D43E5BBB892994742BC33EF5934469B1B1
                        Malicious:false
                        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....
                        C:\Users\user\AppData\Local\Temp\acrocef_low\1a95317d-3051-4c82-8793-f5f7afccf412.tmp
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                        Category:dropped
                        Size (bytes):1407294
                        Entropy (8bit):7.97605879016224
                        Encrypted:false
                        SSDEEP:24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07tOWLaGZ4ZwYIGNPS:RB3mlind9i4ufFXpAXkrfUs0kWLaGZ48
                        MD5:1D64D25345DD73F100517644279994E6
                        SHA1:DE807F82098D469302955DCBE1A963CD6E887737
                        SHA-256:0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC
                        SHA-512:C0A37437F84B4895A7566E278046CFD50558AD84120CA0BD2EAD2259CA7A30BD67F0BDC4C043D73257773C607259A64B6F6AE4987C8B43BB47241F3C78EB9416
                        Malicious:false
                        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                        C:\Users\user\AppData\Local\Temp\acrocef_low\22a8e6cb-8efd-426e-8c56-d9b1b032587d.tmp
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                        Category:dropped
                        Size (bytes):386528
                        Entropy (8bit):7.9736851559892425
                        Encrypted:false
                        SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                        MD5:5C48B0AD2FEF800949466AE872E1F1E2
                        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                        Malicious:false
                        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y
                        C:\Users\user\AppData\Local\Temp\acrocef_low\43b2e73b-1620-4ccb-8e9f-c1c31493f8c5.tmp
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                        Category:dropped
                        Size (bytes):758601
                        Entropy (8bit):7.98639316555857
                        Encrypted:false
                        SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                        MD5:3A49135134665364308390AC398006F1
                        SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                        SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                        SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                        Malicious:false
                        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....
                        C:\Users\user\AppData\Local\Temp\acrocef_low\d14aa7c1-6a5c-4e24-b145-951371f663a8.tmp
                        Download File
      
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                        Category:dropped
                        Size (bytes):1419751
                        Entropy (8bit):7.976496077007677
                        Encrypted:false
                        SSDEEP:24576:/xaWL07oywYIGNPUGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JaWLxywZG6GZn3mlind9i4ufFXpAXkru
                        MD5:FFA982D6F2F9B46A1DECDD28BF3EF0E1
                        SHA1:B1D05ED9BD6A80BD0E3377E9F62B47EF83FCC0C8
                        SHA-256:93D954FA4BBEDCDFBC7BF14FA1BB3986056261F4A5035C3CFF229FF16D12B78B
                        SHA-512:BF2931508F2039FFF4A74EC9B2FF2706FCF05DC5D56E22CA9C74B7C4AF9E8B4173419791DE648FD77AE7C4B441734E7C70C964A2B91C816FC98C9BA78BEB7879
                        Malicious:false
                        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                        Static File Info
                        General
                        File type:PDF document, version 1.4, 0 pages
                        Entropy (8bit):7.906605556354574
                        TrID:
                        • Adobe Portable Document Format (5005/1) 100.00%
                        File name:uPXZIHuz.pdf
                        File size:93'263 bytes
                        MD5:629274c10e2539158d124e150add83e8
                        SHA1:2572737c016f6ef291f19e32a47d2d59b9bb036f
                        SHA256:c2608132fded62398f96c8cd497e21b88f6f50cc69ff03d22d7575448902ff94
                        SHA512:731756e5b2789e74ff23d94edc88a0cdbcbcd5ad06a08c6b485dd1a390f2159922bf46ea5fec76bd1f68f4bc0022d7404dd01cf9f83a2f2b650ef86b213fe7e9
                        SSDEEP:1536:MkEipjkjrUm0i+6I7Zd2vsiF9FxFOyaMCiujkT/uMYtx1GRuO5whv9GRdMI/:3JQktdd2kiF9FxhNvuwbnYtfGRuD8MI/
                        TLSH:1193E079E9EA1D0CF8E3CB678274389E4D6DF01386E4A58530302E566E515681BA07FF
                        File Content Preview:%PDF-1.4.1 0 obj.<<./Title (..)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (...Q.t. .4...8...7)./CreationDate (D:20241002230035+08'00').>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>>.endo
                        File Icon
                        Icon Hash:62cc8caeb29e8ae0
                        Static PDF Info
                        General
                        Header:%PDF-1.4
                        Total Entropy:7.906606
                        Total Bytes:93263
                        Stream Entropy:7.978559
                        Stream Bytes:84057
                        Entropy outside Streams:5.196105
                        Bytes outside Streams:9206
                        Number of EOF found:1
                        Bytes after EOF:
                        Keywords Statistics
                        NameCount
                        obj56
                        endobj56
                        stream14
                        endstream14
                        xref1
                        trailer1
                        startxref1
                        /Page1
                        /Encrypt0
                        /ObjStm0
                        /URI0
                        /JS0
                        /JavaScript0
                        /AA0
                        /OpenAction0
                        /AcroForm0
                        /JBIG2Decode0
                        /RichMedia0
                        /Launch0
                        /EmbeddedFile0
                        Image Streams
                        IDDHASHMD5Preview
                        7c8d2dacdd6cc84c46a5f511c231acedd94a4f458480650c7
                        Network Behavior
                        Network Port Distribution
                        TCP Packets
                        TimestampSource PortDest PortSource IPDest IP
                        Oct 2, 2024 17:23:45.788309097 CEST49711443192.168.2.1723.203.104.175
                        

                        Oct 2, 2024 17:23:45.788356066 CEST4434971123.203.104.175192.168.2.17
                        

                        Oct 2, 2024 17:23:45.788429976 CEST49711443192.168.2.1723.203.104.175
                        

                        Oct 2, 2024 17:23:45.788836956 CEST49711443192.168.2.1723.203.104.175
                        

                        Oct 2, 2024 17:23:45.788851023 CEST4434971123.203.104.175192.168.2.17
                        

                        Oct 2, 2024 17:23:46.367894888 CEST4434971123.203.104.175192.168.2.17
                        

                        Oct 2, 2024 17:23:46.369587898 CEST49711443192.168.2.1723.203.104.175
                        

                        Oct 2, 2024 17:23:46.369657040 CEST4434971123.203.104.175192.168.2.17
                        

                        Oct 2, 2024 17:23:46.373270035 CEST4434971123.203.104.175192.168.2.17
                        

                        Oct 2, 2024 17:23:46.373364925 CEST49711443192.168.2.1723.203.104.175
                        

                        Oct 2, 2024 17:23:46.441607952 CEST49711443192.168.2.1723.203.104.175
                        

                        Oct 2, 2024 17:23:46.441792965 CEST49711443192.168.2.1723.203.104.175
                        

                        Oct 2, 2024 17:23:46.441806078 CEST4434971123.203.104.175192.168.2.17
                        

                        Oct 2, 2024 17:23:46.441854954 CEST4434971123.203.104.175192.168.2.17
                        

                        Oct 2, 2024 17:23:46.490499973 CEST49711443192.168.2.1723.203.104.175
                        

                        Oct 2, 2024 17:23:46.490539074 CEST4434971123.203.104.175192.168.2.17
                        

                        Oct 2, 2024 17:23:46.538494110 CEST49711443192.168.2.1723.203.104.175
                        

                        Oct 2, 2024 17:23:46.539288998 CEST4434971123.203.104.175192.168.2.17
                        

                        Oct 2, 2024 17:23:46.539439917 CEST4434971123.203.104.175192.168.2.17
                        

                        Oct 2, 2024 17:23:46.539503098 CEST49711443192.168.2.1723.203.104.175
                        

                        Oct 2, 2024 17:23:46.541060925 CEST49711443192.168.2.1723.203.104.175
                        

                        Oct 2, 2024 17:23:46.541078091 CEST4434971123.203.104.175192.168.2.17
                        

                        UDP Packets
                        TimestampSource PortDest PortSource IPDest IP
                        Oct 2, 2024 17:23:45.662286043 CEST6393353192.168.2.171.1.1.1
                        

                        DNS Queries
                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Oct 2, 2024 17:23:45.662286043 CEST192.168.2.171.1.1.10x6b65Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                        

                        DNS Answers
                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Oct 2, 2024 17:23:45.669981003 CEST1.1.1.1192.168.2.170x6b65No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                        

                        HTTP Request Dependency Graph
                        • armmf.adobe.com
                        HTTPS Proxied Packets
                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.174971123.203.104.1754436204C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        TimestampBytes transferredDirectionData
                        2024-10-02 15:23:46 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                        Host: armmf.adobe.com
                        Connection: keep-alive
                        Accept-Language: en-US,en;q=0.9
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                        Sec-Fetch-Site: same-origin
                        Sec-Fetch-Mode: no-cors
                        Sec-Fetch-Dest: empty
                        Accept-Encoding: gzip, deflate, br
                        If-None-Match: "78-5faa31cce96da"
                        If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                        2024-10-02 15:23:46 UTC198INHTTP/1.1 304 Not Modified
                        Content-Type: text/plain; charset=UTF-8
                        Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                        ETag: "78-5faa31cce96da"
                        Date: Wed, 02 Oct 2024 15:23:46 GMT
                        Connection: close


                        Statistics
                        CPU Usage
                        Click to jump to process
                        Memory Usage
                        Click to jump to process
                        High Level Behavior Distribution
                        Click to dive into process behavior distribution
                        Behavior
                        Click to jump to process
                        System Behavior
                        General
                        Target ID:0
                        Start time:11:23:30
                        Start date:02/10/2024
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\uPXZIHuz.pdf"
                        Imagebase:0x7ff63d040000
                        File size:5'641'176 bytes

                        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false

                        General
                        Target ID:2
                        Start time:11:23:31
                        Start date:02/10/2024
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                        Imagebase:0x7ff662bf0000
                        File size:3'581'912 bytes

                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false

                        General
                        Target ID:3
                        Start time:11:23:32
                        Start date:02/10/2024
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1724 --field-trial-handle=1568,i,17717744455474703836,17105930129994550002,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                        Imagebase:0x7ff662bf0000
                        File size:3'581'912 bytes

                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false

                        Disassembly
                        No disassembly