Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Inv. 7315 Techtronic 10.04.2024.pdf

Overview

General Information

Sample name:Inv. 7315 Techtronic 10.04.2024.pdf
Analysis ID:1529332
MD5:cb63ab3c6aec0a326c132c26c6da48b8
SHA1:887db00c0c7f88d87ae2f9426ba3f33e08b508cd
SHA256:4d77d92b6edf33f3310ef7e6729822a6cccd6f9e967491248d1df58db72ce02c
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6008 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Inv. 7315 Techtronic 10.04.2024.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6644 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7316 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1748,i,11195147955471208410,11915245055929868640,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.4:49742
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.4:49742
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.4:49742
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.4:49742
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.4:49742
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.4:49742
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.4:49742
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.4:49742
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.4:49742
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.4:49742
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.4:49742
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49742 -> 23.200.196.138:443
Source: Joe Sandbox ViewIP Address: 23.200.196.138 23.200.196.138
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: classification engineClassification label: clean2.winPDF@14/46@1/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2120Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-08 15-21-09-490.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Inv. 7315 Techtronic 10.04.2024.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1748,i,11195147955471208410,11915245055929868640,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1748,i,11195147955471208410,11915245055929868640,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Inv. 7315 Techtronic 10.04.2024.pdfInitial sample: PDF keyword /JS count = 0
Source: Inv. 7315 Techtronic 10.04.2024.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Inv. 7315 Techtronic 10.04.2024.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
217.20.59.35
truefalse
    		unknown
    x1.i.lencr.org
    		unknown
    		unknownfalse
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
      • URL Reputation: safe
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      23.200.196.138
      		unknownUnited States
      		2860NOS_COMUNICACOESPTfalse

      General Information

      Joe Sandbox version:41.0.0 Charoite
      Analysis ID:1529332
      Start date and time:2024-10-08 21:20:11 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 4m 7s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:defaultwindowspdfcookbook.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:11
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:Inv. 7315 Techtronic 10.04.2024.pdf
      Detection:CLEAN
      Classification:clean2.winPDF@14/46@1/1
      Cookbook Comments:
      • Found application associated with file extension: .pdf
      • Found PDF document
      • Close Viewer

      Warnings

      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 184.28.88.176, 2.19.126.149, 2.19.126.143, 18.207.85.246, 107.22.247.231, 54.144.73.197, 34.193.227.236, 172.64.41.3, 162.159.61.3, 2.23.197.184, 217.20.59.35
      • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
      • Not all processes where analyzed, report is missing behavior information
      • VT rate limit hit for: Inv. 7315 Techtronic 10.04.2024.pdf

      Simulations

      Behavior and APIs

      TimeTypeDescription
      15:21:19API Interceptor3x Sleep call for process: AcroCEF.exe modified

      LLM Input / Output

      InputOutput
      URL: PDF document Model: jbxai
      {
"brand":["CellBlock FCS,
 LLC",
"CellBlock"],
"contains_trigger_text":true,
"trigger_text":"Click here to view document",
"prominent_button_name":"SUBTOTAL SHIPPING TOTAL PAYMENT BALANCE DUE",
"text_input_field_labels":["SUBTOTAL",
"SHIPPING",
"TOTAL",
"PAYMENT",
"BALANCE DUE"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"text":"CellBlock FCS,
 LLC 261 Maverick St Boston,
 MA 02128 US +18004404119 ar@cellblockfcs.com cellblockfcs.com INVOICE BILL TO SHIP TO INVOICE # 7315 DATE 10/04/2024 DUE DATE 10/04/2024 TERMS 50% Deposit,
 50% prior to Shipment P.O. NUMBER CB02097 SALES REP Maxwell Weerts PART NO. DESCRIPTION QTY RATE AMOUNT EVPLUS9696 EV PLUS HWH Fire Shield Blanket 8 x 8' (2.4m x 2.4m) 9 1,
419.26 12,
773.34 Dual layered construction Water-resistant silicon-coated FR textile top Insulatory felt bottom layer Handles at corners and sides - 6 grab points Weight per blanket is approximately 13.5 lbs. SUBTOTAL SHIPPING TOTAL PAYMENT BALANCE DUE 12,
773.34 635.73 13,
409.07 6,
386.67 $7,
022.40 Prices are in USD and exclude Taxes/VAT/Duties unless otherwise noted. CellBlock FCS LLC Factory and Shipping: 234 Northeast Road,
 Standish,
 ME 04084 CellBlock FCS LLC Corporate and Mailing: 261 Maverick Street,
 Boston,
 MA 02128",
"has_visible_qrcode":false}

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      23.200.196.138report_209.pdfGet hashmaliciousUnknownBrowse
        Statement 2024-14.pdfGet hashmaliciousUnknownBrowse
          uenic.msiGet hashmaliciousUnknownBrowse
            https://img1.wsimg.com/blobby/go/672d0f54-9add-420a-a58c-ef66bcb1ba03/downloads/sijapej.pdfGet hashmaliciousUnknownBrowse
              c.cmdGet hashmaliciousCarnavalHeistBrowse
                Voice_Message.pdfGet hashmaliciousHTMLPhisherBrowse
                  ADJUSTMENT ON PAY RISE FOR ALL FACULTY AND STAFF.pdfGet hashmaliciousHTMLPhisherBrowse
                    v2.1.pdfGet hashmaliciousUnknownBrowse
                      Sfoster REM.993510.pdfGet hashmaliciousUnknownBrowse
                        DOC-66642820.pdfGet hashmaliciousUnknownBrowse

                          Domains

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comfile.exeGet hashmaliciousLummaCBrowse
                          • 84.201.210.22
                          https://ipfs.io/ipfs/QmNRP5R9QkxB8MVgk2kWzrmB6GoTVL3gcLheGnJuUDPaXv?filename=forme.html#jstubblefield@securustechnologies.comGet hashmaliciousHTMLPhisherBrowse
                          • 217.20.57.18
                          20fUAMt5dL.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                          • 217.20.57.18
                          https://Vv.ndlevesio.com/vrbU/Get hashmaliciousUnknownBrowse
                          • 217.20.57.18
                          PFW1cgN8EK.exeGet hashmaliciousLummaCBrowse
                          • 217.20.57.18
                          https://ipp.safetyworksolutions.com/Get hashmaliciousUnknownBrowse
                          • 84.201.210.36
                          REQUEST FOR QUOTE-INQUIRY#87278.SAMPLE AND PRODUCTS.exeGet hashmaliciousAsyncRAT, StormKitty, VenomRATBrowse
                          • 84.201.210.34
                          https://pub-3432fdbad0cc4319a435ac6e41d4a0f1.r2.dev/scrpt.htmlGet hashmaliciousHTMLPhisherBrowse
                          • 217.20.57.39
                          http://hiotdakia.wixsite.com/p-a-y-h-2-o/blank/Get hashmaliciousUnknownBrowse
                          • 217.20.57.34
                          http://pub-21beea42d44e4f0e83b5336b9ac3900a.r2.dev/woosf.htmlGet hashmaliciousUnknownBrowse
                          • 217.20.57.18

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          NOS_COMUNICACOESPTna.elfGet hashmaliciousUnknownBrowse
                          • 109.50.110.204
                          na.elfGet hashmaliciousMiraiBrowse
                          • 85.138.23.90
                          na.elfGet hashmaliciousMiraiBrowse
                          • 83.132.202.1
                          na.elfGet hashmaliciousMiraiBrowse
                          • 95.94.164.64
                          na.elfGet hashmaliciousMiraiBrowse
                          • 95.94.164.86
                          na.elfGet hashmaliciousMiraiBrowse
                          • 95.94.139.80
                          na.elfGet hashmaliciousMiraiBrowse
                          • 95.94.139.57
                          SecuriteInfo.com.Linux.Siggen.9999.10361.13333.elfGet hashmaliciousMiraiBrowse
                          • 89.154.247.83
                          report_209.pdfGet hashmaliciousUnknownBrowse
                          • 23.200.196.138
                          https://novo.oratoriomariano.com/novo/99417/Entry.htmlGet hashmaliciousUnknownBrowse
                          • 88.157.228.52

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):292
                          Entropy (8bit):5.1887153176705665
                          Encrypted:false
                          SSDEEP:6:c+/U+V/gN+q2Pwkn2nKuAl9OmbnIFUt8L+/U+VlgZZmw+L+/U+VlgNVkwOwkn2nC:c+/U+VJvYfHAahFUt8L+/U+VlM/+L+/9
                          MD5:F62770E8E0EFD434F915B20FA79FC469
                          SHA1:CD871B349FA9EDAE9ABFB00A4C7207418398D817
                          SHA-256:770E9920280E572563962D94C17294EDA600595CF557CDF68C968967B88AD072
                          SHA-512:355D0BC0FEA170B590B3F6A3D33B596912AF54323FBC17061D6C69AF1E43A776B1628EE248C3974156B957370E7563D4EC011B90B89FC7A12970F3AEE2A4FF82
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/08-15:21:07.020 1798 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/08-15:21:07.022 1798 Recovering log #3.2024/10/08-15:21:07.022 1798 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):292
                          Entropy (8bit):5.1887153176705665
                          Encrypted:false
                          SSDEEP:6:c+/U+V/gN+q2Pwkn2nKuAl9OmbnIFUt8L+/U+VlgZZmw+L+/U+VlgNVkwOwkn2nC:c+/U+VJvYfHAahFUt8L+/U+VlM/+L+/9
                          MD5:F62770E8E0EFD434F915B20FA79FC469
                          SHA1:CD871B349FA9EDAE9ABFB00A4C7207418398D817
                          SHA-256:770E9920280E572563962D94C17294EDA600595CF557CDF68C968967B88AD072
                          SHA-512:355D0BC0FEA170B590B3F6A3D33B596912AF54323FBC17061D6C69AF1E43A776B1628EE248C3974156B957370E7563D4EC011B90B89FC7A12970F3AEE2A4FF82
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/08-15:21:07.020 1798 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/08-15:21:07.022 1798 Recovering log #3.2024/10/08-15:21:07.022 1798 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):336
                          Entropy (8bit):5.116491152542842
                          Encrypted:false
                          SSDEEP:6:c+/U+l8L+q2Pwkn2nKuAl9Ombzo2jMGIFUt8L+/U+J3KWZmw+L+/U+JhLVkwOwkV:c+/U+uL+vYfHAa8uFUt8L+/U+J6W/+L3
                          MD5:727E1771119F0DEDD46177621F7CC4C9
                          SHA1:32B5E8632CD7C77C8775862E636AF0C74C3CF08F
                          SHA-256:199CA92BB69F847A13EB2B505378AFD16AD6DFF6C96BB554635EAE7EA4A52AE6
                          SHA-512:703F7243C3E8742DCF2DBC1412BFC4A5ADB83F970F646779E675123AB1805A86B1F691C1D8F03EBC3F503F0D2D84A03B4CDC7FDA88C27E62276733C73B229B88
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/08-15:21:07.100 1ccc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/08-15:21:07.107 1ccc Recovering log #3.2024/10/08-15:21:07.107 1ccc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):336
                          Entropy (8bit):5.116491152542842
                          Encrypted:false
                          SSDEEP:6:c+/U+l8L+q2Pwkn2nKuAl9Ombzo2jMGIFUt8L+/U+J3KWZmw+L+/U+JhLVkwOwkV:c+/U+uL+vYfHAa8uFUt8L+/U+J6W/+L3
                          MD5:727E1771119F0DEDD46177621F7CC4C9
                          SHA1:32B5E8632CD7C77C8775862E636AF0C74C3CF08F
                          SHA-256:199CA92BB69F847A13EB2B505378AFD16AD6DFF6C96BB554635EAE7EA4A52AE6
                          SHA-512:703F7243C3E8742DCF2DBC1412BFC4A5ADB83F970F646779E675123AB1805A86B1F691C1D8F03EBC3F503F0D2D84A03B4CDC7FDA88C27E62276733C73B229B88
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/08-15:21:07.100 1ccc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/08-15:21:07.107 1ccc Recovering log #3.2024/10/08-15:21:07.107 1ccc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\97d9a5e5-adb0-4a91-96d1-210fa05b61f4.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:modified
                          Size (bytes):475
                          Entropy (8bit):4.966983371696171
                          Encrypted:false
                          SSDEEP:12:YH/um3RA8sqMsBdOg2HJxcaq3QYiubInP7E4T3y:Y2sRdsQdMHK3QYhbG7nby
                          MD5:DABB1E4F981DA0C528E9A034F98FF29C
                          SHA1:1B96FD614BA404E795F78056AF3269386EBA87D1
                          SHA-256:7D5547FA9C5FFF332040E2226D7D51C66EDBA08CC79B5479987D2B3591D2CEFA
                          SHA-512:955029070E8631929F9C169A80475610816A38D8CF5CB2D406035B1A9BC83C05ECF89180D326F4A3452888E86F0832F19B87B93D94C91548084C9F028EA94C98
                          Malicious:false
                          Reputation:low
                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372975279621879","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":147548},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):475
                          Entropy (8bit):4.966983371696171
                          Encrypted:false
                          SSDEEP:12:YH/um3RA8sqMsBdOg2HJxcaq3QYiubInP7E4T3y:Y2sRdsQdMHK3QYhbG7nby
                          MD5:DABB1E4F981DA0C528E9A034F98FF29C
                          SHA1:1B96FD614BA404E795F78056AF3269386EBA87D1
                          SHA-256:7D5547FA9C5FFF332040E2226D7D51C66EDBA08CC79B5479987D2B3591D2CEFA
                          SHA-512:955029070E8631929F9C169A80475610816A38D8CF5CB2D406035B1A9BC83C05ECF89180D326F4A3452888E86F0832F19B87B93D94C91548084C9F028EA94C98
                          Malicious:false
                          Reputation:low
                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372975279621879","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":147548},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):4730
                          Entropy (8bit):5.257020481449279
                          Encrypted:false
                          SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7f+Ty+lZ:etJCV4FiN/jTN/2r8Mta02fEhgO73go8
                          MD5:CF6F1DC8ADFF6D039DD722EAE4C2C2AA
                          SHA1:676C835604F9411082EE1AD8FFEC10E200B1A2EC
                          SHA-256:2E32921F2991534B7808C0826922BCBAD67635B54A70A45D56AC954D2A6AFBDC
                          SHA-512:63B086A9F51D5A857C5D94C65B9146E3CA2ED3EEBBD2DF715BFB779EE3536C0DF752C50986B199A6AD6EFC1A5DB05B0FA8F992D33E47D499B0D761055DBBB6F9
                          Malicious:false
                          Reputation:low
                          Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):324
                          Entropy (8bit):5.17889079563925
                          Encrypted:false
                          SSDEEP:6:c+/U+iL+q2Pwkn2nKuAl9OmbzNMxIFUt8L+/U+DIoKWZmw+L+/U+N+LVkwOwkn2v:c+/U+iL+vYfHAa8jFUt8L+/U+kXW/+LD
                          MD5:5FED927BF7C3407A71C9D46C7772212A
                          SHA1:5502F5485CE8ABE528BD22DB5A0BA72471D482D9
                          SHA-256:6F3851B47B0DDC38FD015C2FFAB042EFDB47F4281CC7F19CCD1AD90986D7BF40
                          SHA-512:ADB1A4F2327A6960BD46B226FAD581F8C46D3DA0CB121B587BED8803A53657AD85F483EFD764A736522E042AA194E3B690891C11DA7A480335A2CE1A0FEBEB8F
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/08-15:21:07.355 1ccc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/08-15:21:07.356 1ccc Recovering log #3.2024/10/08-15:21:07.357 1ccc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):324
                          Entropy (8bit):5.17889079563925
                          Encrypted:false
                          SSDEEP:6:c+/U+iL+q2Pwkn2nKuAl9OmbzNMxIFUt8L+/U+DIoKWZmw+L+/U+N+LVkwOwkn2v:c+/U+iL+vYfHAa8jFUt8L+/U+kXW/+LD
                          MD5:5FED927BF7C3407A71C9D46C7772212A
                          SHA1:5502F5485CE8ABE528BD22DB5A0BA72471D482D9
                          SHA-256:6F3851B47B0DDC38FD015C2FFAB042EFDB47F4281CC7F19CCD1AD90986D7BF40
                          SHA-512:ADB1A4F2327A6960BD46B226FAD581F8C46D3DA0CB121B587BED8803A53657AD85F483EFD764A736522E042AA194E3B690891C11DA7A480335A2CE1A0FEBEB8F
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/08-15:21:07.355 1ccc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/08-15:21:07.356 1ccc Recovering log #3.2024/10/08-15:21:07.357 1ccc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241008192111Z-150.bmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                          Category:dropped
                          Size (bytes):71190
                          Entropy (8bit):1.3520716791638188
                          Encrypted:false
                          SSDEEP:96:Eby5MMM3MPat269SwM3BDLMKvMwqQbnktAMMM+K94G8mmLn4M7mZ56ZOMMMMVeyE:ayAMP3605AqktHT/i
                          MD5:387DD3C2A69E9DF42421598CBE601926
                          SHA1:3DC14502DE0F9A05872B306F5AE54FCF7494A5DA
                          SHA-256:90D58E74BF6FB9AABC24274E80336356DEEDA98F573AAEE05418544F75FB1C67
                          SHA-512:8C2618731798DDFBCB38212936518B9DB16B0C6D63BFD78C21B367EC491EFA0722F53CA1781CFA7ED13A1F92BEDF8FE44E6EFCAE27F1BD01E8A5020E9D043745
                          Malicious:false
                          Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                          Category:dropped
                          Size (bytes):86016
                          Entropy (8bit):4.44505157937872
                          Encrypted:false
                          SSDEEP:384:yezci5tOiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rhs3OazzU89UTTgUL
                          MD5:AD5ED9C2F72E492505FF36CA10E832B3
                          SHA1:D287D88A1EFDBDCED4B2ABAD6C2F1E9F3B274168
                          SHA-256:3EB9518C2F0E1E0ACBD30FCE034D160E0BA7E1C27BA46D048D1A666C41AD712D
                          SHA-512:A6F767B10718870F89E5FDD1277BFBAADFE3716AE5330DED3FC29652A8194F1852432C8EC83077000A2E0A6D8AF939C10060039F8E5D6EE32495B19F83328E42
                          Malicious:false
                          Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite Rollback Journal
                          Category:dropped
                          Size (bytes):8720
                          Entropy (8bit):3.7746432522363715
                          Encrypted:false
                          SSDEEP:48:7MUp/E2ioyVzioy9oWoy1Cwoy1fKOioy1noy1AYoy1Wioy1hioybioynoy1noy1x:7PpjuzFeXKQ6Wb9IVXEBodRBkm
                          MD5:18AE3C39A6C88293C5507621D3FCF583
                          SHA1:D3E739E997C4BFC9331570516488259F20D8A615
                          SHA-256:C796F131F91589CF29192D6FF6942514D79CB015B8BB16D14C284A63F2A3C088
                          SHA-512:5EFEFAC3DA2C2D079A6E0798756CB6E2A21F5F3FA9ECE1DDC22A6F3F6E9C9F785563A551F01CE7C929EB9C3C37CE5BEFA08CFFCFFF283462153E41128CCD4DEA
                          Malicious:false
                          Preview:.... .c.......6................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:Certificate, Version=3
                          Category:dropped
                          Size (bytes):1391
                          Entropy (8bit):7.705940075877404
                          Encrypted:false
                          SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                          MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                          SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                          SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                          SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                          Malicious:false
                          Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                          Category:dropped
                          Size (bytes):71954
                          Entropy (8bit):7.996617769952133
                          Encrypted:true
                          SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                          MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                          SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                          SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                          SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                          Malicious:false
                          Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):192
                          Entropy (8bit):2.7790941963225158
                          Encrypted:false
                          SSDEEP:3:kkFklJpS8hfllXlE/HT8k7zltNNX8RolJuRdxLlGB9lQRYwpDdt:kKESlT8EJTNMa8RdWBwRd
                          MD5:58EC59FA0BB76515BFDB501C5D56C9F9
                          SHA1:0A970DEA2829B2986FE2C72CE177502F352FCCE2
                          SHA-256:53BCF40A1E8CC96736310B38C19B403DEB11ECB688ACFE72EEFA86F08AE8F721
                          SHA-512:BFF99A8CAE64AD2D7EF863C63073E1D666F6B5440B224D1F2451CB6F5085EDC9802EB1F4D9FA4930B0C67ACE0D28B67F61FCFEB66586FC58B20F76BEEA9AF615
                          Malicious:false
                          Preview:p...... ...........A....(....................................................... ..........W....w>..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:modified
                          Size (bytes):328
                          Entropy (8bit):3.1211909433898986
                          Encrypted:false
                          SSDEEP:6:kKXZ9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:PIDnLNkPlE99SNxAhUe/3
                          MD5:A8E59D463C5768CBACD73D3934B57F05
                          SHA1:DE782EFC190AE4D083FE1701E1C3CF73F76F6D55
                          SHA-256:0C756EE10E04013624A31EC4FFCBDC951E0CABCD77D7E527CE3B3EE5FF5FEE36
                          SHA-512:B4A8A9F59794B1DC4A566252BA0D086B10DA9C34A3FF4E079BBBD86790F41ED8F2D36A2E275B04B71F062552C897377DBF8E075B053859AF33AD274888042049
                          Malicious:false
                          Preview:p...... ..........ue....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2120

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):185099
                          Entropy (8bit):5.182478651346149
                          Encrypted:false
                          SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                          MD5:94185C5850C26B3C6FC24ABC385CDA58
                          SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                          SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                          SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                          Malicious:false
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):185099
                          Entropy (8bit):5.182478651346149
                          Encrypted:false
                          SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                          MD5:94185C5850C26B3C6FC24ABC385CDA58
                          SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                          SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                          SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                          Malicious:false
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):295
                          Entropy (8bit):5.362093632070332
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXRYLwPn9VoZcg1vRcR0YGJGxoAvJM3g98kUwPeUkwRe9:YvXKXRBnEZc0vEOGMbLUkee9
                          MD5:08E51183675E53154BFC8CD188A4FCC4
                          SHA1:CD3B0FFDC85993E970E582486F9169734681E3DE
                          SHA-256:CB69A4AE27F8DDC87A72B1C5A4170358F7EB4EC9B07CCB3B05DB5226A11B37DD
                          SHA-512:A9B743CF91E0D80ADC4218171D599B9D4470553223136606BDD5DDD7229774A6DF563D497EF7D998642B70A88957D80DD47DCB112162BB943E5D26BD59DBEDA8
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"a6056e3f-216c-4a24-a0b6-50fe62f9148d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728592108711,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.310132326347621
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXRYLwPn9VoZcg1vRcR0YGJGxoAvJfBoTfXpnrPeUkwRe9:YvXKXRBnEZc0vEOGWTfXcUkee9
                          MD5:E9EDA397CA48918DAEFEC7DD1C555D13
                          SHA1:5BB44D7C3A6101B18EFE80A3279D0424BFE09FF7
                          SHA-256:35E6B5FA716A7F5ABCF1C6C732F054405C5578D96565514C448C5DAB976D0949
                          SHA-512:A637D053FD91C5ED34BFB6960D959D259D4D05BE266C15C3CC2749EA60068F65CD4FCF881300692E805709CCB1C42ACAD493AB2E4EB35359466FFCE8A6F50268
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"a6056e3f-216c-4a24-a0b6-50fe62f9148d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728592108711,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.289127361742697
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXRYLwPn9VoZcg1vRcR0YGJGxoAvJfBD2G6UpnrPeUkwRe9:YvXKXRBnEZc0vEOGR22cUkee9
                          MD5:53C5776BFAA018D67025DCA47B3DB70D
                          SHA1:AA16CC492C7E70430FF352101E6CBCCB69B88DA0
                          SHA-256:BAF101B7BFE42DCDE77429C6353BA7093016D9134C79A99D8B8425BA7F8DC3B0
                          SHA-512:BC55CF4DD6084F58EE881881A4886F510614C26F9378EE803E5C4878420134CC7FBC9D7AC4AA8E8202B738D32258AA0D71BF59967325A64194536147D7E2A9F7
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"a6056e3f-216c-4a24-a0b6-50fe62f9148d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728592108711,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):285
                          Entropy (8bit):5.349059585484898
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXRYLwPn9VoZcg1vRcR0YGJGxoAvJfPmwrPeUkwRe9:YvXKXRBnEZc0vEOGH56Ukee9
                          MD5:FCA05606816429FC346A2E581AB46DAB
                          SHA1:EE9EC8421D120AA843794D53BB64DB06F65DC6A9
                          SHA-256:BC59D4E8242758025A0E3C0A71EE03CEF6C1859DC3C54CAED580E1D25F697550
                          SHA-512:64DE96FBF6DB51EC7B13FE0DDC1C153B60C33BB7B9DB949A0C22D0597A45386003CD6114A87B7B0C641DDA66F60852ECAEA42BDB55DC5E477A38DD164F30D8F7
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"a6056e3f-216c-4a24-a0b6-50fe62f9148d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728592108711,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1091
                          Entropy (8bit):5.6912013886192625
                          Encrypted:false
                          SSDEEP:24:Yv6XRBEzvE7pLgE7cgD6SOGtnnl0RCmK8czOCYvSPG:YvIMc7hgs6SraAh8cvYKO
                          MD5:90F18AE574CED299A21E9BF761E3A0C6
                          SHA1:501DE0F1E2A8CED032D19C5B461476FAD81AAF6B
                          SHA-256:47A9F33ABC540F09E607AC36E5F92C5D19B0A8260CFE636029C6E0695CE2ECBA
                          SHA-512:5394F4A8279802F3E08F93D2F0CAB28F8483DA0D05CE36A13A24B4FA09AC8CB8FC77CC7C75D5842E6593095B8149454CD2E33512E616FB4EE75EEC4D5D94B1ED
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"a6056e3f-216c-4a24-a0b6-50fe62f9148d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728592108711,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_2","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"67a3a874-888f-4d96-9f3d-26e70c3e0be1","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgUERGIGZpbGVzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjoiUkdTMDM1MS1FTlUtQ2hhbGxlbmdlcjIifQ==","dataType":"ap

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1050
                          Entropy (8bit):5.65551681670801
                          Encrypted:false
                          SSDEEP:24:Yv6XRBEzvE3VLgEF0c7sbnl0RCmK8czOCYHflEpwiVqG:YvIMc3Fg6sGAh8cvYHWpwO
                          MD5:0535722BF40E87FA47AF12CF92AB8E33
                          SHA1:5F32825C297B511E87660173EDC231B0C9587DCD
                          SHA-256:65AB2A21A8B6A7F08752D7AF6CA768281AD7B9D94388745C20231AD1D4FB25F2
                          SHA-512:E505264BA79ECD066B43ACDA207A5C415DF9A120B257BBF480334DD7971AEF8934A2AA72AC2E04CE8D5A543F198F05CB6A2796824B05C3F14CBC2F3AADFA3F29
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"a6056e3f-216c-4a24-a0b6-50fe62f9148d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728592108711,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):292
                          Entropy (8bit):5.300213238896967
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXRYLwPn9VoZcg1vRcR0YGJGxoAvJfQ1rPeUkwRe9:YvXKXRBnEZc0vEOGY16Ukee9
                          MD5:409BA1DC832B0AADD37FCED103867292
                          SHA1:D73F5E08065CF2031C8713D536E9B441893D1283
                          SHA-256:586CE05BB97E930DBA1E63042C043F7FBC64F856B786B0CA31B39262C97833EC
                          SHA-512:A8C31F0D0D9488E308F49E119C033507C3A7C8D8FF94BB370F39AB5C185082DA45F673614CBD96286CA11918FFA1C580E4A4DA9B423C85135315DE7514AC6C46
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"a6056e3f-216c-4a24-a0b6-50fe62f9148d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728592108711,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1098
                          Entropy (8bit):5.689470232743263
                          Encrypted:false
                          SSDEEP:24:Yv6XRBEzvEm2LgEFcs2SOGt0nl0RCmK8czOCUaBtCrfSPG:YvIMcmogq2SrhAh8cvUgEmO
                          MD5:6FF7632ABD75FAD668D4FCFCE6386EBC
                          SHA1:DB5BE2E5CCAEAB04311F494A4E40DBFE56929C90
                          SHA-256:1028F519391D84E5868B2E88C72111ED5AAB873E6B32822FF09C06DCAAF9C9EC
                          SHA-512:ADD839DA3F10438EC61ED15EC154C8D99334233457919657F288D77D6222C6C85A249F889728178174409C21B822D663BA2A45FC6AFF933F4F6D8742E58C4F7A
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"a6056e3f-216c-4a24-a0b6-50fe62f9148d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728592108711,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_0","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"abdf1d9d-2114-4953-95a6-4eed783b9872","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlR1cm4gc2Nhbm5lZCBwYXBlciBkb2N1bWVudHNcbmludG8gaW5zdGFudGx5IGVkaXRhYmxlIFBERnMuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNoYWxsZW5nZXIyIn0=","dataTy

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1164
                          Entropy (8bit):5.699830658198342
                          Encrypted:false
                          SSDEEP:24:Yv6XRBEzvEKKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5qV:YvIMcKEgqprtrS5OZjSlwTmAfSKy
                          MD5:902DA212BE175250CE2321D0950CA4E1
                          SHA1:0509A8816B8F3BD6241E75EC29A35EAC996C59FB
                          SHA-256:68B1B4D0849AD76986352074C7D4BA3E366E51112B8BE3BF203E255D0B965560
                          SHA-512:808DEAF13436600978C1059A69CCE4777317E551A024132F0CFB0A2A46C3D8BCD08D7111A5EA36EA603C122D4C3509922737C05A3811BE942ACA91AC7F4325A2
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"a6056e3f-216c-4a24-a0b6-50fe62f9148d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728592108711,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):289
                          Entropy (8bit):5.30177115081129
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXRYLwPn9VoZcg1vRcR0YGJGxoAvJfYdPeUkwRe9:YvXKXRBnEZc0vEOGg8Ukee9
                          MD5:66B74A7497062FE833A2A732B9CBA10D
                          SHA1:B25AD805C95A50CD19285A7201662D7D7D1ED53C
                          SHA-256:53600D113D78A3E8C1762BCC03C738054928D966446BF2EA910DC124A5B0F57E
                          SHA-512:173F40045DDC41E88AA4CC093E961B6D043C66301DB84DDC6C98FD3580EE353BE6D9C1FF371E788E9F55B0704FDC2F71356EED71B927110A1D762A2D2378BFB4
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"a6056e3f-216c-4a24-a0b6-50fe62f9148d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728592108711,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1395
                          Entropy (8bit):5.780437067090259
                          Encrypted:false
                          SSDEEP:24:Yv6XRBEzvE5rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNCG:YvIMc5HgDv3W2aYQfgB5OUupHrQ9FJB
                          MD5:100B1DAB64C10A941D47E393E103A85F
                          SHA1:427AFB6C4AA62416CA7975D32FB2DFFAA48F6614
                          SHA-256:E662F67C40D5F54C8AB134DB26C6718FE45A925C560CADF219987AB9CACF4163
                          SHA-512:AA0370FF7832D03880715859027D63AD28169823F88CCC59E55CA914DA75DAE2E9A6BA1B0A5B4002ED692871C2769FAA5B71752CF69EDB9EFE1D37670E000DD4
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"a6056e3f-216c-4a24-a0b6-50fe62f9148d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728592108711,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):291
                          Entropy (8bit):5.285306075627344
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXRYLwPn9VoZcg1vRcR0YGJGxoAvJfbPtdPeUkwRe9:YvXKXRBnEZc0vEOGDV8Ukee9
                          MD5:947BE5032064054A6D076DCF5992B420
                          SHA1:A8661457AA3D617673DE3590DFF0363C72F96FEF
                          SHA-256:74736E854099DFDF4E7A221DD0E9D99FE9B6B60285CBBE73DC48A2BE3D82D8DB
                          SHA-512:2A96F5117672DA64EECE573ECC254835F56AF81BE092B715426745AEBC4A4EB8F92339AD2E2CD5E251881B9E7043E81D3DE6ABC86F321DFEE3324AA145801664
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"a6056e3f-216c-4a24-a0b6-50fe62f9148d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728592108711,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):287
                          Entropy (8bit):5.290277909222676
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXRYLwPn9VoZcg1vRcR0YGJGxoAvJf21rPeUkwRe9:YvXKXRBnEZc0vEOG+16Ukee9
                          MD5:671A668F3D90406E2E61D2AE554D5751
                          SHA1:FF229014A15ED87CC8FBC4481EF265201EFFE54C
                          SHA-256:445A7CF02B61E28F0838E9E10F1F735BA7F17283DE751DCDCC1C112EF15E8F07
                          SHA-512:BDD1B88C92469ED9AAA1178838EE344941EF3BD5C42E8E968F3ED9B2E7F0316790C16C6AD8B8BF87D9A0DCE70B9856B91B00032D80FFD9B6B0AB10506EB71D16
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"a6056e3f-216c-4a24-a0b6-50fe62f9148d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728592108711,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1054
                          Entropy (8bit):5.667653823252814
                          Encrypted:false
                          SSDEEP:24:Yv6XRBEzvE7amXayLgE6cTg4QSOGtNaqnl0RCmK8czOC/CrfSPG:YvIMcLBgSXQSrOAh8cv6mO
                          MD5:A19A3416973939CD2F8C6CE72123D6AE
                          SHA1:7A730EE64B790501122F07207A3CE795CFE81362
                          SHA-256:C6A2C2BB7CB129E18787C417536FAB7AB24967DE82A79A6BACF0577256C63012
                          SHA-512:D0AD21C145C50A1677EF563EAD903E4B330FF54899EE40759E2A52D12791EE3565735B4E91C2C9C362B474D3F083FFBD3E7BC1037D59A8DDFA571AEBAB5F5E86
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"a6056e3f-216c-4a24-a0b6-50fe62f9148d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728592108711,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_1","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"7fe39695-394c-4706-9b50-651e7499d428","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNoYWxsZW5nZXIyIn0=","dataType":"application\/json","encodingScheme":tru

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):286
                          Entropy (8bit):5.266645339087524
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXRYLwPn9VoZcg1vRcR0YGJGxoAvJfshHHrPeUkwRe9:YvXKXRBnEZc0vEOGUUUkee9
                          MD5:480654CC82FEA8B3065867F0F41EF3EE
                          SHA1:75E70CB1DB321FB42FE226A12FE512824E5195A1
                          SHA-256:79717F9FE32A082A052E0B5D2A19DDEAF2CD88734419432B7444D9F4DF0B80CE
                          SHA-512:25FCF7C400F4BDBF02C079E1029385E9640B80E939248A31AF1C046967BBB1682092B23DF163C129F910B4F033751E4618367A4294F6C25F345F7A8DF999F9F3
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"a6056e3f-216c-4a24-a0b6-50fe62f9148d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728592108711,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):782
                          Entropy (8bit):5.369830668096556
                          Encrypted:false
                          SSDEEP:12:YvXKXRBnEZc0vEOGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWd4RI:Yv6XRBEzvEY168CgEXX5kcIfANhPG
                          MD5:89CF5B8C729200418FE7F8AEADBED647
                          SHA1:A501FADC8F97B06FF1813F7A6149CA7A8264F158
                          SHA-256:D809C11B467E85D1CFAF63F9135F830FC3ECE80532D5944C0A7431E891E76306
                          SHA-512:695569D5653987A1FD4DCA8BD33F4230A902AC2F94182B39F02682E4138EBAC2499FB600BE6A01CB3F69A8252B9F510D55DBC60F4908A7831261A15A4756A53B
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"a6056e3f-216c-4a24-a0b6-50fe62f9148d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728592108711,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1728415273741}}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):4
                          Entropy (8bit):0.8112781244591328
                          Encrypted:false
                          SSDEEP:3:e:e
                          MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                          SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                          SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                          SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                          Malicious:false
                          Preview:....

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):2818
                          Entropy (8bit):5.132915217954572
                          Encrypted:false
                          SSDEEP:24:Y7zBTkVzauntayAAqkCKd2gLkqBrrpDBgjTOaj0Sordg2dFVs12LSCQpab57e4UF:Y7qhn/13gqBuC8Yymvy8QcbU4U9b
                          MD5:942A96E5DFE840AA225BABA02455339B
                          SHA1:C11E91DD65FECFBD76B734359140FBE18AE6B995
                          SHA-256:B9F1D9838A1F8E5377689B68C98267C5524B4532BC38497A8600769B44B6B07E
                          SHA-512:143DF83AC97A4ED4DBA15C8B71FC882CD5DBCF40933CB93000C1C258DADCBA45E247F395EB0F229D34773CCAD6558423D5EC476D33918F3FA268467FEE7312F6
                          Malicious:false
                          Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"0df6f4949de43cdecf8bca0239180b52","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1728415272000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"b7cae0bf12b782a4808d846db6a931e6","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1728415272000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"e6c6c0db94e5678dcec4c71f79ce7218","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1054,"ts":1728415272000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"739f60b8410b5deaef9f677ae802e35b","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1091,"ts":1728415272000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"45bb56e29334204c43ad23b525ca3a62","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1098,"ts":1728415272000},{"id":"Edit_InApp_Aug2020","info":{"dg":"730d4c17095e7ea8d45049c1f2cf1846","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                          Category:dropped
                          Size (bytes):12288
                          Entropy (8bit):1.187541596928701
                          Encrypted:false
                          SSDEEP:48:TGufl2GL7msEHUUUUUUUUcgSvR9H9vxFGiDIAEkGVvpA+:lNVmswUUUUUUUU7+FGSItz
                          MD5:287B811AD295919221E17148580BA854
                          SHA1:B29F33A395EDDE166FB7F93D61D66C98D4032BF6
                          SHA-256:2B2CA08B29F4385BA55A5988D11A502123735392E3B34AEC0E7EE84AB71A3E6D
                          SHA-512:0733F52AA3FB99356FDC1C1E040E28849F1379B038645F0A1C6071D0BA69B117AC1C5C28EE7F36C4781B87C900310F5588F95E0BB94EA016FF4653C279359F85
                          Malicious:false
                          Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite Rollback Journal
                          Category:dropped
                          Size (bytes):8720
                          Entropy (8bit):1.6056947218450124
                          Encrypted:false
                          SSDEEP:48:7MsKUUUUUUUUUUcSvR9H9vxFGiDIAEkGVvcqFl2GL7msy:7wUUUUUUUUUUHFGSItmKVmsy
                          MD5:5F6BE7FF03A5F148C1381FC91AD4EEC0
                          SHA1:7CD7E71DDC600CD5B415EDB86BBAD73261F728B4
                          SHA-256:552793FE569FD97CA1585D7DDFAF56ABE8B6217AA10092C972D8CE2F4DC1C887
                          SHA-512:339A4327497A829896D4D9BA984038065390DF9B8DFABDCC97C19B2FBB3BFF5C4D1BDCE38605B3D93424686C22BECD9491CD77C8096CC0003943AF54DF567D05
                          Malicious:false
                          Preview:.... .c.......U.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Temp\MSI18c26.LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):246
                          Entropy (8bit):3.5085442896850614
                          Encrypted:false
                          SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8ejqWKB:Qw946cPbiOxDlbYnuRK/I
                          MD5:868F82B922DF3AAA3658D588BDB9C5E5
                          SHA1:855571A59C6D26FFA3B9FEC3375792B08C7C72A8
                          SHA-256:4876ACD3DA1E4F9ACC5FDEA36416005E2A19807ABDA81F38B7F2971A80E186EC
                          SHA-512:E739A556140477E89B3947DCD9F95CB57D9E7D8D3E145A7E0AAE4CF962C3AAA2EEB5A45DF26E5EB7E094DB2B7C3BCB4D71965399373A2772F214B0796E766ABF
                          Malicious:false
                          Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.8./.1.0./.2.0.2.4. . .1.5.:.2.1.:.1.5. .=.=.=.....

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-08 15-21-09-490.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with very long lines (393)
                          Category:dropped
                          Size (bytes):16525
                          Entropy (8bit):5.345946398610936
                          Encrypted:false
                          SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                          MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                          SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                          SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                          SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                          Malicious:false
                          Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with very long lines (393), with CRLF line terminators
                          Category:dropped
                          Size (bytes):15114
                          Entropy (8bit):5.339764864166001
                          Encrypted:false
                          SSDEEP:384:pXJyxrgHHY53rMQQVz0ZISeHrIuTOC+JVOHtD39jDclC4EY4YLxde1ej67t4AvXZ:p+w
                          MD5:CD517DDEB32771037FF0C87F9CF03193
                          SHA1:B5DB40BB2F494824650186E15961A86DFA7639ED
                          SHA-256:1A52C51C7BE57730821DB3AC8132160286B3199B5D317CF53D65E22B2DFF7D87
                          SHA-512:B2705F5CD27FA7B245C85A1E530E8C9D983FA55BB9B0D49B5AE4133703BC0F7B6024240446E6E0C74321427013611885E03B0D52313B6840164ABBBEBE47B0B9
                          Malicious:false
                          Preview:SessionID=390789a0-7859-4c08-9e90-82f67157ad65.1728415269507 Timestamp=2024-10-08T15:21:09:507-0400 ThreadID=7904 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=390789a0-7859-4c08-9e90-82f67157ad65.1728415269507 Timestamp=2024-10-08T15:21:09:508-0400 ThreadID=7904 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=390789a0-7859-4c08-9e90-82f67157ad65.1728415269507 Timestamp=2024-10-08T15:21:09:508-0400 ThreadID=7904 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=390789a0-7859-4c08-9e90-82f67157ad65.1728415269507 Timestamp=2024-10-08T15:21:09:508-0400 ThreadID=7904 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=390789a0-7859-4c08-9e90-82f67157ad65.1728415269507 Timestamp=2024-10-08T15:21:09:508-0400 ThreadID=7904 Component=ngl-lib_NglAppLib Description="SetConf

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):29752
                          Entropy (8bit):5.385327686470429
                          Encrypted:false
                          SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r/:r
                          MD5:855F4F08939E43D301FFF12E152BF2DB
                          SHA1:7A35550CBBC9C132CD2221064897F33A1943388E
                          SHA-256:FD3B7D92EAB5A7CECAB8201D3E07EF3DCBAE50798E29324A228299FAA42B5F67
                          SHA-512:20D36D6D29854D72F45916340AEDF518AA6B6512C2FD12AEE0DC09C45B210D2E35D63899018C0C82D8B97DAF4378BF13D13241B1F23180BB220A7C173440AE19
                          Malicious:false
                          Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                          C:\Users\user\AppData\Local\Temp\acrocef_low\28acff8e-f196-470b-bd3f-0e2cddea2942.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                          Category:dropped
                          Size (bytes):386528
                          Entropy (8bit):7.9736851559892425
                          Encrypted:false
                          SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                          MD5:5C48B0AD2FEF800949466AE872E1F1E2
                          SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                          SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                          SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                          Malicious:false
                          Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                          C:\Users\user\AppData\Local\Temp\acrocef_low\493a2d44-8a14-412b-bb51-7f1a6e410ebf.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                          Category:dropped
                          Size (bytes):1407294
                          Entropy (8bit):7.97605879016224
                          Encrypted:false
                          SSDEEP:24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07tOWLaGZ4ZwYIGNPS:RB3mlind9i4ufFXpAXkrfUs0kWLaGZ48
                          MD5:1D64D25345DD73F100517644279994E6
                          SHA1:DE807F82098D469302955DCBE1A963CD6E887737
                          SHA-256:0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC
                          SHA-512:C0A37437F84B4895A7566E278046CFD50558AD84120CA0BD2EAD2259CA7A30BD67F0BDC4C043D73257773C607259A64B6F6AE4987C8B43BB47241F3C78EB9416
                          Malicious:false
                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                          C:\Users\user\AppData\Local\Temp\acrocef_low\b4d1dc5f-b609-4cb0-8ebe-89e95da87e75.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                          Category:dropped
                          Size (bytes):1419751
                          Entropy (8bit):7.976496077007677
                          Encrypted:false
                          SSDEEP:24576:/M7ouWLaGZjZwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLaGZjZwZGk3mlind9i4ufFXpAXkru
                          MD5:AE1E8A5D3E7B2198980A0CA16DE5F3D3
                          SHA1:A1DB2C58AFC81E6A114A8EB47BE0243956F79460
                          SHA-256:8C2E1B13F6658714D51737D6745FE065B87497923945AB3028706A4171C8328F
                          SHA-512:5B36CF0982C5AFED5CCEA4B30A0B31A2B5312FBF5438623D53153E076B59F1B4BEF8C08695EA74E086BCA4EF7221889DB977B5DCFF4C684BA0683FDDECDE2EC4
                          Malicious:false
                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                          C:\Users\user\AppData\Local\Temp\acrocef_low\c8534a64-b329-47d9-a331-b740c215c5dd.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                          Category:dropped
                          Size (bytes):758601
                          Entropy (8bit):7.98639316555857
                          Encrypted:false
                          SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                          MD5:3A49135134665364308390AC398006F1
                          SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                          SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                          SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                          Malicious:false
                          Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                          Static File Info

                          General

                          File type:PDF document, version 1.7, 1 pages
                          Entropy (8bit):7.902446681844504
                          TrID:
                          • Adobe Portable Document Format (5005/1) 100.00%
                          File name:Inv. 7315 Techtronic 10.04.2024.pdf
                          File size:27'032 bytes
                          MD5:cb63ab3c6aec0a326c132c26c6da48b8
                          SHA1:887db00c0c7f88d87ae2f9426ba3f33e08b508cd
                          SHA256:4d77d92b6edf33f3310ef7e6729822a6cccd6f9e967491248d1df58db72ce02c
                          SHA512:56a70d33cbd010868f5d435a3b5d6c8de9418b1c5c981895936757dd7e2039e9af2e767d14715d3146abf2c07191b53850e31d590748963582d5037de6e3ca8c
                          SSDEEP:768:hBngUtrKOjhP89sVRm1FvwEfBoRW+X2arJo62YxILZBTphe:rVwF75o0xarkldm
                          TLSH:1AC2CF189745ACDC925743F26F444827BB5ED079704CA8E22D8E434B9E81EEBEA534A2
                          File Content Preview:%PDF-1.7..4 0 obj..<</Type /Page/Parent 3 0 R/Contents 5 0 R/MediaBox [0 0 612 792]/Resources<</Font<</FAAAAH 7 0 R/FAAAAJ 9 0 R/FAAABC 12 0 R>>/XObject<</X1 14 0 R/X2 15 0 R>>>>/Group <</Type/Group/S/Transparency/CS/DeviceRGB>>>>..endobj..5 0 obj..<</Len

                          File Icon

                          Icon Hash:62cc8caeb29e8ae0

                          Static PDF Info

                          General

                          Header:%PDF-1.7
                          Total Entropy:7.902447
                          Total Bytes:27032
                          Stream Entropy:7.974447
                          Stream Bytes:23569
                          Entropy outside Streams:5.265772
                          Bytes outside Streams:3463
                          Number of EOF found:1
                          Bytes after EOF:

                          Keywords Statistics

                          NameCount
                          obj23
                          endobj23
                          stream6
                          endstream6
                          xref0
                          trailer0
                          startxref1
                          /Page1
                          /Encrypt0
                          /ObjStm0
                          /URI0
                          /JS0
                          /JavaScript0
                          /AA0
                          /OpenAction0
                          /AcroForm0
                          /JBIG2Decode0
                          /RichMedia0
                          /Launch0
                          /EmbeddedFile0

                          Image Streams

                          IDDHASHMD5Preview
                          148dcd0507cd95431bdb7629d2ddf09a03f86b9c76d775cd38
                          150000000000000000631b364375d0dec4310692a54cc4b030

                          Network Behavior

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Oct 8, 2024 21:21:20.619359970 CEST49742443192.168.2.423.200.196.138
                          Oct 8, 2024 21:21:20.619396925 CEST4434974223.200.196.138192.168.2.4
                          Oct 8, 2024 21:21:20.619452953 CEST49742443192.168.2.423.200.196.138
                          Oct 8, 2024 21:21:20.619838953 CEST49742443192.168.2.423.200.196.138
                          Oct 8, 2024 21:21:20.619849920 CEST4434974223.200.196.138192.168.2.4
                          Oct 8, 2024 21:21:21.218873024 CEST4434974223.200.196.138192.168.2.4
                          Oct 8, 2024 21:21:21.219357967 CEST49742443192.168.2.423.200.196.138
                          Oct 8, 2024 21:21:21.219379902 CEST4434974223.200.196.138192.168.2.4
                          Oct 8, 2024 21:21:21.222929955 CEST4434974223.200.196.138192.168.2.4
                          Oct 8, 2024 21:21:21.223320007 CEST49742443192.168.2.423.200.196.138
                          Oct 8, 2024 21:21:21.226130962 CEST49742443192.168.2.423.200.196.138
                          Oct 8, 2024 21:21:21.226130962 CEST49742443192.168.2.423.200.196.138
                          Oct 8, 2024 21:21:21.226144075 CEST4434974223.200.196.138192.168.2.4
                          Oct 8, 2024 21:21:21.226191998 CEST4434974223.200.196.138192.168.2.4
                          Oct 8, 2024 21:21:21.273799896 CEST49742443192.168.2.423.200.196.138
                          Oct 8, 2024 21:21:21.273812056 CEST4434974223.200.196.138192.168.2.4
                          Oct 8, 2024 21:21:21.320589066 CEST49742443192.168.2.423.200.196.138
                          Oct 8, 2024 21:21:21.332665920 CEST4434974223.200.196.138192.168.2.4
                          Oct 8, 2024 21:21:21.332842112 CEST4434974223.200.196.138192.168.2.4
                          Oct 8, 2024 21:21:21.332962036 CEST49742443192.168.2.423.200.196.138
                          Oct 8, 2024 21:21:21.333532095 CEST49742443192.168.2.423.200.196.138
                          Oct 8, 2024 21:21:21.333551884 CEST4434974223.200.196.138192.168.2.4
                          Oct 8, 2024 21:21:21.333606958 CEST49742443192.168.2.423.200.196.138
                          Oct 8, 2024 21:21:21.333750010 CEST49742443192.168.2.423.200.196.138

                          UDP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Oct 8, 2024 21:21:20.210526943 CEST6332553192.168.2.41.1.1.1

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Oct 8, 2024 21:21:20.210526943 CEST192.168.2.41.1.1.10xf09dStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Oct 8, 2024 21:21:20.218895912 CEST1.1.1.1192.168.2.40xf09dNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                          Oct 8, 2024 21:21:20.910590887 CEST1.1.1.1192.168.2.40x10eaNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCNAME (Canonical name)IN (0x0001)false
                          Oct 8, 2024 21:21:20.910590887 CEST1.1.1.1192.168.2.40x10eaNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.59.35A (IP address)IN (0x0001)false
                          Oct 8, 2024 21:21:20.910590887 CEST1.1.1.1192.168.2.40x10eaNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.211.24A (IP address)IN (0x0001)false
                          Oct 8, 2024 21:21:20.910590887 CEST1.1.1.1192.168.2.40x10eaNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.59.34A (IP address)IN (0x0001)false
                          Oct 8, 2024 21:21:20.910590887 CEST1.1.1.1192.168.2.40x10eaNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.211.39A (IP address)IN (0x0001)false
                          Oct 8, 2024 21:21:20.910590887 CEST1.1.1.1192.168.2.40x10eaNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.212.68A (IP address)IN (0x0001)false
                          Oct 8, 2024 21:21:20.910590887 CEST1.1.1.1192.168.2.40x10eaNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.211.37A (IP address)IN (0x0001)false
                          Oct 8, 2024 21:21:20.910590887 CEST1.1.1.1192.168.2.40x10eaNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.59.36A (IP address)IN (0x0001)false
                          Oct 8, 2024 21:21:20.910590887 CEST1.1.1.1192.168.2.40x10eaNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.211.34A (IP address)IN (0x0001)false

                          HTTP Request Dependency Graph

                          • armmf.adobe.com

                          HTTPS Proxied Packets

                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.44974223.200.196.1384437316C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          TimestampBytes transferredDirectionData
                          2024-10-08 19:21:21 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                          Host: armmf.adobe.com
                          Connection: keep-alive
                          Accept-Language: en-US,en;q=0.9
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                          Sec-Fetch-Site: same-origin
                          Sec-Fetch-Mode: no-cors
                          Sec-Fetch-Dest: empty
                          Accept-Encoding: gzip, deflate, br
                          If-None-Match: "78-5faa31cce96da"
                          If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                          2024-10-08 19:21:21 UTC198INHTTP/1.1 304 Not Modified
                          Content-Type: text/plain; charset=UTF-8
                          Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                          ETag: "78-5faa31cce96da"
                          Date: Tue, 08 Oct 2024 19:21:21 GMT
                          Connection: close


                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:0
                          Start time:15:21:06
                          Start date:08/10/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Inv. 7315 Techtronic 10.04.2024.pdf"
                          Imagebase:0x7ff6bc1b0000
                          File size:5'641'176 bytes
                          MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:1
                          Start time:15:21:06
                          Start date:08/10/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                          Imagebase:0x7ff74bb60000
                          File size:3'581'912 bytes
                          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:3
                          Start time:15:21:06
                          Start date:08/10/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1748,i,11195147955471208410,11915245055929868640,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                          Imagebase:0x7ff74bb60000
                          File size:3'581'912 bytes
                          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          Disassembly

                          No disassembly