Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
240224.pdf

Overview

General Information

Sample name:240224.pdf
Analysis ID:1528214
MD5:484710419547229bf9815338935e2b25
SHA1:193f7a605a13e3b468654e3e1fcec663fd8de4d2
SHA256:30d515fccee55b568b05514a6ef29fb6e32a75adb938651584a4760eec9a1cc0
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6596 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\240224.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7124 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 2056 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1588,i,5033004123190415020,17179557172345066960,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 23.195.76.153:443 -> 192.168.2.4:49742
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 23.195.76.153:443 -> 192.168.2.4:49742
Source: global trafficTCP traffic: 23.195.76.153:443 -> 192.168.2.4:49742
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 23.195.76.153:443 -> 192.168.2.4:49742
Source: global trafficTCP traffic: 23.195.76.153:443 -> 192.168.2.4:49742
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 23.195.76.153:443 -> 192.168.2.4:49742
Source: global trafficTCP traffic: 23.195.76.153:443 -> 192.168.2.4:49742
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 23.195.76.153:443 -> 192.168.2.4:49742
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 23.195.76.153:443 -> 192.168.2.4:49742
Source: global trafficTCP traffic: 23.195.76.153:443 -> 192.168.2.4:49742
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 23.195.76.153:443 -> 192.168.2.4:49742
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.195.76.153:443
Source: Joe Sandbox ViewIP Address: 23.195.76.153 23.195.76.153
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: classification engineClassification label: clean2.winPDF@14/46@1/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 10-57-48-155.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\240224.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1588,i,5033004123190415020,17179557172345066960,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1588,i,5033004123190415020,17179557172345066960,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 240224.pdfInitial sample: PDF keyword /JS count = 0
Source: 240224.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: A91rkyte5_8m7fee_5b4.tmp.0.drInitial sample: PDF keyword /JS count = 0
Source: A91rkyte5_8m7fee_5b4.tmp.0.drInitial sample: PDF keyword /JavaScript count = 0
Source: 240224.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528214 Sample: 240224.pdf Startdate: 07/10/2024 Architecture: WINDOWS Score: 2 14 x1.i.lencr.org 2->14 7 Acrobat.exe 20 73 2->7         started        process3 process4 9 AcroCEF.exe 107 7->9         started        process5 11 AcroCEF.exe 2 9->11         started        dnsIp6 16 23.195.76.153, 443, 49742 NTT-COMMUNICATIONS-2914US United States 11->16

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
    • URL Reputation: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    23.195.76.153
    		unknownUnited States
    		2914NTT-COMMUNICATIONS-2914USfalse

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1528214
    Start date and time:2024-10-07 16:56:50 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 3m 55s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowspdfcookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:10
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:240224.pdf
    Detection:CLEAN
    Classification:clean2.winPDF@14/46@1/1
    Cookbook Comments:
    • Found application associated with file extension: .pdf
    • Found PDF document
    • Close Viewer

    Warnings

    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 184.28.88.176, 2.16.164.80, 2.16.164.96, 2.16.164.83, 2.16.164.115, 2.16.164.90, 2.16.164.91, 2.16.164.88, 2.16.164.121, 2.16.164.107, 18.207.85.246, 107.22.247.231, 54.144.73.197, 34.193.227.236, 162.159.61.3, 172.64.41.3, 2.23.197.184, 93.184.221.240, 2.19.126.143, 2.19.126.149
    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
    • Not all processes where analyzed, report is missing behavior information
    • VT rate limit hit for: 240224.pdf

    Simulations

    Behavior and APIs

    TimeTypeDescription
    10:57:58API Interceptor3x Sleep call for process: AcroCEF.exe modified

    LLM Input / Output

    InputOutput
    URL: PDF document Model: jbxai
    {
"brand":["CNESST"],
"contains_trigger_text":true,
"trigger_text":"INFORMATIONS BANCAIRES",
"prominent_button_name":"TOTAL DU DPT",
"text_input_field_labels":["Numro facture",
"Description",
"Escompte",
"Montant"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"text":"Rf. 1208181 - 6388350 Cantin,
 Isabelle 1600 av D'Estimauville,
 6e QUBEC QC G1J 0H7 TAT DE DPT Page 1 de 1 Date du dpt*: 2024-10-15 Numro du virement 240224 INFORMATIONS BANCAIRES Nom de l'institution financire: FEDERATION DES CAISSES DESJARDINS DU QUEBEC Numro de l'institution Financire/succursale : 815 / 20116 Adresse de la succursale : 225 AVENUE ST-MAXIME ST-RAYMOND QC G3L 3W2 Date facture 2024-10-03 Numro facture 8330252 Description Remb. Stationnement Escompte Montant 112,
03 TOTAL DU DPT CAD 112,
03 ***** Fin du rapport *****",
"has_visible_qrcode":false}

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    23.195.76.153Open 99 Restaurants Benefits Enrollment.pdfGet hashmaliciousHTMLPhisherBrowse
      DOC-72212087.pdfGet hashmaliciousHTMLPhisherBrowse
        [EXTERNAL] Complete with AdobeSignPDF_ Approve and Sign TRCOT.emlGet hashmaliciousUnknownBrowse
          Secured Doc-[uiC-22723].pdfGet hashmaliciousHTMLPhisherBrowse
            Secured Doc-[qnz-33059].pdfGet hashmaliciousHTMLPhisherBrowse

              Domains

              No context

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              NTT-COMMUNICATIONS-2914USx86.elfGet hashmaliciousMiraiBrowse
              • 206.86.202.118
              na.elfGet hashmaliciousMirai, OkiruBrowse
              • 205.24.240.88
              na.elfGet hashmaliciousMirai, OkiruBrowse
              • 206.239.51.236
              na.elfGet hashmaliciousMirai, OkiruBrowse
              • 206.163.104.103
              na.elfGet hashmaliciousMirai, OkiruBrowse
              • 205.53.193.253
              na.elfGet hashmaliciousMirai, OkiruBrowse
              • 204.156.18.61
              na.elfGet hashmaliciousMiraiBrowse
              • 206.86.219.242
              na.elfGet hashmaliciousMiraiBrowse
              • 207.198.205.60
              na.elfGet hashmaliciousMiraiBrowse
              • 128.121.236.119
              na.elfGet hashmaliciousMiraiBrowse
              • 157.239.48.47

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):289
              Entropy (8bit):5.227967375703118
              Encrypted:false
              SSDEEP:6:ISK+Vq2Pwkn2nKuAl9OmbnIFUt89ShYgZmw+9ShYIkwOwkn2nKuAl9OmbjLJ:vK+VvYfHAahFUt8wOg/+wOI5JfHAaSJ
              MD5:1EC777F914D4B1D662AB8D55CD772F57
              SHA1:FF8D646B68C2A4DFED6975A710D9DC9615B10B6A
              SHA-256:CA7FEC642879C05EA85C5473A00349AF230FC4B97EC152A3209B2572EBB6CA5C
              SHA-512:D09F59BCA45BD86212BB9E2071315F5F05A23412B6F0E0EAC54384D79B502F159AD8BDF81B4DC1B133F3117BE61A6FBB3035226FE9687E7D4E0247FA999C6211
              Malicious:false
              Reputation:low
              Preview:2024/10/07-10:57:45.464 860 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/07-10:57:45.467 860 Recovering log #3.2024/10/07-10:57:45.467 860 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):289
              Entropy (8bit):5.227967375703118
              Encrypted:false
              SSDEEP:6:ISK+Vq2Pwkn2nKuAl9OmbnIFUt89ShYgZmw+9ShYIkwOwkn2nKuAl9OmbjLJ:vK+VvYfHAahFUt8wOg/+wOI5JfHAaSJ
              MD5:1EC777F914D4B1D662AB8D55CD772F57
              SHA1:FF8D646B68C2A4DFED6975A710D9DC9615B10B6A
              SHA-256:CA7FEC642879C05EA85C5473A00349AF230FC4B97EC152A3209B2572EBB6CA5C
              SHA-512:D09F59BCA45BD86212BB9E2071315F5F05A23412B6F0E0EAC54384D79B502F159AD8BDF81B4DC1B133F3117BE61A6FBB3035226FE9687E7D4E0247FA999C6211
              Malicious:false
              Reputation:low
              Preview:2024/10/07-10:57:45.464 860 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/07-10:57:45.467 860 Recovering log #3.2024/10/07-10:57:45.467 860 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):336
              Entropy (8bit):5.164937344574787
              Encrypted:false
              SSDEEP:6:ISqfi+q2Pwkn2nKuAl9Ombzo2jMGIFUt89S4UHEWZmw+9SSZNVkwOwkn2nKuAl97:voi+vYfHAa8uFUt8w4UkW/+w0V5JfHAv
              MD5:BFA32C1CD4144D9B295EA664FCCCE47A
              SHA1:380A705CC2C7F448892F4583E1AA12FD88D4F32B
              SHA-256:2E70C93D2F23848AA6B0E418E947D057FDB2EED6E9C9EEFBB5E2207C03625D13
              SHA-512:03C28792FE8CE91D8C98BF42542BA3F80006F5EE6ED56043A85F587CE192380AAFB54F9C2F2EDDE355FAE06B486D1731A62E107FB9EDD95CAE87DAC29136FB75
              Malicious:false
              Reputation:low
              Preview:2024/10/07-10:57:45.543 1bec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/07-10:57:45.545 1bec Recovering log #3.2024/10/07-10:57:45.546 1bec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):336
              Entropy (8bit):5.164937344574787
              Encrypted:false
              SSDEEP:6:ISqfi+q2Pwkn2nKuAl9Ombzo2jMGIFUt89S4UHEWZmw+9SSZNVkwOwkn2nKuAl97:voi+vYfHAa8uFUt8w4UkW/+w0V5JfHAv
              MD5:BFA32C1CD4144D9B295EA664FCCCE47A
              SHA1:380A705CC2C7F448892F4583E1AA12FD88D4F32B
              SHA-256:2E70C93D2F23848AA6B0E418E947D057FDB2EED6E9C9EEFBB5E2207C03625D13
              SHA-512:03C28792FE8CE91D8C98BF42542BA3F80006F5EE6ED56043A85F587CE192380AAFB54F9C2F2EDDE355FAE06B486D1731A62E107FB9EDD95CAE87DAC29136FB75
              Malicious:false
              Reputation:low
              Preview:2024/10/07-10:57:45.543 1bec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/07-10:57:45.545 1bec Recovering log #3.2024/10/07-10:57:45.546 1bec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\6d6c5e04-f645-44bd-a46a-2e5be2c6b621.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:JSON data
              Category:modified
              Size (bytes):475
              Entropy (8bit):4.972627273971995
              Encrypted:false
              SSDEEP:12:YH/um3RA8sqChsBdOg2Hvcaq3QYiubInP7E4T3y:Y2sRds8dMHe3QYhbG7nby
              MD5:408EB4648AF04BF6DEABCDA5BF8C71B1
              SHA1:C47285CA37B2B7B770CA438456171A3B9FE3C58F
              SHA-256:30DC5D0F155D6442FF3A55561B05692D6C740D3F2F1962E30EDC997EDA66D648
              SHA-512:4AFD35AB439732F16266AD356F3F864B320006A6022A52CA01D12C258241A136F437094EE82DF8015FBA64031086C550993744D931D6BD2C10AB8946686573CC
              Malicious:false
              Reputation:low
              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372873078167874","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":210552},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):475
              Entropy (8bit):4.972627273971995
              Encrypted:false
              SSDEEP:12:YH/um3RA8sqChsBdOg2Hvcaq3QYiubInP7E4T3y:Y2sRds8dMHe3QYhbG7nby
              MD5:408EB4648AF04BF6DEABCDA5BF8C71B1
              SHA1:C47285CA37B2B7B770CA438456171A3B9FE3C58F
              SHA-256:30DC5D0F155D6442FF3A55561B05692D6C740D3F2F1962E30EDC997EDA66D648
              SHA-512:4AFD35AB439732F16266AD356F3F864B320006A6022A52CA01D12C258241A136F437094EE82DF8015FBA64031086C550993744D931D6BD2C10AB8946686573CC
              Malicious:false
              Reputation:low
              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372873078167874","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":210552},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:data
              Category:dropped
              Size (bytes):4730
              Entropy (8bit):5.254804844044901
              Encrypted:false
              SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7cDcxPp/B+zDdPZ:etJCV4FiN/jTN/2r8Mta02fEhgO73gou
              MD5:5178AFC24DFF61232987BFCEBF8605CA
              SHA1:53C907F1C633DC88D37244AF7258A3D581AF4B76
              SHA-256:2379A52D7EF2D7C9CE8F099FB3EFCED63DEBA619E8C3203DF0271153AD5692FD
              SHA-512:3DC2FAAC839A1C6D2EDA2812F6AFA7096DBC137204B92B063B2BB52369BE6E1A3321E2710F4612A44D4D779279764476B69BC63274F0F6DEB5EA04BFED853071
              Malicious:false
              Reputation:low
              Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):324
              Entropy (8bit):5.174650376111819
              Encrypted:false
              SSDEEP:6:ISYuHz+q2Pwkn2nKuAl9OmbzNMxIFUt89S+gXWZmw+9S+giVkwOwkn2nKuAl9Omk:vYuT+vYfHAa8jFUt8wNXW/+wNiV5JfHP
              MD5:8F6302FDA5948EA1303A7CD5299557A4
              SHA1:2385D48455737C53AF055DFA6152F9E99346811E
              SHA-256:35BEEF2959230B7311741C10AD48C2846D840DD88FCC7929C9F3C76FA57EEA7B
              SHA-512:05DC5E7E01F71A963A73848F025E20AE505E49E4730E0E380A9DAF6F4CB70BF11BA63A24FC80227AA6B1D07941E95DE2AB97743A11C4211DDFF1DB418515DEFE
              Malicious:false
              Reputation:low
              Preview:2024/10/07-10:57:45.747 1bec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/07-10:57:45.748 1bec Recovering log #3.2024/10/07-10:57:45.748 1bec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):324
              Entropy (8bit):5.174650376111819
              Encrypted:false
              SSDEEP:6:ISYuHz+q2Pwkn2nKuAl9OmbzNMxIFUt89S+gXWZmw+9S+giVkwOwkn2nKuAl9Omk:vYuT+vYfHAa8jFUt8wNXW/+wNiV5JfHP
              MD5:8F6302FDA5948EA1303A7CD5299557A4
              SHA1:2385D48455737C53AF055DFA6152F9E99346811E
              SHA-256:35BEEF2959230B7311741C10AD48C2846D840DD88FCC7929C9F3C76FA57EEA7B
              SHA-512:05DC5E7E01F71A963A73848F025E20AE505E49E4730E0E380A9DAF6F4CB70BF11BA63A24FC80227AA6B1D07941E95DE2AB97743A11C4211DDFF1DB418515DEFE
              Malicious:false
              Reputation:low
              Preview:2024/10/07-10:57:45.747 1bec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/07-10:57:45.748 1bec Recovering log #3.2024/10/07-10:57:45.748 1bec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241007145749Z-166.bmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
              Category:dropped
              Size (bytes):71190
              Entropy (8bit):0.9508443348448652
              Encrypted:false
              SSDEEP:96:voPGmr7s4EMDDUMfJ8Mnm1K9Eq9MgcuMM+MbcA4de2adMMMY9MMM1MpFMJMMPLmd:voOM7lmrqJB
              MD5:03C3DAC54F2C141888FA957E84095E9B
              SHA1:927B930E344B8B029B90C874925947DF6D0D01F3
              SHA-256:8111C5BEDF34759FE6C0F04E4A3B962C1F544904B27DDE18C1023158C49AEE88
              SHA-512:D93732B6AC41C78565D9C87136D0D809DA2E79D97E13E3BB7525102D67779272D57F26E02680CF5A99B94CC2AC2D77A4DD9DBF3E2F81515DEC675CC8AC8301BB
              Malicious:false
              Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
              Category:dropped
              Size (bytes):86016
              Entropy (8bit):4.444824614228412
              Encrypted:false
              SSDEEP:384:yezci5teiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rxs3OazzU89UTTgUL
              MD5:F56AAE1BF6D7DD0BC4521B6CB1425EB2
              SHA1:2B1412B8BD0647DB813AAF31AF446C411B74092A
              SHA-256:C32AA4BFDA028ED1E0656282625D862EDB05C7DFCC0C2A2543132DF55FA88EB1
              SHA-512:79C7A292B7B58202CD121B9F7586257A18D5FED03DF4A0DBF4C674FD558918B104C05E53620B8281C35B8D84DF2D1CC23A64A4B09BC1D828D7B4EA74EBD2BD1D
              Malicious:false
              Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):8720
              Entropy (8bit):3.7732160800985906
              Encrypted:false
              SSDEEP:48:7MDp/E2ioyVZioy9oWoy1Cwoy1NKOioy1noy1AYoy1Wioy1hioybioy9oy1noy1Z:7QpjuZFsXKQQib9IVXEBodRBku
              MD5:8EA561D8FC3CD58D776E83F3E15CF348
              SHA1:62E11077251AA207FF0496DEDE23BEA53D85BF1A
              SHA-256:8557DFD6131864045E8197B9B347985374FD00914A9E1BFF9E6445E73AD10B58
              SHA-512:883D2DA33FB85EC6A476DE27E9A9F40814FE763AF349AF606153181668DA9BEA01B9137C94B5AAD76677E606702FFD4563AD77BF1C41C0820F47724DD484DF42
              Malicious:false
              Preview:.... .c......Q.,...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:Certificate, Version=3
              Category:dropped
              Size (bytes):1391
              Entropy (8bit):7.705940075877404
              Encrypted:false
              SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
              MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
              SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
              SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
              SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
              Malicious:false
              Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
              Category:dropped
              Size (bytes):71954
              Entropy (8bit):7.996617769952133
              Encrypted:true
              SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
              MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
              SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
              SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
              SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
              Malicious:false
              Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:data
              Category:dropped
              Size (bytes):192
              Entropy (8bit):2.7673182398396405
              Encrypted:false
              SSDEEP:3:kkFklVRN/XfllXlE/HT8kpVbNNX8RolJuRdxLlGB9lQRYwpDdt:kK0N/IT8gVpNMa8RdWBwRd
              MD5:6FC97E21BF582BAF7BE3ADD034AC2500
              SHA1:0B0813893C01E0B6734E5360A31C63E86DEA5060
              SHA-256:1CE30B5320BD6E99A994EA3EC7B58ECC6D7B89F0D44BEC5A418E954CBCA5213E
              SHA-512:431B42AE4856D8EE5E472A71C7A8D4E749D7578EA3377D278C8FFD2B28803E8A36BD858EC74DA192983F2DC08E1A1A2786224F706B273AE729C48578F94FF217
              Malicious:false
              Preview:p...... ..........@L....(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:data
              Category:modified
              Size (bytes):328
              Entropy (8bit):3.1391791584200512
              Encrypted:false
              SSDEEP:6:kKai99UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:iikDnLNkPlE99SNxAhUe/3
              MD5:F44C978EF90399AB705F65971C65DE50
              SHA1:D2357C8924D2C9F81EAE75586BCC617B65ECF810
              SHA-256:3508E066DD80CE32F9E5A36D0C95997C0455CB241C47A2589AA0CA0D2BBAC6AC
              SHA-512:FE7090A960D3E86DFE6DFD4691ACCE4CEAD0B8BF349A5DEA772A3AE110B9C7716C98A3E2465767B06FB7DD664CE13167E58DA83F8F63DDE930F850323FE288EA
              Malicious:false
              Preview:p...... ...........p....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:data
              Category:dropped
              Size (bytes):243196
              Entropy (8bit):3.3450692389394283
              Encrypted:false
              SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
              MD5:F5567C4FF4AB049B696D3BE0DD72A793
              SHA1:EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
              SHA-256:D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
              SHA-512:E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
              Malicious:false
              Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):295
              Entropy (8bit):5.342160964718971
              Encrypted:false
              SSDEEP:6:YEQXJ2HXXyRx9WdVoZcg1vRcR0YGRZoAvJM3g98kUwPeUkwRe9:YvXKXXwnZc0vwGMbLUkee9
              MD5:F3024E6F244663911031E1313382E979
              SHA1:494AA71F1F006E45795590FD9054D8A74812DBA1
              SHA-256:8718A4645B1871E5706719E96EFC5C863DA9C5650A1B831DFEE023BB69F6A710
              SHA-512:6662544A515DD855691EE84130C464392CB6A4FB6B0B25BF866322B028A545B3BC73C07D1F9205E134D9A74FD616F04206C0ADF632DB8A75E879BB2FE2A81964
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"51b7a427-ae89-4502-8e12-f38ae9ded2e5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728490056948,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):294
              Entropy (8bit):5.289099831687611
              Encrypted:false
              SSDEEP:6:YEQXJ2HXXyRx9WdVoZcg1vRcR0YGRZoAvJfBoTfXpnrPeUkwRe9:YvXKXXwnZc0vwGWTfXcUkee9
              MD5:09F55248A1CB05C65672B44BDCEA65E0
              SHA1:596F29D0E6E3AAB52DCB39D4CEADD0A7B7DA4309
              SHA-256:25F68DD55D76B39783A1E3D36A9C967F7485132482F5228AB5943323D24620C2
              SHA-512:595F100D819864A30F245AC23BB1FF0C0F823C66F9DBA170F0B83267C7E40B1C146FE97A0910566D31146EDAD12DB3749FD4D09F31CBC85F8B2DD65408F312A3
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"51b7a427-ae89-4502-8e12-f38ae9ded2e5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728490056948,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):294
              Entropy (8bit):5.269363007137602
              Encrypted:false
              SSDEEP:6:YEQXJ2HXXyRx9WdVoZcg1vRcR0YGRZoAvJfBD2G6UpnrPeUkwRe9:YvXKXXwnZc0vwGR22cUkee9
              MD5:341EDEEE4B51D56AC923FA3E3026DAE5
              SHA1:F22789C4EA7177AA7822E69F403344DE7B2DF598
              SHA-256:5CB179EED4F3E081FE1D295040673B8F088DB7C469343F3E02682DF4BA83D225
              SHA-512:C6D987FBB480F1B0328BF3DF5443BD3538E449F1CEF5622371446D72B70D8676AE06ADDD8D8812B81C9C90A01D5ABBFCE627FD188D7EE7957CCDF5DF92A6E830
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"51b7a427-ae89-4502-8e12-f38ae9ded2e5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728490056948,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):285
              Entropy (8bit):5.328427526296649
              Encrypted:false
              SSDEEP:6:YEQXJ2HXXyRx9WdVoZcg1vRcR0YGRZoAvJfPmwrPeUkwRe9:YvXKXXwnZc0vwGH56Ukee9
              MD5:4C9AF87F040F28F81B9AD96B3ACA5877
              SHA1:2F54768495315AE5DDB7818F1BFA7F5DCE5D250A
              SHA-256:323B0C82E5DF5F5E281C752DC6FB9C6A175AE75FBE96F2519D6B0A982830CD61
              SHA-512:63168F57C8A017FE3073FD58234628C00D67EE5F168C0F9768461A716728016874A0D9C12CF32ED193437F76091DCF30BAAF966D7ECFF5995213A9BAB6833B53
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"51b7a427-ae89-4502-8e12-f38ae9ded2e5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728490056948,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):1091
              Entropy (8bit):5.686784306514221
              Encrypted:false
              SSDEEP:24:Yv6XXkzvtpLgE7cgD6SOGtnnl0RCmK8czOCYvS1:YvPVhgs6SraAh8cvYK1
              MD5:6640CC6E5A43CA78D4B70A7CD2A191F6
              SHA1:6880C3885215B4B560DF7C176C6BB50D4F0AC7BF
              SHA-256:17A7C678BD1533BD578FA921322450E70FC08A482E76755950D53DDFE92119F8
              SHA-512:EC80211D041057009BE697EA64265FA91AB76372AFC70F65690DBEF089B8251D560B0AF0EF64BE8AF3248124D1D72FD30A9FBA6E93ADC1A3B495285B10EDA3F2
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"51b7a427-ae89-4502-8e12-f38ae9ded2e5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728490056948,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_2","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"67a3a874-888f-4d96-9f3d-26e70c3e0be1","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgUERGIGZpbGVzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjoiUkdTMDM1MS1FTlUtQ2hhbGxlbmdlcjIifQ==","dataType":"ap

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):1050
              Entropy (8bit):5.652097715261789
              Encrypted:false
              SSDEEP:24:Yv6XXkzvxVLgEF0c7sbnl0RCmK8czOCYHflEpwiVg:YvP5Fg6sGAh8cvYHWpw1
              MD5:C75A84E69BA2B2C00DA6648113BB5B8E
              SHA1:F990A389AF7E60CDBBA183F0135E9DC0B15A23AB
              SHA-256:50558AB6EF4594A70FC9EA223A430893922E4EF75AA17B964C6154CE33158260
              SHA-512:8A5085C7930F7AA3F9064877E4283082BC3FFDF9FC02E24AFDDD2FF60BC75687CA5CA73BE0497996EDE4DFF30F5AB00F20D41D7AB352D772839AA29B1BA221B6
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"51b7a427-ae89-4502-8e12-f38ae9ded2e5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728490056948,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):292
              Entropy (8bit):5.275966148546685
              Encrypted:false
              SSDEEP:6:YEQXJ2HXXyRx9WdVoZcg1vRcR0YGRZoAvJfQ1rPeUkwRe9:YvXKXXwnZc0vwGY16Ukee9
              MD5:C4A6A0754C24A40920800AF8DDC13AD7
              SHA1:382FB66F9CDF8EF0D661AE657936D1169B55E1E1
              SHA-256:7CEA7CC647671F897BE1AF26CE651B834F177DBDC5AF85B2943CA51C9535DC03
              SHA-512:B75658F24A1EFE7A793B98E1F778C1E692EFFFD8F9FA8263E43DE8D73120C0A31E32CD2C37904D8F75C33753ACA403842E33F110F2ED27425AE2B4172FC61CF6
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"51b7a427-ae89-4502-8e12-f38ae9ded2e5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728490056948,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):1098
              Entropy (8bit):5.684935172081143
              Encrypted:false
              SSDEEP:24:Yv6XXkzvg2LgEFcs2SOGt0nl0RCmK8czOCUaBtCrfS1:YvPoogq2SrhAh8cvUgEm1
              MD5:D65A5A58C735887E3ED1A536FD2DE42A
              SHA1:BE92B0F65F06C29BA6289B88ADF24B2BB629498B
              SHA-256:AEE96A8322021E7E60DB93F5DD28258C45ADD7F7001E3478D704F48CAC4FA282
              SHA-512:E75821A2CD50B99C7F50FD03896ABAD454845FCA658A6C524C185AF3C07AAB821A339DA2D55542CCAB999CE960A53AFD1A71BB0372E64F8290BFD4A2FC4D9307
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"51b7a427-ae89-4502-8e12-f38ae9ded2e5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728490056948,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_0","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"abdf1d9d-2114-4953-95a6-4eed783b9872","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlR1cm4gc2Nhbm5lZCBwYXBlciBkb2N1bWVudHNcbmludG8gaW5zdGFudGx5IGVkaXRhYmxlIFBERnMuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNoYWxsZW5nZXIyIn0=","dataTy

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):1164
              Entropy (8bit):5.697051674692607
              Encrypted:false
              SSDEEP:24:Yv6XXkzvoKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5g:YvPgEgqprtrS5OZjSlwTmAfSKC
              MD5:F57BFD5EB2EA1EEFD5E65724392F8122
              SHA1:AF88A6D2A9EC1D8D57DC597FCC382DA87A44E7DB
              SHA-256:9A21476F02056C1C989A1F6867669EBEA4B73CABC78857F872949E3E81778116
              SHA-512:1E2814F025C9656081D8D526D45664FB19B81472D285A3674193D3CB932C7D5DF2C07F1F1542818C60F5394D40CB8076F4194A20AE4D98C51EE0BDD170CC30F9
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"51b7a427-ae89-4502-8e12-f38ae9ded2e5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728490056948,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):289
              Entropy (8bit):5.276716544218921
              Encrypted:false
              SSDEEP:6:YEQXJ2HXXyRx9WdVoZcg1vRcR0YGRZoAvJfYdPeUkwRe9:YvXKXXwnZc0vwGg8Ukee9
              MD5:066EF38E94343E143F1F08C99943EB54
              SHA1:BA5D846CB94103E0AD38903CEE3CDEBF98121A23
              SHA-256:72A675B741912F67001EEF94B663727E85067E688FE89A29841B874632A211D0
              SHA-512:89F7F3CE8D592BF49205EC4EB37AF74899FB45411FD8714C03DACAA12A5C88D9E21A44E043BECE961ED272B71C9A7409452A8F0B4722A7F6657B552E0BCB953D
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"51b7a427-ae89-4502-8e12-f38ae9ded2e5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728490056948,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):1395
              Entropy (8bit):5.775457640506578
              Encrypted:false
              SSDEEP:24:Yv6XXkzvHrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNY:YvPvHgDv3W2aYQfgB5OUupHrQ9FJC
              MD5:3825C7606A9CCFD0598B5A7AB5E8AB30
              SHA1:EFBFF0A13B74AFBB0C426A12F55EE17BBB12817D
              SHA-256:96B7764AB6D172EF432AB327CCD21BB86B1AA62575DCC9B9057C0B2AC3830271
              SHA-512:D53D2165376573129F5BE6643C2702E9A6E52369DB9F4114A238A9BDDFF312DA8A48CA2E2C642D5AEFAEA22C320DAE05D19B69E6DDA9B56AC52F81D4B95663A6
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"51b7a427-ae89-4502-8e12-f38ae9ded2e5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728490056948,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):291
              Entropy (8bit):5.2604236656438585
              Encrypted:false
              SSDEEP:6:YEQXJ2HXXyRx9WdVoZcg1vRcR0YGRZoAvJfbPtdPeUkwRe9:YvXKXXwnZc0vwGDV8Ukee9
              MD5:727FFBE02D0A1364FFF247BAB6F1B20C
              SHA1:35F371380AADFB21083A1BC61110209BFDD6AE4A
              SHA-256:E7F7C4799A1F29339163B94429F477552444C3967AFB98F30CBDA99E61836A55
              SHA-512:43E428AD069602C9D97201DB1697A4A1BD5930FC75201522BDB69220087C874B1E5F59EDFB5F0ACDB7BD90A93AC42B499C8BB5F20451D5D3525A4738726CF987
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"51b7a427-ae89-4502-8e12-f38ae9ded2e5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728490056948,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):287
              Entropy (8bit):5.265048706068689
              Encrypted:false
              SSDEEP:6:YEQXJ2HXXyRx9WdVoZcg1vRcR0YGRZoAvJf21rPeUkwRe9:YvXKXXwnZc0vwG+16Ukee9
              MD5:E351B916DB0436196A109ACB6BD3CFC5
              SHA1:B0116697FE6E5115928B8A7081E194F791195DA9
              SHA-256:CF01D6892E465930D66B6A04A3FE35F59D47277A3E6EA9E589378091ABA26574
              SHA-512:DF02BADAD2E6C79544D6B6B03FA0E5DEAB5612A4418D053D1D1E1AD3DE16BDAB1CD2ECBCC406F2DE748249113E550CEC0FDBEB46F59B19FBF9FD753985D6BF1F
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"51b7a427-ae89-4502-8e12-f38ae9ded2e5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728490056948,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):1054
              Entropy (8bit):5.6633078559228744
              Encrypted:false
              SSDEEP:24:Yv6XXkzvVamXayLgE6cTg4QSOGtNaqnl0RCmK8czOC/CrfS1:YvPhBgSXQSrOAh8cv6m1
              MD5:965A9F36FEA63EA662BE81D028A41F2F
              SHA1:4CB8F5CBC143A8C01D213876EE8709D609E309FE
              SHA-256:E5BBAEB8E5011AB9E973DA958E37262B6F9DB5BABB129CD5A9F116087BEB1FA3
              SHA-512:4D9A42866406DD3485368F4E3BB779DCB19843C1D937A464E8E3348F04220D6C3313328A1C990136F76887D049ED6891E359B1AA84B29AE2011121A1E7CA1521
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"51b7a427-ae89-4502-8e12-f38ae9ded2e5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728490056948,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_1","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"7fe39695-394c-4706-9b50-651e7499d428","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNoYWxsZW5nZXIyIn0=","dataType":"application\/json","encodingScheme":tru

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):286
              Entropy (8bit):5.2411105380219745
              Encrypted:false
              SSDEEP:6:YEQXJ2HXXyRx9WdVoZcg1vRcR0YGRZoAvJfshHHrPeUkwRe9:YvXKXXwnZc0vwGUUUkee9
              MD5:3C80A2583353539AAE2776728EF95440
              SHA1:F8395F42D394634CCF34B523B89A85AF124836DB
              SHA-256:EEEEC19313E90A6FA83C7B3A8187B93B5A3D050B6A2D6525AA8325C9EA9B46AA
              SHA-512:D863DFB56B0C9F6C0EE4FE8C6C3D73203871EF79774D3812B772DD6AC81736EE3A93D4467E6FEFE922DCF68BB254277B183C56CAFFFB56249C1885EC8FA55624
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"51b7a427-ae89-4502-8e12-f38ae9ded2e5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728490056948,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):782
              Entropy (8bit):5.364214392771915
              Encrypted:false
              SSDEEP:12:YvXKXXwnZc0vwGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWtWZ1:Yv6XXkzvm168CgEXX5kcIfANh1
              MD5:08A0CC44AFF844429FF5A674092F37CE
              SHA1:C90F1847877EC89959D25FD9B22B72E398CF8B22
              SHA-256:312B2B312A6EE8731673D5E6FAA150B1DAD0900C8FA54149F59C5FCF2028C2BC
              SHA-512:D18F37A40A7124A098F2DC6B50FA24C0E8AD4C23B04E8E0D36FAC0AB5AAF967C3EF99ECEB431BFC43482FB4993FFEB295D92B7ED318E9523F04A344B3F6B11B4
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"51b7a427-ae89-4502-8e12-f38ae9ded2e5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728490056948,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1728313071981}}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:data
              Category:dropped
              Size (bytes):4
              Entropy (8bit):0.8112781244591328
              Encrypted:false
              SSDEEP:3:e:e
              MD5:DC84B0D741E5BEAE8070013ADDCC8C28
              SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
              SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
              SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
              Malicious:false
              Preview:....

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):2818
              Entropy (8bit):5.12495139929827
              Encrypted:false
              SSDEEP:24:YUafEZauNayS3VWCrFySQFW6u27YbCjS+Hj0Sqv3EYG2Ai2LS0hgh5Ri9IbMuu7j:YvEuFyZFXu2UA/DI3EzLi2Shni9IS
              MD5:080FD82989124A43D36AA20EC3A90297
              SHA1:5FEE1C9543AD31F2D72DE9D74AB4234BF860890E
              SHA-256:5D01A2CFAC37BC9D1377A2B376AD53C9396ECA887C75C920755F99DA24AB7BD8
              SHA-512:17216D9B5BECBEEAA7285167F1ACD1857B9B1439E6FB4F7AB1D59F7086D071C34DD7CDEEFFB88F3CD5D8932D8CF96D3FF553E7641AA5BF3B2AAA7D75F5D479F5
              Malicious:false
              Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"93a1ab46b1cf78ba5dfa1aa87b8e1efc","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1728313071000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"09a03553f2eab7dcf8dce6e37978ff3b","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1728313071000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"9159a139d59c29b1b7ed212398a6c29f","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1054,"ts":1728313071000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"ea2865e3939fa606abbea593488f7419","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1091,"ts":1728313071000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"53e602decf525ba6d3d022d925add240","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1098,"ts":1728313071000},{"id":"Edit_InApp_Aug2020","info":{"dg":"f2c4616e3b917794938efe7720b59d90","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
              Category:dropped
              Size (bytes):12288
              Entropy (8bit):1.1876740337253244
              Encrypted:false
              SSDEEP:48:TGufl2GL7msEHUUUUUUUUVUSvR9H9vxFGiDIAEkGVvpZ6:lNVmswUUUUUUUUVU+FGSItV6
              MD5:C5837A7C352A85B404FCC1DBF0015ACB
              SHA1:2FF439CC7B0D281AA6ED636182B9F78465B8425C
              SHA-256:786E4995DC6DCE4ECA3A60B20FCA972D31CE61C2317E8807C67B6979696E11D0
              SHA-512:64DE01512117C80A0D7E3309A41E63B9DD06248B6F27E9C96A6506E109110C0DC3375B97C855649038299D54A2A3454033C811A08EAB43CAC6C6A5881885E994
              Malicious:false
              Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):8720
              Entropy (8bit):1.6074607275373352
              Encrypted:false
              SSDEEP:48:7MnKUUUUUUUUUUV2vR9H9vxFGiDIAEkGVv0qFl2GL7ms7:7NUUUUUUUUUUV6FGSItOKVms7
              MD5:ACD194F5795627864E70F48C335BA3BF
              SHA1:DFF13D753AF194AD2FB08656CEB4BFA9A8FA2BC9
              SHA-256:0B2D28EE9546417042A67EF92520FA579F99A3E1E0148603D563AF1AFD4B9B37
              SHA-512:A9D4AE69B0D851CD9A69D79B7BDE4B4A77DF0E21F23842E9823ACC847CA8CD6145FE71D3F870CA3838B33C12F658491B5A83998B3DFD7278EC81F8B594F0D865
              Malicious:false
              Preview:.... .c........N......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Temp\MSI4e4d9.LOG

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
              Category:dropped
              Size (bytes):246
              Entropy (8bit):3.5197430193686525
              Encrypted:false
              SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8yQRqdN4qw:Qw946cPbiOxDlbYnuRKTkqw
              MD5:019B2E4D0B26A47B49056FEEEAB3ABB8
              SHA1:1173554601614CEA11CACF244DA11C6A3E88036D
              SHA-256:D13A44749BE2706D7F8D94C6606582227AE8615AC2C9AEC34F7D85619585698D
              SHA-512:852CD162E3A549573F682DC7AFB20DDACD82DC0FD1767F6427E9F8CA7AB4AD96F2701C2A309DA2CD857C14ADB7AF412BD37393F4D79BAC47619AC1A515614E16
              Malicious:false
              Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.7./.1.0./.2.0.2.4. . .1.0.:.5.7.:.5.8. .=.=.=.....

              C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91rkyte5_8m7fee_5b4.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:PDF document, version 1.6, 0 pages
              Category:dropped
              Size (bytes):358
              Entropy (8bit):5.022616579335843
              Encrypted:false
              SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOIcDDncDDdLCSyAAO:IngVMre9T0HQIDmy9g06JXRDADpLlX
              MD5:2BECB669B68F5679F34554DF0BA5F4C3
              SHA1:574185470AA8B0A56D0511604131D5DB8055F790
              SHA-256:79DA7DE35669CC82D497911F0AAFD73552D6EA11F0F858762D88219C4342CCEF
              SHA-512:2C623B657A3888EA4153CB9B848B87EAAF4EE04840135E8680CCE542FFAEC01345D1BAB9EAC7F954A6B0B2AD0832B9C88009C9624ACD1F709020AB4B2F70ACED
              Malicious:false
              Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<83D0B3906D32894C8E7A6726405708D1><83D0B3906D32894C8E7A6726405708D1>]>>..startxref..127..%%EOF..

              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 10-57-48-155.log

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:ASCII text, with very long lines (393)
              Category:dropped
              Size (bytes):16525
              Entropy (8bit):5.345946398610936
              Encrypted:false
              SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
              MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
              SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
              SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
              SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
              Malicious:false
              Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:ASCII text, with very long lines (393), with CRLF line terminators
              Category:dropped
              Size (bytes):15114
              Entropy (8bit):5.340751674895734
              Encrypted:false
              SSDEEP:384:+rXaKKTkNXoYtUqVmY5Y4cVgDAUlXHn8213xjLh5hFLiNyp+WBFX0j0BQourF6i4:OBR
              MD5:7ED1D7031025B65FB0168DA0EBD3A606
              SHA1:47497922D7827137904645DAD08D8DBB8C1AC01D
              SHA-256:AEF2988EF4EA7BB31ADA2E991F5FD0D67E333C4EFBC3A5B3B81B91EA8B8ECD5A
              SHA-512:616C2B4716FAE2E3573607259C4EFBD2C22FE7B40871559948D7688475FF178DBAE41B95D851F04EFB139B6C0CECCABF105F73691F2678CDAAD559AB709B5549
              Malicious:false
              Preview:SessionID=61eb8850-6443-4326-9845-a326c9344036.1728313068185 Timestamp=2024-10-07T10:57:48:185-0400 ThreadID=7604 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=61eb8850-6443-4326-9845-a326c9344036.1728313068185 Timestamp=2024-10-07T10:57:48:186-0400 ThreadID=7604 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=61eb8850-6443-4326-9845-a326c9344036.1728313068185 Timestamp=2024-10-07T10:57:48:186-0400 ThreadID=7604 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=61eb8850-6443-4326-9845-a326c9344036.1728313068185 Timestamp=2024-10-07T10:57:48:186-0400 ThreadID=7604 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=61eb8850-6443-4326-9845-a326c9344036.1728313068185 Timestamp=2024-10-07T10:57:48:187-0400 ThreadID=7604 Component=ngl-lib_NglAppLib Description="SetConf

              C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):29752
              Entropy (8bit):5.391076713695377
              Encrypted:false
              SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r6:W
              MD5:1BF7E81DC57CF271715A28DEBD8143F8
              SHA1:AA6CB717380801BBFDC80BD59205C7E6F424833A
              SHA-256:C06070E48F304284239F713F60E268F613454BED0BC1FFAC96B06F9D8226E572
              SHA-512:EE46D9EDFE6E1930736AA5615BD2330B96261DB0AB3DAE55D32254BF2AA2D3C6FDFA054989F8C406F69C68B8F1E2A7E3F82B0451525F6F5C63FC9235BD659B91
              Malicious:false
              Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

              C:\Users\user\AppData\Local\Temp\acrocef_low\2aafcc4e-8f5f-41d9-a39e-d2a357dc8ab5.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
              Category:dropped
              Size (bytes):1407294
              Entropy (8bit):7.97605879016224
              Encrypted:false
              SSDEEP:24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLRGZeeYIGNPgwe:RB3mlind9i4ufFXpAXkrfUs03WLRGZeo
              MD5:4CE4F3C683F8475A153D49CE9D564CC0
              SHA1:CACCCD048618D9061E659D23D0A41245017247A3
              SHA-256:431E27ABE645101F0A6D54C2E219DA84ECB98C964D9EB76D4CB16A9C83108F31
              SHA-512:23CF2F18470FA7F3F43E8CAF6259404290D46502114020FB6687205F098366FBCF6D89D4F3F856E693E11B44AE31B64F1F1B03E445BC73D5572E1E7175A89ECC
              Malicious:false
              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

              C:\Users\user\AppData\Local\Temp\acrocef_low\4c7eec8c-34cb-468c-86b0-ac073c0507c0.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
              Category:dropped
              Size (bytes):386528
              Entropy (8bit):7.9736851559892425
              Encrypted:false
              SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
              MD5:5C48B0AD2FEF800949466AE872E1F1E2
              SHA1:337D617AE142815EDDACB48484628C1F16692A2F
              SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
              SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
              Malicious:false
              Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

              C:\Users\user\AppData\Local\Temp\acrocef_low\94a84b75-c1e9-4e34-8383-2db082fe8958.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
              Category:dropped
              Size (bytes):758601
              Entropy (8bit):7.98639316555857
              Encrypted:false
              SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
              MD5:3A49135134665364308390AC398006F1
              SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
              SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
              SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
              Malicious:false
              Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

              C:\Users\user\AppData\Local\Temp\acrocef_low\ec6c1628-7279-48e3-bf6c-80f9667cf92c.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
              Category:dropped
              Size (bytes):1419751
              Entropy (8bit):7.976496077007677
              Encrypted:false
              SSDEEP:24576:/xA7owWLkwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLkwZGuGZn3mlind9i4ufFXpAXkru
              MD5:CA6B0D9F8DDC295DACE8157B69CA7CF6
              SHA1:6299B4A49AB28786E7BF75E1481D8011E6022AF4
              SHA-256:A933C727CE6547310A0D7DAD8704B0F16DB90E024218ACE2C39E46B8329409C7
              SHA-512:9F150CDA866D433BD595F23124E369D2B797A0CA76A69BA98D30DF462F0A95D13E3B0834887B5CD2A032A55161A0DC8BB30C16AA89663939D6DCF83FAC056D34
              Malicious:false
              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

              Static File Info

              General

              File type:PDF document, version 1.4, 1 pages
              Entropy (8bit):7.948767677633712
              TrID:
              • Adobe Portable Document Format (5005/1) 100.00%
              File name:240224.pdf
              File size:29'838 bytes
              MD5:484710419547229bf9815338935e2b25
              SHA1:193f7a605a13e3b468654e3e1fcec663fd8de4d2
              SHA256:30d515fccee55b568b05514a6ef29fb6e32a75adb938651584a4760eec9a1cc0
              SHA512:b6671cd0cafd510e79cc54a30a0b6e539fa08158ce9db532ff4d14106ba5131edd8692cc1a68d2488741653b5dae98dc7dc3f87104bc69b929358168719cd84f
              SSDEEP:384:SITbCXas+2t61ExMmoeZxJB3ZmLIGB2SOe1JNank0/mqCPmYC8BkRQ7Z1DD2uNqP:SMbC3MgZF3ZmLIGMq3aeBF1PqkldGf71
              TLSH:99D2E108B94A8ACDD9D49383FB064133A52FBD8325C8E2C564B1D2C3758CE676F63E52
              File Content Preview:%PDF-1.4..5 0 obj..<<../Type /XObject../Subtype /Image../Filter /FlateDecode../Length 11205../Width 369../Height 166../BitsPerComponent 8../ColorSpace /DeviceRGB..>>..stream..x...y\U...i...e.Cj!.B*.2i..........Y...S.h.sN...3......"....2.)V^.*3.V.....{..9{

              File Icon

              Icon Hash:62cc8caeb29e8ae0

              Static PDF Info

              General

              Header:%PDF-1.4
              Total Entropy:7.948768
              Total Bytes:29838
              Stream Entropy:7.987333
              Stream Bytes:27303
              Entropy outside Streams:5.164724
              Bytes outside Streams:2535
              Number of EOF found:1
              Bytes after EOF:

              Keywords Statistics

              NameCount
              obj17
              endobj17
              stream5
              endstream5
              xref1
              trailer1
              startxref1
              /Page1
              /Encrypt0
              /ObjStm0
              /URI0
              /JS0
              /JavaScript0
              /AA0
              /OpenAction0
              /AcroForm0
              /JBIG2Decode0
              /RichMedia0
              /Launch0
              /EmbeddedFile0

              Network Behavior

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Oct 7, 2024 16:57:58.938426971 CEST49742443192.168.2.423.195.76.153
              Oct 7, 2024 16:57:58.938491106 CEST4434974223.195.76.153192.168.2.4
              Oct 7, 2024 16:57:58.938575029 CEST49742443192.168.2.423.195.76.153
              Oct 7, 2024 16:57:58.938846111 CEST49742443192.168.2.423.195.76.153
              Oct 7, 2024 16:57:58.938864946 CEST4434974223.195.76.153192.168.2.4
              Oct 7, 2024 16:57:59.482620955 CEST4434974223.195.76.153192.168.2.4
              Oct 7, 2024 16:57:59.482944012 CEST49742443192.168.2.423.195.76.153
              Oct 7, 2024 16:57:59.483016014 CEST4434974223.195.76.153192.168.2.4
              Oct 7, 2024 16:57:59.486593008 CEST4434974223.195.76.153192.168.2.4
              Oct 7, 2024 16:57:59.486702919 CEST49742443192.168.2.423.195.76.153
              Oct 7, 2024 16:57:59.489413023 CEST49742443192.168.2.423.195.76.153
              Oct 7, 2024 16:57:59.489577055 CEST49742443192.168.2.423.195.76.153
              Oct 7, 2024 16:57:59.489592075 CEST4434974223.195.76.153192.168.2.4
              Oct 7, 2024 16:57:59.489617109 CEST4434974223.195.76.153192.168.2.4
              Oct 7, 2024 16:57:59.535491943 CEST49742443192.168.2.423.195.76.153
              Oct 7, 2024 16:57:59.535517931 CEST4434974223.195.76.153192.168.2.4
              Oct 7, 2024 16:57:59.582344055 CEST49742443192.168.2.423.195.76.153
              Oct 7, 2024 16:57:59.593086004 CEST4434974223.195.76.153192.168.2.4
              Oct 7, 2024 16:57:59.593225002 CEST4434974223.195.76.153192.168.2.4
              Oct 7, 2024 16:57:59.593350887 CEST49742443192.168.2.423.195.76.153
              Oct 7, 2024 16:57:59.593628883 CEST49742443192.168.2.423.195.76.153
              Oct 7, 2024 16:57:59.593666077 CEST4434974223.195.76.153192.168.2.4
              Oct 7, 2024 16:57:59.593689919 CEST49742443192.168.2.423.195.76.153
              Oct 7, 2024 16:57:59.593911886 CEST49742443192.168.2.423.195.76.153

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Oct 7, 2024 16:57:58.547277927 CEST4928753192.168.2.41.1.1.1

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Oct 7, 2024 16:57:58.547277927 CEST192.168.2.41.1.1.10xd5ddStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Oct 7, 2024 16:57:58.555743933 CEST1.1.1.1192.168.2.40xd5ddNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

              HTTP Request Dependency Graph

              • armmf.adobe.com

              HTTPS Proxied Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.44974223.195.76.1534432056C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              TimestampBytes transferredDirectionData
              2024-10-07 14:57:59 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
              Host: armmf.adobe.com
              Connection: keep-alive
              Accept-Language: en-US,en;q=0.9
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
              Sec-Fetch-Site: same-origin
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: empty
              Accept-Encoding: gzip, deflate, br
              If-None-Match: "78-5faa31cce96da"
              If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
              2024-10-07 14:57:59 UTC198INHTTP/1.1 304 Not Modified
              Content-Type: text/plain; charset=UTF-8
              Last-Modified: Mon, 01 May 2023 15:02:33 GMT
              ETag: "78-5faa31cce96da"
              Date: Mon, 07 Oct 2024 14:57:59 GMT
              Connection: close


              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:10:57:44
              Start date:07/10/2024
              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\240224.pdf"
              Imagebase:0x7ff6bc1b0000
              File size:5'641'176 bytes
              MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:1
              Start time:10:57:45
              Start date:07/10/2024
              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
              Imagebase:0x7ff74bb60000
              File size:3'581'912 bytes
              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:3
              Start time:10:57:45
              Start date:07/10/2024
              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1588,i,5033004123190415020,17179557172345066960,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
              Imagebase:0x7ff7699e0000
              File size:3'581'912 bytes
              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              Disassembly

              No disassembly