Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Due Inv 959753 Larry Cooper.pdf

Overview

General Information

Sample name:Due Inv 959753 Larry Cooper.pdf
Analysis ID:1528476
MD5:e7e7c24f3af6310a8a89b32a1897c27b
SHA1:2581545c663d468a600c76189aad5e5028ba2b1d
SHA256:ac46b15718abaa83c8c846cc57db0ed22cdda5c3690ad6571713a061d38133b4
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 5656 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Due Inv 959753 Larry Cooper.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 5976 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6088 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1704,i,17496537539928788989,11339793591484358294,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 23.195.92.153:443 -> 192.168.2.5:49728
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 23.195.92.153:443 -> 192.168.2.5:49728
Source: global trafficTCP traffic: 23.195.92.153:443 -> 192.168.2.5:49728
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 23.195.92.153:443 -> 192.168.2.5:49728
Source: global trafficTCP traffic: 23.195.92.153:443 -> 192.168.2.5:49728
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 23.195.92.153:443 -> 192.168.2.5:49728
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 23.195.92.153:443 -> 192.168.2.5:49728
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 23.195.92.153:443 -> 192.168.2.5:49728
Source: global trafficTCP traffic: 23.195.92.153:443 -> 192.168.2.5:49728
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 23.195.92.153:443 -> 192.168.2.5:49728
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficTCP traffic: 192.168.2.5:49728 -> 23.195.92.153:443
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.92.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.92.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.92.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.92.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.92.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.92.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.92.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.92.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.92.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.92.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.92.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.92.153
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: classification engineClassification label: clean2.winPDF@14/49@2/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5784Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 18-02-01-449.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Due Inv 959753 Larry Cooper.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1704,i,17496537539928788989,11339793591484358294,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1704,i,17496537539928788989,11339793591484358294,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Due Inv 959753 Larry Cooper.pdfInitial sample: PDF keyword /JS count = 0
Source: Due Inv 959753 Larry Cooper.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: A91fvh9w2_1ml3ifl_4go.tmp.0.drInitial sample: PDF keyword /JS count = 0
Source: A91fvh9w2_1ml3ifl_4go.tmp.0.drInitial sample: PDF keyword /JavaScript count = 0
Source: Due Inv 959753 Larry Cooper.pdfInitial sample: PDF keyword stream count = 699
Source: Due Inv 959753 Larry Cooper.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: Due Inv 959753 Larry Cooper.pdfInitial sample: PDF keyword endobj count = 1856
Source: Due Inv 959753 Larry Cooper.pdfInitial sample: PDF keyword endstream count = 699
Source: Due Inv 959753 Larry Cooper.pdfInitial sample: PDF keyword obj count = 1856
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528476 Sample: Due Inv 959753 Larry Cooper.pdf Startdate: 08/10/2024 Architecture: WINDOWS Score: 2 14 x1.i.lencr.org 2->14 7 Acrobat.exe 18 75 2->7         started        process3 process4 9 AcroCEF.exe 105 7->9         started        process5 11 AcroCEF.exe 2 9->11         started        dnsIp6 16 23.195.92.153, 443, 49728 AKAMAI-ASUS United States 11->16

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
    • URL Reputation: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    23.195.92.153
    		unknownUnited States
    		16625AKAMAI-ASUSfalse

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1528476
    Start date and time:2024-10-08 00:00:38 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 4m 42s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowspdfcookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:9
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:Due Inv 959753 Larry Cooper.pdf
    Detection:CLEAN
    Classification:clean2.winPDF@14/49@2/1
    Cookbook Comments:
    • Found application associated with file extension: .pdf
    • Found PDF document
    • Close Viewer

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 184.28.88.176, 18.207.85.246, 54.144.73.197, 107.22.247.231, 34.193.227.236, 172.64.41.3, 162.159.61.3, 2.23.197.184, 2.19.126.143, 2.19.126.149, 23.219.161.132
    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, ssl-delivery.adobe.com.edgekey.net, acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, p13n.adobe.io, geo2.adobe.com, acroipm2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
    • Report size exceeded maximum capacity and may have missing behavior information.
    • Report size getting too big, too many NtCreateFile calls found.
    • VT rate limit hit for: Due Inv 959753 Larry Cooper.pdf

    Simulations

    Behavior and APIs

    TimeTypeDescription
    18:02:07API Interceptor1x Sleep call for process: AcroCEF.exe modified

    LLM Input / Output

    InputOutput
    URL: PDF document Model: jbxai
    {
"brand":["Ethics advisory inc"],
"contains_trigger_text":true,
"trigger_text":"Legal Counsel: Professional Practice and Ethics in Leadership and Legal Advisory Services",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"text":"Invoice Ethics advisory inc 950 3rd Ave Floor 18,
 New York,
 NY 10022 Ein- 99-4465459 Bill to : Embassy Suites by Hilton Huntsville Hotel and Spa (Larry Cooper) 800 Monroe Street,
 Huntsville,
 AL 35801 Invoice No: 959753 Invoice Date: 08/02/2024 Due Date: 08/02/2024 ID Description Quantity Price 4052 Legal Counsel: Professional Practice and Ethics in Leadership and Legal Advisory Services 1 $49,
540.00 Subtotal: $49,
540.00 Total: $49,
540.00 Terms & Conditions: Payment by Check not allowed: Wire and ACH payments ONLY Bank Name: Use Credit Union 690 kenmore ave buffalo ny 14216 Business Name : Ethics advisory inc Account number: 214 84 704 ACH Routing number: 322 079 557 Wire Routing number: 322 079 557",
"has_visible_qrcode":false}

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    23.195.92.153https://img1.wsimg.com/blobby/go/0fb15fac-f667-4c74-8a1e-27661514d143/downloads/87458256888.pdfGet hashmaliciousUnknownBrowse
      Xerox-029_Scanned.pdfGet hashmaliciousPhisherBrowse
        doc_inv_09-12#965.pdfGet hashmaliciousUnknownBrowse
          https://media.licdn.com/dms/document/media/D4E1FAQFram3UGSHYZQ/feedshare-document-pdf-analyzed/0/1725552110461?e=1726704000&v=beta&t=kxXy05WGqAyZZMykyHMzPHRlrrBSwzFuGQYibTo-8eAGet hashmaliciousUnknownBrowse

            Domains

            No context

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            AKAMAI-ASUSPFW1cgN8EK.exeGet hashmaliciousLummaCBrowse
            • 104.102.49.254
            file.exeGet hashmaliciousLummaCBrowse
            • 104.102.49.254
            SecuriteInfo.com.Win32.PWSX-gen.27846.23954.exeGet hashmaliciousLummaCBrowse
            • 104.102.49.254
            utmggBCMML.exeGet hashmaliciousLummaCBrowse
            • 104.102.49.254
            lihZ6gUU7V.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
            • 104.102.49.254
            Bn7LPdQA1s.exeGet hashmaliciousLummaC, VidarBrowse
            • 104.102.49.254
            https://www.dropbox.com/scl/fi/qo6796ed7hlrt0v8k9nr6/Patagonia-Health-Barcode-Scanner-Setup-2024.exe?rlkey=5bmndvx8124ztopqewiogbnlt&st=yvxpokhf&dl=0Get hashmaliciousUnknownBrowse
            • 184.28.90.27
            file.exeGet hashmaliciousLummaCBrowse
            • 104.102.49.254
            https://dsdhie.org/dsjhemGet hashmaliciousUnknownBrowse
            • 88.221.169.152
            SecuriteInfo.com.Win32.PWSX-gen.19404.14810.exeGet hashmaliciousLummaCBrowse
            • 92.122.104.90

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):291
            Entropy (8bit):5.242543928137051
            Encrypted:false
            SSDEEP:6:DyOq2P92nKuAl9OmbnIFUt8COZmw+CFkwO92nKuAl9OmbjLJ:DyOv4HAahFUt8CO/+CF5LHAaSJ
            MD5:933FB6EB39C5D1DF93B19FA25A9CA570
            SHA1:8ED61F87F67211109AC2B48924439688D408BD6F
            SHA-256:8D2A593C13E94B909EE730ECC7126D323048DCDC56B77C35E712E541C236A2F2
            SHA-512:14116F41DA73DCDC700BB12E54E8CB84E90D8F48F80A2E49345760A8C2700A45C7D249CA99FAB0723D737B1921CE7084B386A267A678E9FDE65D4FFCF7D94381
            Malicious:false
            Reputation:low
            Preview:2024/10/07-18:01:59.733 5f4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/07-18:01:59.755 5f4 Recovering log #3.2024/10/07-18:01:59.758 5f4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):291
            Entropy (8bit):5.242543928137051
            Encrypted:false
            SSDEEP:6:DyOq2P92nKuAl9OmbnIFUt8COZmw+CFkwO92nKuAl9OmbjLJ:DyOv4HAahFUt8CO/+CF5LHAaSJ
            MD5:933FB6EB39C5D1DF93B19FA25A9CA570
            SHA1:8ED61F87F67211109AC2B48924439688D408BD6F
            SHA-256:8D2A593C13E94B909EE730ECC7126D323048DCDC56B77C35E712E541C236A2F2
            SHA-512:14116F41DA73DCDC700BB12E54E8CB84E90D8F48F80A2E49345760A8C2700A45C7D249CA99FAB0723D737B1921CE7084B386A267A678E9FDE65D4FFCF7D94381
            Malicious:false
            Reputation:low
            Preview:2024/10/07-18:01:59.733 5f4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/07-18:01:59.755 5f4 Recovering log #3.2024/10/07-18:01:59.758 5f4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):338
            Entropy (8bit):5.175368161333178
            Encrypted:false
            SSDEEP:6:WRjL+q2P92nKuAl9Ombzo2jMGIFUt8FR11Zmw+FXFmlLVkwO92nKuAl9Ombzo2jz:WMv4HAa8uFUt8F/1/+FVmz5LHAa8RJ
            MD5:1CE0C6029038C19C5F940850C80443C9
            SHA1:7F601E6345EBF1A09A2F5EB12D8E8B81FCB852AB
            SHA-256:57C9BD9117400021E90C306DE9FE9281D6856C2D1BAB51747A5FEBDF5384FCA2
            SHA-512:F168A93A4819602B6D23E603C1B53FF881C37A85D00A6740910D180D09BCCF5FCD3A93FA1A13737EA01A359D2D1E6833E0477C2F4AF708D82420738295A46169
            Malicious:false
            Reputation:low
            Preview:2024/10/07-18:01:59.821 19a8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/07-18:01:59.821 19a8 Recovering log #3.2024/10/07-18:01:59.822 19a8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):338
            Entropy (8bit):5.175368161333178
            Encrypted:false
            SSDEEP:6:WRjL+q2P92nKuAl9Ombzo2jMGIFUt8FR11Zmw+FXFmlLVkwO92nKuAl9Ombzo2jz:WMv4HAa8uFUt8F/1/+FVmz5LHAa8RJ
            MD5:1CE0C6029038C19C5F940850C80443C9
            SHA1:7F601E6345EBF1A09A2F5EB12D8E8B81FCB852AB
            SHA-256:57C9BD9117400021E90C306DE9FE9281D6856C2D1BAB51747A5FEBDF5384FCA2
            SHA-512:F168A93A4819602B6D23E603C1B53FF881C37A85D00A6740910D180D09BCCF5FCD3A93FA1A13737EA01A359D2D1E6833E0477C2F4AF708D82420738295A46169
            Malicious:false
            Reputation:low
            Preview:2024/10/07-18:01:59.821 19a8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/07-18:01:59.821 19a8 Recovering log #3.2024/10/07-18:01:59.822 19a8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\3607cd47-4767-497a-bb56-bb3bc055fbfe.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:JSON data
            Category:modified
            Size (bytes):508
            Entropy (8bit):5.062206218541722
            Encrypted:false
            SSDEEP:12:YH/um3RA8sqG8sBdOg2HwSfcaq3QYiubxnP7E4T3OF+:Y2sRdsPBdMHwSu3QYhbxP7nbI+
            MD5:64E74E500E3BF7819F3DF5D7C08240F6
            SHA1:6994726B8D06FDD4639829ABA4CB1BE5353DD998
            SHA-256:8B52C5C1EC9424CA85A5D0FEF5F485DD591831CA898FE8F487376B5C0F5BFAB4
            SHA-512:6773CD4A847A00E3C2D176780FD889990D67C9D7CED6C0D32639DBBC1ABE60A2431500296418BB02B84698C0572397EB04ACB47E158CDFF01E570A5AEA251D96
            Malicious:false
            Reputation:low
            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372898531075401","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":120077},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):508
            Entropy (8bit):5.062206218541722
            Encrypted:false
            SSDEEP:12:YH/um3RA8sqG8sBdOg2HwSfcaq3QYiubxnP7E4T3OF+:Y2sRdsPBdMHwSu3QYhbxP7nbI+
            MD5:64E74E500E3BF7819F3DF5D7C08240F6
            SHA1:6994726B8D06FDD4639829ABA4CB1BE5353DD998
            SHA-256:8B52C5C1EC9424CA85A5D0FEF5F485DD591831CA898FE8F487376B5C0F5BFAB4
            SHA-512:6773CD4A847A00E3C2D176780FD889990D67C9D7CED6C0D32639DBBC1ABE60A2431500296418BB02B84698C0572397EB04ACB47E158CDFF01E570A5AEA251D96
            Malicious:false
            Reputation:low
            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372898531075401","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":120077},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:dropped
            Size (bytes):4509
            Entropy (8bit):5.233719227341628
            Encrypted:false
            SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLU/adBaZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLY
            MD5:51A47701A49697B2C2063F1BF83C1778
            SHA1:91A0D4C3F8F1C764F84662BBF9A43BFEB7561965
            SHA-256:2C2A5DE3E086FE11849320285BB87BE44F7E8DE85AC98BC7777F8E497475A88A
            SHA-512:9B439C3FC65C24EC634D77B62C1947562CDCE40BA924CB7F69A941B27422C0B5D076A2B3016FC9588818F574C05FE558A82341AA1A574CF5ED927F9DA5F10A81
            Malicious:false
            Reputation:low
            Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):326
            Entropy (8bit):5.147156721353876
            Encrypted:false
            SSDEEP:6:tfPHlL+q2P92nKuAl9OmbzNMxIFUt8ifl1Zmw+ifFmlLVkwO92nKuAl9OmbzNMFd:tfPHIv4HAa8jFUt8ifl1/+ifFu5LHAab
            MD5:1CFBC60B9A3CC486417952BF9E90C2DE
            SHA1:4F0FC7F478988AFA2F37949D2970297A97E5CF25
            SHA-256:77D63F6202A1949607963989A7C0F63671B6316F63C0965B011E7829DCC19F53
            SHA-512:01713CFF724FC9F8F17E435CE3FFB92B1B646E0651398B1298EEB18DD3173DAEA12108986E84EA6C1BAC5C0C01DD03DA5D10D57363AEFED38E39BBE60C2136CA
            Malicious:false
            Reputation:low
            Preview:2024/10/07-18:02:00.272 19a8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/07-18:02:00.274 19a8 Recovering log #3.2024/10/07-18:02:00.275 19a8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):326
            Entropy (8bit):5.147156721353876
            Encrypted:false
            SSDEEP:6:tfPHlL+q2P92nKuAl9OmbzNMxIFUt8ifl1Zmw+ifFmlLVkwO92nKuAl9OmbzNMFd:tfPHIv4HAa8jFUt8ifl1/+ifFu5LHAab
            MD5:1CFBC60B9A3CC486417952BF9E90C2DE
            SHA1:4F0FC7F478988AFA2F37949D2970297A97E5CF25
            SHA-256:77D63F6202A1949607963989A7C0F63671B6316F63C0965B011E7829DCC19F53
            SHA-512:01713CFF724FC9F8F17E435CE3FFB92B1B646E0651398B1298EEB18DD3173DAEA12108986E84EA6C1BAC5C0C01DD03DA5D10D57363AEFED38E39BBE60C2136CA
            Malicious:false
            Reputation:low
            Preview:2024/10/07-18:02:00.272 19a8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/07-18:02:00.274 19a8 Recovering log #3.2024/10/07-18:02:00.275 19a8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241007220203Z-170.bmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
            Category:dropped
            Size (bytes):65110
            Entropy (8bit):1.341979297496485
            Encrypted:false
            SSDEEP:192:6m1Bv9KT7txNY9bvrXj+VlRSqqeA+VlEYbyEnQvO1p5:BZNqbyEQvO1p5
            MD5:28F1EC3648C2082CA3DCAD6B3EA0D0DC
            SHA1:C0E0EFDD4E6BBC183648586D64CE70678D9DD648
            SHA-256:954BACC705FACE0250321094A2BBF3E168F7A426EA6A800B28F66F4317E2AF95
            SHA-512:17044D5687E5A9D6A81696EF7CA5033607A0058591C27AB8622F613798A6A6C015D0350F58F4C8089B8F29B122D1E2C285BB1F751A0F767B4EC499617673E6B5
            Malicious:false
            Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 3, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 3
            Category:dropped
            Size (bytes):57344
            Entropy (8bit):3.2933651301174947
            Encrypted:false
            SSDEEP:192:/edRBWVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:/eAci5H5FY+EUUUTTcHqFzqFP
            MD5:735DE675606BC1903C6332B32DF0D943
            SHA1:2E6A4CEEB079BB2A39C5C9A2FB5116EDF15C97EF
            SHA-256:BBFF3EFF4AD22DC39B225F94961A62C05A319661BAB4DE6F05DD85BAEB080C7A
            SHA-512:CDFE3FD6E108C74318E97C30349F853AC9B94D8F7CBE6EB88188AC397004E3D08891BA5C109345C8D181F6650FD9FFC45BD236967CC9F0C3C0A3D627CBF23CC6
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite Rollback Journal
            Category:dropped
            Size (bytes):8720
            Entropy (8bit):2.203689627941648
            Encrypted:false
            SSDEEP:24:7+tjiMEWewKuqLazkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmfV:7MjrUuqemFTIF3XmHjBoGGR+jMz+Lht
            MD5:D040BE8D5DF9A249F2B355E7CEC5A923
            SHA1:CB84F0A590C9D42134DD105D17A4D6842E947C1B
            SHA-256:2601E62FF3E0D8FD592AC4FD631447492D3CE78B65113B88ED27C51D0B21424F
            SHA-512:5628FABCF6071D694D6A6AA5D93402313612F8F9A1CFF673DF3FEF39D3B8EBF28163BEAEF07DE648ADD7C0DF1E15EBDD29F2DA3C282DE8F4A605842E2E2F12D1
            Malicious:false
            Preview:.... .c.......U........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:Certificate, Version=3
            Category:dropped
            Size (bytes):1391
            Entropy (8bit):7.705940075877404
            Encrypted:false
            SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
            MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
            SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
            SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
            SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
            Malicious:false
            Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:dropped
            Size (bytes):192
            Entropy (8bit):2.7457468364538267
            Encrypted:false
            SSDEEP:3:kkFklc/k88XfllXlE/HT8kyLlzltNNX8RolJuRdxLlGB9lQRYwpDdt:kKF/k8lT8nNMa8RdWBwRd
            MD5:6CC10D812C720573295FFA729C641A88
            SHA1:934F5965BCF1F70D93DB2AE643502A4553863137
            SHA-256:9B520A8D6EF028C4924D61E5D3C2BEBE61B1C0768345265DE3FBFB2E5C268AF4
            SHA-512:4204831EB56E4AC39871871E6317E64217072EF57D43FA98C2630DDFD69639A15D79541D1B50BE6EA71D90CD72C12D923BC844E850BA0205D07F188FBADF8B4E
            Malicious:false
            Preview:p...... ................(....................................................... ..........W.....L..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5784

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PostScript document text
            Category:dropped
            Size (bytes):185099
            Entropy (8bit):5.182478651346149
            Encrypted:false
            SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
            MD5:94185C5850C26B3C6FC24ABC385CDA58
            SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
            SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
            SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
            Malicious:false
            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PostScript document text
            Category:dropped
            Size (bytes):185099
            Entropy (8bit):5.182478651346149
            Encrypted:false
            SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
            MD5:94185C5850C26B3C6FC24ABC385CDA58
            SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
            SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
            SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
            Malicious:false
            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):295
            Entropy (8bit):5.322643114467311
            Encrypted:false
            SSDEEP:6:YEQXJ2HX1vrZgd+FIbRI6XVW7+0YGBcnoAvJM3g98kUwPeUkwRe9:YvXKXtrWgYpW7HGMbLUkee9
            MD5:03C29190822A26ACBC0A933E64A16BEA
            SHA1:53CA875D5A25CB742BE0A4693B5059C913DE27F3
            SHA-256:1C0426DCDBEB350D429BD7A5BE2EF95029716DF297C24654A7F5C9B6E1614434
            SHA-512:E15AFA3D1C61E6977F32568ED34037B4900A7DD587EED63505B4E757305BBB23D2343C72D0B5B6138F0B127FAAC3E80474B7D09D2EBE53A5506AAD2FDF707057
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"efecf26a-366a-49eb-844a-4003b041ad52","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728517208753,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):294
            Entropy (8bit):5.258920154462224
            Encrypted:false
            SSDEEP:6:YEQXJ2HX1vrZgd+FIbRI6XVW7+0YGBcnoAvJfBoTfXpnrPeUkwRe9:YvXKXtrWgYpW7HGWTfXcUkee9
            MD5:DE602EA85658769DDD0528B52124AD7D
            SHA1:4F7C35A314300A920CFE8973AFBE7C190754D08A
            SHA-256:8B4969543D6693C3593C7BA63D6C3C14DDFCF718A496FDEAFEA7E6982BAC90B8
            SHA-512:94052DA94ABDB2EBFBBB5DEB22750C8164F49CC26515AD1C214CFB35C84B5D66BEA6C5CCAE9CCC2C9BF1B1454B23EADE82AB46A42A1803744281C219D11E1CF0
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"efecf26a-366a-49eb-844a-4003b041ad52","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728517208753,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):294
            Entropy (8bit):5.238187948376893
            Encrypted:false
            SSDEEP:6:YEQXJ2HX1vrZgd+FIbRI6XVW7+0YGBcnoAvJfBD2G6UpnrPeUkwRe9:YvXKXtrWgYpW7HGR22cUkee9
            MD5:5FBB9BA844B0A7D71B971D5F5C40B8EE
            SHA1:F108629180E8C9EA271D59BFC75B940016BC2A0A
            SHA-256:31E2AACA050B55E8D3DC219AA686FCA5A9BFB05390F728C71AFCA977256960AC
            SHA-512:89562B16EA8731B5C590AE769E1E328809B3C0D78FEECFC0BA0BB833501D3B28B13B7058AC3EB827A235AA256D1FCD09EEBA7252908F65F99C514E0784108D84
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"efecf26a-366a-49eb-844a-4003b041ad52","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728517208753,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):285
            Entropy (8bit):5.300107210652831
            Encrypted:false
            SSDEEP:6:YEQXJ2HX1vrZgd+FIbRI6XVW7+0YGBcnoAvJfPmwrPeUkwRe9:YvXKXtrWgYpW7HGH56Ukee9
            MD5:787A35E6B732A072558BB5BC1BA49944
            SHA1:D580D42C0EBAAB8ED2913A82177F2EA2F0675E64
            SHA-256:FD540A9179789C6BFCF2BF109109E4A3397D9F702362F8153C03637F1EB5E7B8
            SHA-512:CAAFA99EE3CF300E8362D40EDB19F36E799D9E51195C284FA2E3044F71A673BF9197F8AB1BC7CB2605BF870EF014C495D117322199A8043B8520FB1F8C57A724
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"efecf26a-366a-49eb-844a-4003b041ad52","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728517208753,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1083
            Entropy (8bit):5.6742542662750415
            Encrypted:false
            SSDEEP:24:Yv6XF2iMpLgE6c3UDx7nnl0RCmK8czOCY4wgSm:YvQMhg1JaAh8cvYvFm
            MD5:AD7117279D8D9C7352EFBB00E1419383
            SHA1:B78216C3DBE6D2426B426D0B41BB6AB8573F9430
            SHA-256:18363A4519A384D0D4E72FC12C8D8D5F3D8A805A15EFBEF78000A2530C3DA058
            SHA-512:1717CB37ADBC2076BF09AB5CF96DDCE8CF807F52AE0EF71ABC081F514D0A22C8345967FEDCF488935E393E068225F97D387B192613EFAEB23BFE53DC51328EC1
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"efecf26a-366a-49eb-844a-4003b041ad52","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728517208753,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_2","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"22b145c0-22bc-4bba-811f-7234f288595b","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjoiUkdTMDM1MS1FTlUtQ29udHJvbCJ9","dataType":"applicatio

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1050
            Entropy (8bit):5.646813133850485
            Encrypted:false
            SSDEEP:24:Yv6XF2imVLgEF0c7sbnl0RCmK8czOCYHflEpwiVn:YvQmFg6sGAh8cvYHWpwm
            MD5:9B72C66F1470C9A60AADC87DD8EB142E
            SHA1:E2346686181193E50B90886025EC2679D20AE7C1
            SHA-256:EC6CBB217658123057EE8D44ED70EE104821F1D2A8C3E6F4652630DE0A80C9C6
            SHA-512:BE769525FE3D6EB5E615BD97D76525B3CE657EF9088E2D670DD7AAB729201B6BB9166CBCF4BC0EE97838FB92927288075B91FC0BA233388B266698603A35265C
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"efecf26a-366a-49eb-844a-4003b041ad52","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728517208753,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):292
            Entropy (8bit):5.246158770523566
            Encrypted:false
            SSDEEP:6:YEQXJ2HX1vrZgd+FIbRI6XVW7+0YGBcnoAvJfQ1rPeUkwRe9:YvXKXtrWgYpW7HGY16Ukee9
            MD5:C96A0C795AAFFD17757C71271121F700
            SHA1:5B67B571FB261124FFA4088F120B1A2E7F023FF4
            SHA-256:C81C94991E23D4FA7134964C577767D4BA1484D1893A550E733433D4EC24973D
            SHA-512:BCA6A36099388071A2491A3DF6CC5AB660C5F63DC46052DA96867A17D8941466F18D26D5DCF764045964B6FFA2BA5671EB41BC5071977D4B90C9F27024797ABA
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"efecf26a-366a-49eb-844a-4003b041ad52","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728517208753,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1062
            Entropy (8bit):5.682517460844702
            Encrypted:false
            SSDEEP:24:Yv6XF2iT2LgE4cq/S70nl0RCmK8czOCAPtciGSm:YvQTog9ohAh8cvA3m
            MD5:ADAB2C22031CB80641B6A55DE8370B6A
            SHA1:99F79C3F03CA1E3DDE6EE4BD7EE18EFE138151A7
            SHA-256:C238FE30547A032F6093A68ACD41DF13DDE75847F14A8166E35CB5011E33D2EB
            SHA-512:0FA9D2C234DC36EBF4C0E6E3BF9DAD10D85A55AFEC4EAD175E7E7227A280ACCCEAEC40AA707F5764CDEB4CEFED3BBB634F0FB4E5F5DADFCB71D2687FC6973C53
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"efecf26a-366a-49eb-844a-4003b041ad52","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728517208753,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_0","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"58886bd3-acd7-4f84-ae2e-6684bc127c41","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNvbnRyb2wifQ==","dataType":"application\/json","encodingSch

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1164
            Entropy (8bit):5.695168362821482
            Encrypted:false
            SSDEEP:24:Yv6XF2ifKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5n:YvQfEgqprtrS5OZjSlwTmAfSK9
            MD5:4149F4A24B80C75C2B77FF09E8BEA32B
            SHA1:C163825155A1F9525A5CE32B60500DED868F4BEE
            SHA-256:20D78A46FDDFA8DD099DF2697B69DEFF9423275BC762993FF7F06A052F4EDA1C
            SHA-512:F830E500F7E602BDD964F215C8C921019409FE4257613E19798154FEE76E1E3A219F7FB09F8B5D9030BCD3BD3E339C62D46BA912593303AADDA271D0C3A80865
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"efecf26a-366a-49eb-844a-4003b041ad52","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728517208753,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):289
            Entropy (8bit):5.251517201029352
            Encrypted:false
            SSDEEP:6:YEQXJ2HX1vrZgd+FIbRI6XVW7+0YGBcnoAvJfYdPeUkwRe9:YvXKXtrWgYpW7HGg8Ukee9
            MD5:AF414CC978AEBAE646E9209B9E2E0A10
            SHA1:CE8EFBF5F1331CAF25EA0D9F21014226199A92C2
            SHA-256:09E6A7022AF39BC810E52A104A3D1732E9CACA5E00E1AF5F6DF964687C9BCB20
            SHA-512:F1B9646AF4930596348299581ED1EB5AE589C073A4585FF0A6BAF81C3A4BC15DB9F92AE81EA2F80CE9D3CB50C5EC524D332AAECE45208D62496BEF561280666E
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"efecf26a-366a-49eb-844a-4003b041ad52","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728517208753,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1395
            Entropy (8bit):5.77472740058459
            Encrypted:false
            SSDEEP:24:Yv6XF2iirLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNg:YvQiHgDv3W2aYQfgB5OUupHrQ9FJy
            MD5:F9D6100E088ED09391EC8849FE2810F5
            SHA1:7996B9CCADD63659A19B585C50ABD52523C94776
            SHA-256:4E9B8E2E7236ADDC202938C5C59737898FE8B1EB613C4B56D2FF2891A2F39300
            SHA-512:4B270972E6026C3C9926D49DCA0A9318C839171471183F7FCDC3B6DB70378FDAFD045A35C1B22D5C75AA1319C3542CDD4D335E85463BBE7280BA90736410ECAE
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"efecf26a-366a-49eb-844a-4003b041ad52","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728517208753,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):291
            Entropy (8bit):5.235397513816415
            Encrypted:false
            SSDEEP:6:YEQXJ2HX1vrZgd+FIbRI6XVW7+0YGBcnoAvJfbPtdPeUkwRe9:YvXKXtrWgYpW7HGDV8Ukee9
            MD5:DC07F2D70B8D62874DE4D96DD67B691A
            SHA1:22561B613823F3A02B935472B4F6D3150214127F
            SHA-256:A3BDF923F141EC5294E73906C741C3B3DC56681E6AC5A34FBE7AA564B781D216
            SHA-512:892F811F9500EF7A73DD439F247E26B5F641E5776ED00F60CF303D5E6A92EBDD60DD66E8A406068D246288EA03F7CFADE31A85A14496A58B0FC9BFED71B62FCD
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"efecf26a-366a-49eb-844a-4003b041ad52","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728517208753,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):287
            Entropy (8bit):5.236974935513643
            Encrypted:false
            SSDEEP:6:YEQXJ2HX1vrZgd+FIbRI6XVW7+0YGBcnoAvJf21rPeUkwRe9:YvXKXtrWgYpW7HG+16Ukee9
            MD5:933A37684C9EB2A7DD237BD8B48F9C98
            SHA1:3B61E2E6D9D97CB5247D794F2B8712402CB64F4B
            SHA-256:3D195EA8C3625FD1376DAD55755F5E8CA5B4952B657508E30E0CDA3466638EA8
            SHA-512:6CCFE10D515903458D523B75DC6BB0B93A811E1FA81E766EA2F743E9F6A3D517FB3F1C274AED33BF995024BDD82BD8F7504FF7E5F230DF9D392C52C24A2F0AF8
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"efecf26a-366a-49eb-844a-4003b041ad52","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728517208753,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1082
            Entropy (8bit):5.679848999790393
            Encrypted:false
            SSDEEP:24:Yv6XF2i4amXayLgE7c9O47Naqnl0RCmK8czOC+w2E+tg8GSm:YvQ+BgZNOAh8cv+NKMm
            MD5:1B71B4A69C4365304F5BECAFA41C3DC8
            SHA1:7ABCB998894DEB9ABAD011E195C875C5EA626DF3
            SHA-256:40E84C6B02650C5B8C9D40F6B898505F0C2D6D52B1B9A245EEA89C2435FA54BF
            SHA-512:5E4B0AB0EC6780503957E6388AF547832DCAC2CB5EB86DF0C7BF0F815CDCCB06275582F8E3E3D9A33930AA5F9C84E40426932920AE590C93845ACEC9A0D44467
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"efecf26a-366a-49eb-844a-4003b041ad52","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728517208753,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_1","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"a8b11c37-7d39-4b12-9d33-a040ee4d296b","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNvbnRyb2wifQ==","dataType":"application

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):286
            Entropy (8bit):5.212140277863935
            Encrypted:false
            SSDEEP:6:YEQXJ2HX1vrZgd+FIbRI6XVW7+0YGBcnoAvJfshHHrPeUkwRe9:YvXKXtrWgYpW7HGUUUkee9
            MD5:A7EBA4EF37A73B2D7EA2069A34196C77
            SHA1:7DE5569010EFE0616A452126DF561834D888E03F
            SHA-256:9C05B8152C8EACCB9544918A97C5288F22F77FD74846E4181E5362D077356C58
            SHA-512:F7E8264B44809DB3017A50C787DBEC5FC3ED0D9417E92E9795D8048628B6F1FFBF662ABA56E5767E96EDEEE99DDC003D5CFAFE564C19225171B783F36B3844E3
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"efecf26a-366a-49eb-844a-4003b041ad52","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728517208753,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):782
            Entropy (8bit):5.361400505177485
            Encrypted:false
            SSDEEP:12:YvXKXtrWgYpW7HGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWU:Yv6XF2iH168CgEXX5kcIfANh5
            MD5:97518E93EB2CC052EA47882ED5C709E6
            SHA1:D63F65CC08695686EA1C3099DFB9AA2427105441
            SHA-256:233082892A312AA70F93A290002E8374A75DD519A089C51F03A4D411A53A32A3
            SHA-512:59C4008D29A0BA52C632257AC4B0A9E2940EE9294A0C7886FECBA17AEF50EBE08CD096A9A8C293D70812334ADF00C1102B9103AF106015C0CDA9C41B1358ADC8
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"efecf26a-366a-49eb-844a-4003b041ad52","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728517208753,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1728338528783}}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:data
            Category:dropped
            Size (bytes):4
            Entropy (8bit):0.8112781244591328
            Encrypted:false
            SSDEEP:3:e:e
            MD5:DC84B0D741E5BEAE8070013ADDCC8C28
            SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
            SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
            SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
            Malicious:false
            Preview:....

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):2818
            Entropy (8bit):5.128377468419999
            Encrypted:false
            SSDEEP:24:YRj1GwNapK1ay/XuWeNClt+qrWLHqkq78WimjTcj0S2lm2pQ2LSAfKKM15nri96P:YVoNKkqiLHqJtaV/KfpM11ri96h6Y
            MD5:882228BA3A997BFA0A0F23C303D4AFB5
            SHA1:51EFDA01291FDB757270C0BA156894AF34CC7E72
            SHA-256:1D0D41B996D22ECE4F44129C421E9B8FC0B08CFB60FCB2CECEFB17C4B93D81C1
            SHA-512:21942A86A164FC398AFFD33A5AF1CB3F542436C69F6FFEE7F7BE1ED6E811024B9EB50BC55F90258A64E93467114419836A02CDAF5B3509D9E71CFDDB8B7F7CD2
            Malicious:false
            Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"7d32c1cd79187ee923d03afcd8aedee5","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1728338528000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"b92060f0285dd50406139463964388a1","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1728338528000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"66430bd7031ba4c83bca0e1339c9cadc","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1082,"ts":1728338528000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"70740ae01c17cac43214a5b8d3f98446","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1083,"ts":1728338528000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"9d1d3feee09c29afad7664a19fe1e4e2","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1062,"ts":1728338528000},{"id":"Edit_InApp_Aug2020","info":{"dg":"6ae6c5d93367b91ae8acd9ae7f1a9b2f","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
            Category:dropped
            Size (bytes):12288
            Entropy (8bit):0.99982792390062
            Encrypted:false
            SSDEEP:24:TLKufx/XYKQvGJF7ursB1RZKHs/D31jopI1uVfv1Akdk2UxoF:TGufl2GL7msvgO31jSI1udv1Aq9UxU
            MD5:97AE3812CFF29320951DD7334F78F367
            SHA1:4B011FE9F7AEACE305832D276B722BA28C7D4ED8
            SHA-256:51828837212FD2F455AEEDEC9F15E99628F30EDF7F94E993881658F30A2E7C41
            SHA-512:D4BCFB882C6D88B82A37CA1A8ADBAFFEB78385A50BF802A2ABA291915AD93251AE336C1A7C6D16E6CFC8830BAB3AC0B1BF418614504C4DE5F476256CFC7C86EB
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite Rollback Journal
            Category:dropped
            Size (bytes):8720
            Entropy (8bit):1.3611247706131921
            Encrypted:false
            SSDEEP:24:7+tg1RZKHs/Ds/SpXopI1uVfv1Akdk2UxoWqLhx/XYKQvGJF7ursB:7MYgOVpXSI1udv1Aq9UxxqFl2GL7msB
            MD5:06B70D6BA59C020F930B7EBC8F20AAC5
            SHA1:DF76C3CAD3F1F1F1BF2778CFC7524CE504C798E7
            SHA-256:2FD86FFE8D771D91D43C98FF527DCC924203F8F77352B33B0B1690623CABCB6D
            SHA-512:1BB94371A13231FF276E0B1B8EEA4A8F7A65B585DB7C28FC106DB1EFF6D9969EEA4089FCED5E5EBC8D19D2DF7FBF1997D75A9C3967C1A20CD55ABBF13756F577
            Malicious:false
            Preview:.... .c......-.A......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#...z.>.....}.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\MSIafe8e.LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
            Category:dropped
            Size (bytes):246
            Entropy (8bit):3.511206980872271
            Encrypted:false
            SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8yQRqF0le:Qw946cPbiOxDlbYnuRKTf
            MD5:844EF19944180706D1288933F1F5AAB0
            SHA1:7E18FEC4FEB6341E35FD2902C0334F5B90B15F7D
            SHA-256:4D08930E3DD93E1237D3297782A35DFDC5B691CDD8A79A0AAF85433FAB827D29
            SHA-512:923B2E5D1B9C65E4B31AE5D4B417E484C3C4BF061B1C17E0F48E50450F25ABEB4F1CFC25E71C73C1855B3F1FC56487DB2B2007068C3ABBA1F5F6E39E72CBEA5E
            Malicious:false
            Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.7./.1.0./.2.0.2.4. . .1.8.:.0.2.:.0.6. .=.=.=.....

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91fvh9w2_1ml3ifl_4go.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PDF document, version 1.6, 0 pages
            Category:dropped
            Size (bytes):358
            Entropy (8bit):5.012823548429183
            Encrypted:false
            SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOCnU2mTEHU2mTE+CCSyAAO:IngVMre9T0HQIDmy9g06JXSnU1gHU1gV
            MD5:3D76DD28791CBAA2D3669CA62A575F0A
            SHA1:C8621448234A785B671FE998AA4D3FDD5C55BFE0
            SHA-256:9C704543452DDE8E1AE04AAF2A087CB498E17711CD8BA6E98B5DBC11E4DE0DE5
            SHA-512:FA71DC15AE5622100A4FD3CEB1C9D74D63723840C590D62083E4250D945307541BD40FCBAE8639E1617CC8F393368E1DD6C4B1E102A16FC279DBC05D884396F5
            Malicious:false
            Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<8D797112B325214F961174F0F068771A><8D797112B325214F961174F0F068771A>]>>..startxref..127..%%EOF..

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9k7cjqr_1ml3ifk_4go.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
            Category:dropped
            Size (bytes):144514
            Entropy (8bit):7.992637131260696
            Encrypted:true
            SSDEEP:3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
            MD5:BA1716D4FB435DA6C47CE77E3667E6A8
            SHA1:AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
            SHA-256:AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
            SHA-512:65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
            Malicious:false
            Preview:PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..|....,.A.....Z..a<.C._..../G|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 18-02-01-449.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with very long lines (393)
            Category:dropped
            Size (bytes):16525
            Entropy (8bit):5.376360055978702
            Encrypted:false
            SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
            MD5:1336667A75083BF81E2632FABAA88B67
            SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
            SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
            SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
            Malicious:false
            Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with very long lines (393), with CRLF line terminators
            Category:dropped
            Size (bytes):15114
            Entropy (8bit):5.364203987020862
            Encrypted:false
            SSDEEP:384:nlzY71Kp3yj9NURsxPR8Ll5NJijFo3XoRC8oe2GWIMOZbH7brQzwx6xE58Op6Xfu:RqZ
            MD5:CF046773495CD7D1173F6EC93AE28975
            SHA1:C932F79A14C457841BF77E04C70AB88EC4D4ADBE
            SHA-256:436ED1CAF62B51A93192B0BD0A0DA18481C07F40785A59E90D477B99DEE02062
            SHA-512:0B70FF38BE9403CC791CD10E3BB2E76BD0D04D3B6CAFCEAB0B36C71AB456FBCEC02063CF4A82DA521F8A4CC249F2024B2FF577296765F24E9CC09E2F3E648996
            Malicious:false
            Preview:SessionID=f3bdc454-f63e-4214-9d68-36247eac81c4.1728338521469 Timestamp=2024-10-07T18:02:01:469-0400 ThreadID=6592 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=f3bdc454-f63e-4214-9d68-36247eac81c4.1728338521469 Timestamp=2024-10-07T18:02:01:473-0400 ThreadID=6592 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=f3bdc454-f63e-4214-9d68-36247eac81c4.1728338521469 Timestamp=2024-10-07T18:02:01:473-0400 ThreadID=6592 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=f3bdc454-f63e-4214-9d68-36247eac81c4.1728338521469 Timestamp=2024-10-07T18:02:01:473-0400 ThreadID=6592 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=f3bdc454-f63e-4214-9d68-36247eac81c4.1728338521469 Timestamp=2024-10-07T18:02:01:473-0400 ThreadID=6592 Component=ngl-lib_NglAppLib Description="SetConf

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):29752
            Entropy (8bit):5.393631783082117
            Encrypted:false
            SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGb8:w
            MD5:C59FDC509AC9E6D8FB2C49CD9365C881
            SHA1:90BEC3F85ED54869A2DE7F972BE1ABD8EBD252B9
            SHA-256:657FAF9478041D11ECAA8106C492F90D122726A97912E0BD109D2749B369564A
            SHA-512:662D0A1D6B46607ABAD5D4C0E79303615C8ED745978C8A4873BBB8A74D64F1E945796A056BE1A2394524E9EC2D86A06B64998B0161F37DAC5E8BB6765941D41D
            Malicious:false
            Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

            C:\Users\user\AppData\Local\Temp\acrocef_low\24cff4b5-4b6d-408e-b018-24ed8a4c396b.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
            Category:dropped
            Size (bytes):1419751
            Entropy (8bit):7.976496077007677
            Encrypted:false
            SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
            MD5:18E3D04537AF72FDBEB3760B2D10C80E
            SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
            SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
            SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
            Malicious:false
            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

            C:\Users\user\AppData\Local\Temp\acrocef_low\626c5835-0631-4bc9-a4aa-924e2bcf2c70.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
            Category:dropped
            Size (bytes):386528
            Entropy (8bit):7.9736851559892425
            Encrypted:false
            SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
            MD5:5C48B0AD2FEF800949466AE872E1F1E2
            SHA1:337D617AE142815EDDACB48484628C1F16692A2F
            SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
            SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
            Malicious:false
            Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

            C:\Users\user\AppData\Local\Temp\acrocef_low\ae1eb6b5-6960-4d91-806f-dcfd330b0f5a.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
            Category:dropped
            Size (bytes):758601
            Entropy (8bit):7.98639316555857
            Encrypted:false
            SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
            MD5:3A49135134665364308390AC398006F1
            SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
            SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
            SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
            Malicious:false
            Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

            C:\Users\user\AppData\Local\Temp\acrocef_low\de7dac0f-49c9-433a-8729-2efe6ef03ccc.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
            Category:dropped
            Size (bytes):1407294
            Entropy (8bit):7.97605879016224
            Encrypted:false
            SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
            MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
            SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
            SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
            SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
            Malicious:false
            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:data
            Category:dropped
            Size (bytes):98682
            Entropy (8bit):6.445287254681573
            Encrypted:false
            SSDEEP:1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L
            MD5:7113425405A05E110DC458BBF93F608A
            SHA1:88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF
            SHA-256:7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46
            SHA-512:6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D
            Malicious:false
            Preview:0...u0...\...0...*.H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240807121815Z..240814121815Z0..~.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...*B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!... .}...|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:data
            Category:dropped
            Size (bytes):737
            Entropy (8bit):7.501268097735403
            Encrypted:false
            SSDEEP:12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa
            MD5:5274D23C3AB7C3D5A4F3F86D4249A545
            SHA1:8A3778F5083169B281B610F2036E79AEA3020192
            SHA-256:8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97
            SHA-512:FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574
            Malicious:false
            Preview:0...0.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..240806194648Z..240827194648Z.00.0...U.#..0.......q]dL..g?....O0...U........0...*.H.............vz..@.Nm...6d...t;.Jx?....6...p...#.[.......o.q...;.........?......o...^p0R*.......~....)....i.*n;A.n.z..O~..%=..s..W.4.+........G...*..=....xen$_i"s..\...L..4../<.4...G.....L...c..k@.J.rC.4h.c.ck./.Q-r53..a#.8#......0.n......a.-'..S. .>..xAKo.k.....;.D>....sb '<..-o.KE...X!i.].c.....o~.q........D...`....N... W:{.3......a@....i....#./..eQ...e.......W.s..V:.38..U.H{.>.....#....?{.....bYAk'b0on..Gb..-..).."q2GO<S.C...FsY!D....x..]4.....X....Y...Rj.....I.96$.4ZQ&..$,hC..H.%..hE....

            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ISO-8859 text, with very long lines (3486), with CRLF, CR line terminators
            Category:dropped
            Size (bytes):14456
            Entropy (8bit):4.2098179599164975
            Encrypted:false
            SSDEEP:192:gcPqYV/saFlwwR+kMqe8TlZMX1sgUVa3ddMVsuNeMcGdSD9obOUAVlcMudM/Y14e:g7Q/X4kMb0lZ6mgtdHOelGdWaolvsTZ
            MD5:32FCA302C8B872738373D7CCB1E75FD4
            SHA1:DA85FAF24ED0ECFD5D69CCFD6286D8B77D7EB4F1
            SHA-256:CD0DD26304B88C20801FE80B33C49C009E2E5D4411B5D7F83252E1D90CD461C6
            SHA-512:57F8CC85FAFB15455074431216E47433E50DF5DE74ED74C395B7FF2C433DB7CE06F0A1C1FE1EFDC17229DBC33325D559789F43901556DD1A12963B94F01D5A1F
            Malicious:false
            Preview:%PPKLITE-2.1.%......1 0 obj.<</PPK<</AddressBook<</Entries[2 0 R 3 0 R 4 0 R 5 0 R 6 0 R]/NextID 1006/Type/AddressBook>>/Type/PPK/User<</Type/User>>/V 65537>>/Type/Catalog>>.endobj.2 0 obj.<</ABEType 1/Cert<308204A130820389A00302010202043E1CBD28300D06092A864886F70D01010505003069310B300906035504061302555331233021060355040A131A41646F62652053797374656D7320496E636F72706F7261746564311D301B060355040B131441646F6265205472757374205365727669636573311630140603550403130D41646F626520526F6F74204341301E170D3033303130383233333732335A170D3233303130393030303732335A3069310B300906035504061302555331233021060355040A131A41646F62652053797374656D7320496E636F72706F7261746564311D301B060355040B131441646F6265205472757374205365727669636573311630140603550403130D41646F626520526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100CC4F5484F7A7A2E733537F3F9C12886B2C9947677E0F1EB9AD1488F9C310D81DF0F0D59F690A2F5935B0CC6CA94C9C15A09FCE20BFA0CF54E2E02066453F3986387E9CC48E0722C624F60112B035DF55EA6990B

            Static File Info

            General

            File type:PDF document, version 1.7
            Entropy (8bit):7.949119254619006
            TrID:
            • Adobe Portable Document Format (5005/1) 100.00%
            File name:Due Inv 959753 Larry Cooper.pdf
            File size:3'805'226 bytes
            MD5:e7e7c24f3af6310a8a89b32a1897c27b
            SHA1:2581545c663d468a600c76189aad5e5028ba2b1d
            SHA256:ac46b15718abaa83c8c846cc57db0ed22cdda5c3690ad6571713a061d38133b4
            SHA512:d5540077d3201036abdef21dcb78da473468f2ef0aea2fd2f7f4664afa02dfaec454a78e8c7a2f48321b174ffaa1bc0385e043811fcb4fc56dd263652922d7c7
            SSDEEP:49152:hIhsmD5e7xdTGzdzTtx74wGho9m3/QMORRmmoi4YhMLKtxwnQjYeUJ4L5YbsvN:sdwxdTZio3/QjR34Yh6K9YXetYbg
            TLSH:F406D07CBC50AC4DA88640D2CB39A5D60FCDC176B295B4A07E2C4E5B19A5DC0F3A736E
            File Content Preview:%PDF-1.7.%......1 0 obj.<</Pages 2 0 R /Type /Catalog >>.endobj..3 0 obj.<</Contents 4 0 R /CropBox [0 0 595.32 841.92] /Group <</CS /DeviceRGB /S /Transparency /Type /Group >> /MediaBox [0 0 595.32 841.92] /Parent 2 0 R /Resources 5 0 R /Rotate 0 /Tabs /

            File Icon

            Icon Hash:62cc8caeb29e8ae0

            Static PDF Info

            General

            Header:%PDF-1.7
            Total Entropy:7.949119
            Total Bytes:3805226
            Stream Entropy:7.994740
            Stream Bytes:3467442
            Entropy outside Streams:5.040908
            Bytes outside Streams:337784
            Number of EOF found:1
            Bytes after EOF:

            Keywords Statistics

            NameCount
            obj1856
            endobj1856
            stream699
            endstream699
            xref0
            trailer0
            startxref1
            /Page1
            /Encrypt0
            /ObjStm1
            /URI0
            /JS0
            /JavaScript0
            /AA0
            /OpenAction0
            /AcroForm0
            /JBIG2Decode0
            /RichMedia0
            /Launch0
            /EmbeddedFile0

            Image Streams

            IDDHASHMD5Preview
            703000c162c0c180800cbdef953c051941948b86608fa4b72cc
            704003048507060300018d3358b0b965d1b9fa93dfe26253a8b
            702008e173317964d22883c50746c1b8d323485b8ec267d72c0
            70500000000000000008e444bf26f70eb843661e2eb18a0b38d

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Oct 8, 2024 00:02:12.005913973 CEST49728443192.168.2.523.195.92.153
            Oct 8, 2024 00:02:12.005996943 CEST4434972823.195.92.153192.168.2.5
            Oct 8, 2024 00:02:12.008213043 CEST49728443192.168.2.523.195.92.153
            Oct 8, 2024 00:02:12.008474112 CEST49728443192.168.2.523.195.92.153
            Oct 8, 2024 00:02:12.008500099 CEST4434972823.195.92.153192.168.2.5
            Oct 8, 2024 00:02:12.541438103 CEST4434972823.195.92.153192.168.2.5
            Oct 8, 2024 00:02:12.541872978 CEST49728443192.168.2.523.195.92.153
            Oct 8, 2024 00:02:12.541935921 CEST4434972823.195.92.153192.168.2.5
            Oct 8, 2024 00:02:12.543752909 CEST4434972823.195.92.153192.168.2.5
            Oct 8, 2024 00:02:12.543831110 CEST49728443192.168.2.523.195.92.153
            Oct 8, 2024 00:02:12.550324917 CEST49728443192.168.2.523.195.92.153
            Oct 8, 2024 00:02:12.550426006 CEST4434972823.195.92.153192.168.2.5
            Oct 8, 2024 00:02:12.550570011 CEST49728443192.168.2.523.195.92.153
            Oct 8, 2024 00:02:12.550581932 CEST4434972823.195.92.153192.168.2.5
            Oct 8, 2024 00:02:12.593657017 CEST49728443192.168.2.523.195.92.153
            Oct 8, 2024 00:02:12.643340111 CEST4434972823.195.92.153192.168.2.5
            Oct 8, 2024 00:02:12.643635035 CEST4434972823.195.92.153192.168.2.5
            Oct 8, 2024 00:02:12.643699884 CEST49728443192.168.2.523.195.92.153
            Oct 8, 2024 00:02:12.643893003 CEST49728443192.168.2.523.195.92.153
            Oct 8, 2024 00:02:12.643934011 CEST4434972823.195.92.153192.168.2.5
            Oct 8, 2024 00:02:12.643959045 CEST49728443192.168.2.523.195.92.153
            Oct 8, 2024 00:02:12.644218922 CEST49728443192.168.2.523.195.92.153

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Oct 8, 2024 00:02:07.688960075 CEST6242253192.168.2.51.1.1.1
            Oct 8, 2024 00:02:25.985578060 CEST5050953192.168.2.51.1.1.1
            Oct 8, 2024 00:02:27.397998095 CEST53581831.1.1.1192.168.2.5

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Oct 8, 2024 00:02:07.688960075 CEST192.168.2.51.1.1.10x8af2Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
            Oct 8, 2024 00:02:25.985578060 CEST192.168.2.51.1.1.10xc362Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Oct 8, 2024 00:02:07.695882082 CEST1.1.1.1192.168.2.50x8af2No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
            Oct 8, 2024 00:02:25.994502068 CEST1.1.1.1192.168.2.50xc362No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

            HTTP Request Dependency Graph

            • armmf.adobe.com

            HTTPS Proxied Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.54972823.195.92.1534436088C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            TimestampBytes transferredDirectionData
            2024-10-07 22:02:12 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
            Host: armmf.adobe.com
            Connection: keep-alive
            Accept-Language: en-US,en;q=0.9
            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
            Sec-Fetch-Site: same-origin
            Sec-Fetch-Mode: no-cors
            Sec-Fetch-Dest: empty
            Accept-Encoding: gzip, deflate, br
            If-None-Match: "78-5faa31cce96da"
            If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
            2024-10-07 22:02:12 UTC198INHTTP/1.1 304 Not Modified
            Content-Type: text/plain; charset=UTF-8
            Last-Modified: Mon, 01 May 2023 15:02:33 GMT
            ETag: "78-5faa31cce96da"
            Date: Mon, 07 Oct 2024 22:02:12 GMT
            Connection: close


            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:18:01:57
            Start date:07/10/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Due Inv 959753 Larry Cooper.pdf"
            Imagebase:0x7ff686a00000
            File size:5'641'176 bytes
            MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:2
            Start time:18:01:58
            Start date:07/10/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
            Imagebase:0x7ff6413e0000
            File size:3'581'912 bytes
            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:4
            Start time:18:01:59
            Start date:07/10/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1704,i,17496537539928788989,11339793591484358294,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
            Imagebase:0x7ff6413e0000
            File size:3'581'912 bytes
            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            Disassembly

            No disassembly