Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
20241009_081551.pdf

Overview

General Information

Sample name:20241009_081551.pdf
Analysis ID:1530834
MD5:f484e5a411a8fce3b83b52394a38e5fd
SHA1:9ae19978c161dec8cc2bf731b0d66704be6a6214
SHA256:d701f941b2385fca99c95a47f71e6271f4a3866541236410d147f4e62ebe051f
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7340 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\20241009_081551.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7524 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7716 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1732,i,17494166975454114938,2148100432959137793,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.4:49746 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49746 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49746 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49746 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49746 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49746 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49746 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49746 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49746 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49746 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49746 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.4:49746
Source: global trafficTCP traffic: 192.168.2.4:49746 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49746 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.4:49746
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.4:49746
Source: global trafficTCP traffic: 192.168.2.4:49746 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.4:49746
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.4:49746
Source: global trafficTCP traffic: 192.168.2.4:49746 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49746 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.4:49746
Source: global trafficTCP traffic: 192.168.2.4:49746 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.4:49746
Source: global trafficTCP traffic: 192.168.2.4:49746 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.4:49746
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.4:49746
Source: global trafficTCP traffic: 192.168.2.4:49746 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.4:49746 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.4:49746
Source: Joe Sandbox ViewIP Address: 23.200.196.138 23.200.196.138
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: classification engineClassification label: clean2.winPDF@14/47@3/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7428Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-10 09-40-33-623.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\20241009_081551.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1732,i,17494166975454114938,2148100432959137793,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1732,i,17494166975454114938,2148100432959137793,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 20241009_081551.pdfInitial sample: PDF keyword /JS count = 0
Source: 20241009_081551.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: 20241009_081551.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1530834 Sample: 20241009_081551.pdf Startdate: 10/10/2024 Architecture: WINDOWS Score: 2 14 x1.i.lencr.org 2->14 7 Acrobat.exe 20 76 2->7         started        process3 process4 9 AcroCEF.exe 106 7->9         started        process5 11 AcroCEF.exe 2 9->11         started        dnsIp6 16 23.200.196.138, 443, 49746 NOS_COMUNICACOESPT United States 11->16

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		unknown
    x1.i.lencr.org
    		unknown
    		unknownfalse
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
      • URL Reputation: safe
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      23.200.196.138
      		unknownUnited States
      		2860NOS_COMUNICACOESPTfalse

      General Information

      Joe Sandbox version:41.0.0 Charoite
      Analysis ID:1530834
      Start date and time:2024-10-10 15:39:36 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 4m 11s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:defaultwindowspdfcookbook.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:10
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:20241009_081551.pdf
      Detection:CLEAN
      Classification:clean2.winPDF@14/47@3/1
      EGA Information:Failed
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 0
      • Number of non-executed functions: 0
      Cookbook Comments:
      • Found application associated with file extension: .pdf
      • Found PDF document
      • Close Viewer

      Warnings

      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 23.57.19.119, 2.19.11.122, 2.19.11.121, 23.22.254.206, 52.5.13.197, 54.227.187.23, 52.202.204.11, 162.159.61.3, 172.64.41.3, 199.232.210.172, 23.3.109.48, 2.19.126.149, 2.19.126.143, 104.76.201.34
      • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
      • Not all processes where analyzed, report is missing behavior information
      • VT rate limit hit for: 20241009_081551.pdf

      Simulations

      Behavior and APIs

      TimeTypeDescription
      09:40:43API Interceptor3x Sleep call for process: AcroCEF.exe modified

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      23.200.196.138N-Access New e-Fax Court Notice...pdfGet hashmaliciousUnknownBrowse
        report_209.pdfGet hashmaliciousUnknownBrowse
          Statement 2024-14.pdfGet hashmaliciousUnknownBrowse
            uenic.msiGet hashmaliciousUnknownBrowse
              https://img1.wsimg.com/blobby/go/672d0f54-9add-420a-a58c-ef66bcb1ba03/downloads/sijapej.pdfGet hashmaliciousUnknownBrowse
                c.cmdGet hashmaliciousCarnavalHeistBrowse
                  Voice_Message.pdfGet hashmaliciousHTMLPhisherBrowse
                    ADJUSTMENT ON PAY RISE FOR ALL FACULTY AND STAFF.pdfGet hashmaliciousHTMLPhisherBrowse
                      v2.1.pdfGet hashmaliciousUnknownBrowse
                        Sfoster REM.993510.pdfGet hashmaliciousUnknownBrowse

                          Domains

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          bg.microsoft.map.fastly.nethttps://www.tiktok.com/////link/v2?aid=1988&lang=enpihd7s&scene=bio_url&target=www.google.com/url?q%3DIrfT8NMLx6QPaJgv6Z3g%26rct%3DqsUbQmXhZ93d4gNXIWaR%26sa%3Dt%26esrc%3DEgJeLX8CAl11DNSW7pgH%26source%3D%26cd%3D9X3EYbyCMUoB46Jqpszn%26cad%3Dz64Ndl7J844jI5EH33et%26ved%3D36LRX1krI3rPMEZVSMU2%26uact%3D%2520%26url%3Damp%252Fcharterbytheseat%252Ecom%252F&source=gmail&ust=1725986149001000&usg=AOvVaw1kdi6SPX1NGpGYFWhG_1Z7Get hashmaliciousUnknownBrowse
                          • 199.232.214.172
                          https://nicholstyreman.com/Get hashmaliciousHtmlDropperBrowse
                          • 199.232.210.172
                          https://clickproxy.retailrocket.net/?url=https://veritasbd.net//cgibin/bin/philipp.ettle/cGhpbGlwcC5ldHRsZUBid3QtcGhhcm1hLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                          • 199.232.214.172
                          jQw7LVWJYw.exeGet hashmaliciousUnknownBrowse
                          • 199.232.210.172
                          https://uk01.l.antigena.com/l/gSyI41Gz96sNln53sagX7eNcywQQOoEnYDagSj-Ka4rmvUc~~ge2uUdYhkRZf~qdeCYR20MfqPF0Cl22iQAPA~D-kwryf6JMugP38-hVRau_ADDrbJG64mdp-ZsyZX_NR5Aqy8QOMomREd_j~F2RHekIK09DCim8Shqfhw4hZXnXF1DPP7U2UTL09nH60jVmeQTVNhtpj6BYLNdVUlIVUBIDlYaiNtMQkkHjcq1woyuQdpbGd~TSAUVGet hashmaliciousUnknownBrowse
                          • 199.232.210.172
                          http://beststarsoffers.click/img/FJHpEbd9pzMLCgDTGet hashmaliciousUnknownBrowse
                          • 199.232.210.172
                          file.exeGet hashmaliciousStealcBrowse
                          • 199.232.210.172
                          https://loadfile.komanda.cl/Get hashmaliciousUnknownBrowse
                          • 199.232.210.172
                          file.exeGet hashmaliciousCredential FlusherBrowse
                          • 199.232.214.172
                          https://or4t.iednationusa.com/sYyRdjOUGet hashmaliciousUnknownBrowse
                          • 199.232.214.172

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          NOS_COMUNICACOESPTpqb9xEwv5y.elfGet hashmaliciousUnknownBrowse
                          • 95.94.188.217
                          https://www.mediafire.com/file/dl1ll51b96z8hcb/paginas_para_descargar_Vectores_gratis_2018.zip/fileGet hashmaliciousUnknownBrowse
                          • 23.200.197.152
                          N-Access New e-Fax Court Notice...pdfGet hashmaliciousUnknownBrowse
                          • 23.200.196.138
                          nuklear.arm.elfGet hashmaliciousUnknownBrowse
                          • 109.48.68.27
                          na.elfGet hashmaliciousUnknownBrowse
                          • 109.50.110.204
                          na.elfGet hashmaliciousMiraiBrowse
                          • 85.138.23.90
                          na.elfGet hashmaliciousMiraiBrowse
                          • 83.132.202.1
                          na.elfGet hashmaliciousMiraiBrowse
                          • 95.94.164.64
                          na.elfGet hashmaliciousMiraiBrowse
                          • 95.94.164.86
                          na.elfGet hashmaliciousMiraiBrowse
                          • 95.94.139.80

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):292
                          Entropy (8bit):5.151603728716165
                          Encrypted:false
                          SSDEEP:6:LDgOq2Pwkn2nKuAl9OmbnIFUt8OPsZmw+ORkwOwkn2nKuAl9OmbjLJ:LDgOvYfHAahFUt8OPs/+OR5JfHAaSJ
                          MD5:02F67E51E958ED7D1B1A2A4841066D84
                          SHA1:797C0A6E4696156081A6B78898E75346178EDBC2
                          SHA-256:1F86EAF1D5E9BC3010AB31883BEA77E642E7DDCFFA782AAFBB7731D9A6FE996E
                          SHA-512:03025F840DBAD5419733421D65BC90836BE2DDCC4C711764FCDD87F56196C9C94C5503998585001E6B5A778C7F346651FAFC765150ECAE27C917E25087FC2471
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/10-09:40:31.042 1d80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/10-09:40:31.046 1d80 Recovering log #3.2024/10/10-09:40:31.047 1d80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):292
                          Entropy (8bit):5.151603728716165
                          Encrypted:false
                          SSDEEP:6:LDgOq2Pwkn2nKuAl9OmbnIFUt8OPsZmw+ORkwOwkn2nKuAl9OmbjLJ:LDgOvYfHAahFUt8OPs/+OR5JfHAaSJ
                          MD5:02F67E51E958ED7D1B1A2A4841066D84
                          SHA1:797C0A6E4696156081A6B78898E75346178EDBC2
                          SHA-256:1F86EAF1D5E9BC3010AB31883BEA77E642E7DDCFFA782AAFBB7731D9A6FE996E
                          SHA-512:03025F840DBAD5419733421D65BC90836BE2DDCC4C711764FCDD87F56196C9C94C5503998585001E6B5A778C7F346651FAFC765150ECAE27C917E25087FC2471
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/10-09:40:31.042 1d80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/10-09:40:31.046 1d80 Recovering log #3.2024/10/10-09:40:31.047 1d80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):336
                          Entropy (8bit):5.168652884736982
                          Encrypted:false
                          SSDEEP:6:Lzi34q2Pwkn2nKuAl9Ombzo2jMGIFUt8OY3JZmw+OjLDkwOwkn2nKuAl9Ombzo23:Lzi34vYfHAa8uFUt8OY3J/+OjLD5JfHA
                          MD5:25B3130F46FBF3F2A0195D1D29B28EA8
                          SHA1:A95574F44B57B7792B41BD90C8EA9E0B8AF2CDDE
                          SHA-256:92D539737D45015CC72A7EBAADECEF7713B52012E69B6F91DC0FAD54780321BF
                          SHA-512:FBFC178CF5C7AE33A9F86C62713FE8C2C79B3EE38E541BD54ADBF1AA9B9EC62D0A7580AF3D56BCD815BF95AD5D115FF3A2B2656ACE6FCB244E5C5A7239D5FFF4
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/10-09:40:31.085 1e64 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/10-09:40:31.087 1e64 Recovering log #3.2024/10/10-09:40:31.088 1e64 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):336
                          Entropy (8bit):5.168652884736982
                          Encrypted:false
                          SSDEEP:6:Lzi34q2Pwkn2nKuAl9Ombzo2jMGIFUt8OY3JZmw+OjLDkwOwkn2nKuAl9Ombzo23:Lzi34vYfHAa8uFUt8OY3J/+OjLD5JfHA
                          MD5:25B3130F46FBF3F2A0195D1D29B28EA8
                          SHA1:A95574F44B57B7792B41BD90C8EA9E0B8AF2CDDE
                          SHA-256:92D539737D45015CC72A7EBAADECEF7713B52012E69B6F91DC0FAD54780321BF
                          SHA-512:FBFC178CF5C7AE33A9F86C62713FE8C2C79B3EE38E541BD54ADBF1AA9B9EC62D0A7580AF3D56BCD815BF95AD5D115FF3A2B2656ACE6FCB244E5C5A7239D5FFF4
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/10-09:40:31.085 1e64 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/10-09:40:31.087 1e64 Recovering log #3.2024/10/10-09:40:31.088 1e64 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\10088c24-08a1-4786-9be6-855685d9b420.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:modified
                          Size (bytes):475
                          Entropy (8bit):4.961305759039287
                          Encrypted:false
                          SSDEEP:12:YH/um3RA8sqyG0sBdOg2Hucaq3QYiubInP7E4T3y:Y2sRds+dMHR3QYhbG7nby
                          MD5:12482945A07C22BEBDC686DFCB9578FB
                          SHA1:DA688E36E31FAA631387E962A5678A2E18FF498B
                          SHA-256:F41FF62D4F6DCC62BAA6741E4D44BF2FAF5127A9E72F9CC5833A9ABA845DF7C7
                          SHA-512:DA134AF16FA83E35D3B64AC8BBA50975212F36FA40F1D0B756FAD544BB8DAFE7313DC6C6C89BD6FE06F69DE32DDE295DAD8AF049B09A3AC9463CB5EE61938121
                          Malicious:false
                          Reputation:low
                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13373127643453707","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":142494},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):475
                          Entropy (8bit):4.961305759039287
                          Encrypted:false
                          SSDEEP:12:YH/um3RA8sqyG0sBdOg2Hucaq3QYiubInP7E4T3y:Y2sRds+dMHR3QYhbG7nby
                          MD5:12482945A07C22BEBDC686DFCB9578FB
                          SHA1:DA688E36E31FAA631387E962A5678A2E18FF498B
                          SHA-256:F41FF62D4F6DCC62BAA6741E4D44BF2FAF5127A9E72F9CC5833A9ABA845DF7C7
                          SHA-512:DA134AF16FA83E35D3B64AC8BBA50975212F36FA40F1D0B756FAD544BB8DAFE7313DC6C6C89BD6FE06F69DE32DDE295DAD8AF049B09A3AC9463CB5EE61938121
                          Malicious:false
                          Reputation:low
                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13373127643453707","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":142494},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):4730
                          Entropy (8bit):5.253803920754226
                          Encrypted:false
                          SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo73VQ00QZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goD
                          MD5:C8392BE7F796283E38141EF91830FCB6
                          SHA1:FBBAA3C699048EB8A28080162DE31C939703035E
                          SHA-256:5AE33D9CA6DB799FAF38F7B6E9970C9398FE992663C653C03592D5D1B602BAAC
                          SHA-512:3581610818BBDD008ECBA6D6BD6098138D01A0EB228532AE63E0208E0A5A86DA42B0153D9130F25E5884FF882E104BFB67D45361F84117D519BA394B9E5032CE
                          Malicious:false
                          Reputation:low
                          Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):324
                          Entropy (8bit):5.139574081225497
                          Encrypted:false
                          SSDEEP:6:PcH34q2Pwkn2nKuAl9OmbzNMxIFUt8K9UJZmw+KCF3DkwOwkn2nKuAl9OmbzNMFd:PcH34vYfHAa8jFUt8K2J/+KCND5JfHAo
                          MD5:6114E3AF8689E76A66B2127DE0A94C26
                          SHA1:42F798E8513F7DA0D24C24406DBFA11043B4CE47
                          SHA-256:FBF0526D6F0A163A8BA7232A03D4C21EDFC811FD451C345E497D08D1813E73D7
                          SHA-512:491BC682C182691325E5DEF2400A231375A0A091212BD83282AAEE005F4AC2637682BDBD168FD81A6CBD436D058A46D517F603DAEA1E295253C680100BAF8472
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/10-09:40:31.427 1e64 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/10-09:40:31.429 1e64 Recovering log #3.2024/10/10-09:40:31.430 1e64 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):324
                          Entropy (8bit):5.139574081225497
                          Encrypted:false
                          SSDEEP:6:PcH34q2Pwkn2nKuAl9OmbzNMxIFUt8K9UJZmw+KCF3DkwOwkn2nKuAl9OmbzNMFd:PcH34vYfHAa8jFUt8K2J/+KCND5JfHAo
                          MD5:6114E3AF8689E76A66B2127DE0A94C26
                          SHA1:42F798E8513F7DA0D24C24406DBFA11043B4CE47
                          SHA-256:FBF0526D6F0A163A8BA7232A03D4C21EDFC811FD451C345E497D08D1813E73D7
                          SHA-512:491BC682C182691325E5DEF2400A231375A0A091212BD83282AAEE005F4AC2637682BDBD168FD81A6CBD436D058A46D517F603DAEA1E295253C680100BAF8472
                          Malicious:false
                          Preview:2024/10/10-09:40:31.427 1e64 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/10-09:40:31.429 1e64 Recovering log #3.2024/10/10-09:40:31.430 1e64 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241010134035Z-160.bmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                          Category:dropped
                          Size (bytes):65110
                          Entropy (8bit):5.611422133489269
                          Encrypted:false
                          SSDEEP:1536:kwxT2bJoT9oh92JgHfTNvmK1+33yGgnHlA9kSdXI:kwxifhQmHr9mK1ExvkgXI
                          MD5:82EC8CCEE6171802269A85B62824279C
                          SHA1:95092DC7410574ED8B18363ED5B1D483352EA72D
                          SHA-256:C00C33D9C2353E371D6B9194D7FFF208F54BFD642B31684FF0809A3CA3BF41A6
                          SHA-512:29F4CBE5978C46C2E07A37A4C2711E964859714235A8DB28AD85170433BABE3142C3D465B36D80DF3CFFAC287EF466789E13B439162A2C61654102A1FE99431C
                          Malicious:false
                          Preview:BMV.......6...(...k...h..... ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                          Category:dropped
                          Size (bytes):86016
                          Entropy (8bit):4.444810385513243
                          Encrypted:false
                          SSDEEP:384:yezci5tWiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rZs3OazzU89UTTgUL
                          MD5:712F88A0CF5ED0FBE9149FABE90D6AB5
                          SHA1:CA5CD1E1C1B0CDF85205CA17F3976821B6E9EC92
                          SHA-256:8BDA8FF19C5B3A0701255C323DE895A645E34C87BBD0A50F1AF11775918BBD86
                          SHA-512:A4116C5894130E7C283ED6205F8A2F7F226448C6D366C246B5EC9EEC08D3417CBF8879BC48542209D62C4523AE736D4C3BCA801504FF1388CECE684F2F2755C2
                          Malicious:false
                          Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite Rollback Journal
                          Category:dropped
                          Size (bytes):8720
                          Entropy (8bit):3.7746356671092762
                          Encrypted:false
                          SSDEEP:48:7MRp/E2ioyVFioy9oWoy1Cwoy1BKOioy1noy1AYoy1Wioy1hioybioyZoy1noy1g:7qpjuFFAXKQcDb9IVXEBodRBko
                          MD5:20598710A42B5A8621E572626D588FE6
                          SHA1:0562C6C25CAB90950BB9052285F4EE2A907FCE93
                          SHA-256:9C7ACEE09EDA534D30073414B9F5616E3B615565E34E0CB48EF5CBF9F99BB218
                          SHA-512:79BD277F06E8112B8E853A7E06C48F61DBD94E9446BB9A501188BF30C3C395F59C769B7B178D1D039DC2430765F3E899DE0AA1BB89BEBA41197B35330797A043
                          Malicious:false
                          Preview:.... .c........`...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:Certificate, Version=3
                          Category:dropped
                          Size (bytes):1391
                          Entropy (8bit):7.705940075877404
                          Encrypted:false
                          SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                          MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                          SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                          SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                          SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                          Malicious:false
                          Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                          Category:dropped
                          Size (bytes):71954
                          Entropy (8bit):7.996617769952133
                          Encrypted:true
                          SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                          MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                          SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                          SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                          SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                          Malicious:false
                          Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):192
                          Entropy (8bit):2.708749945580075
                          Encrypted:false
                          SSDEEP:3:kkFklTkYl+LlltfllXlE/HT8k9/XNNX8RolJuRdxLlGB9lQRYwpDdt:kK/Ca/eT8kdNMa8RdWBwRd
                          MD5:DF7920B84C79B38B2AE5E864CB93F623
                          SHA1:F42B8CB509309B75C6D4A99A228A2956FC423605
                          SHA-256:B53701CFF06DA99943980A3C40DF97A2CFFC156DBC65B69980F586FE7BEB4354
                          SHA-512:580180CBF9B4BE61914C6504A208C504CDA74E8EF60A815BACE38EE38E6FDBE1295A0D69C26F3E7AB439976F87AADE10BC4DC5ECC3F033DBA93FD09557E2601F
                          Malicious:false
                          Preview:p...... ........ .......(....................................................... ..........W....v...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:modified
                          Size (bytes):328
                          Entropy (8bit):3.2455963809668176
                          Encrypted:false
                          SSDEEP:6:kK0/L9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:8iDImsLNkPlE99SNxAhUe/3
                          MD5:5914AA1FB723B347E3027A56343E1E8C
                          SHA1:B85DC97F4B288E94505EA549A438B648D05ABC4F
                          SHA-256:0B600C6D0A9810E370725004D76638E2C2762A4B684D4911610E369FEFA9B0B2
                          SHA-512:B5C112BA8FF13AA6489B710C4F76217356DDB1A6FBAFF722A13885EB09F075AE6CD28C632DC8C621907F1C2DDCFD7F913B1D29D11FEBBD10EE864FEBB69A4754
                          Malicious:false
                          Preview:p...... ........W.0%....(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7428

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):185099
                          Entropy (8bit):5.182478651346149
                          Encrypted:false
                          SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                          MD5:94185C5850C26B3C6FC24ABC385CDA58
                          SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                          SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                          SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                          Malicious:false
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):185099
                          Entropy (8bit):5.182478651346149
                          Encrypted:false
                          SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                          MD5:94185C5850C26B3C6FC24ABC385CDA58
                          SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                          SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                          SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                          Malicious:false
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):243196
                          Entropy (8bit):3.3450692389394283
                          Encrypted:false
                          SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
                          MD5:F5567C4FF4AB049B696D3BE0DD72A793
                          SHA1:EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
                          SHA-256:D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
                          SHA-512:E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
                          Malicious:false
                          Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):295
                          Entropy (8bit):5.372067340901747
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXIV7UJJkVoZcg1vRcR0YGvPoAvJM3g98kUwPeUkwRe9:YvXKXIVOlZc0vDwGMbLUkee9
                          MD5:2898D1FB4673F8689951496A2E142084
                          SHA1:F070D0FF4AD1C1F699881F86637ED1D03BA5787E
                          SHA-256:7DF11A5BEFABFA09980BFFFA1484509771B5572F72B3525DA6B05CD66D924BB5
                          SHA-512:FF64124756B5EBB2ED842E46D63A1E7DCFBB148BE5F5EF7D12F97491544C56756E46E36F0C837279F872A726D39AA730D13F15EBE12D3CB6BDB454DA926556B0
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad99037f-79ce-493d-a08b-df2f7528f160","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728746347941,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.321017341302942
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXIV7UJJkVoZcg1vRcR0YGvPoAvJfBoTfXpnrPeUkwRe9:YvXKXIVOlZc0vDwGWTfXcUkee9
                          MD5:440D92D6FFD3109DE0C5B0FC68621475
                          SHA1:084199725815E467A6CDFBE8DCACC8496CB12647
                          SHA-256:A68B5D430D143E5A73FB8FABA90B0EA2B7F150782E9CD9AF81E162D733C871C2
                          SHA-512:EF166090656227557544C8905A8258C3587F5C9F9524614D2AE2D4D717C4DF3C98D262E84A4065BB19A092204E066191BA106C3B94891235D0207CCEEF7CB87A
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad99037f-79ce-493d-a08b-df2f7528f160","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728746347941,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.2997235555298206
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXIV7UJJkVoZcg1vRcR0YGvPoAvJfBD2G6UpnrPeUkwRe9:YvXKXIVOlZc0vDwGR22cUkee9
                          MD5:E7BA65F38BF86042CA4AB75C12D935F0
                          SHA1:B5BD92C651F20A95CE2FB3DE2B733A3BF09108AC
                          SHA-256:665B76F2222F19644B733EDA3E886914EAFBF7454B00BD701B7275BC30CF5CE5
                          SHA-512:875C57BC12C007D8C1A38181BEDE74858982CA2C62CEF8D14C63DE208ADD7A415A68D22CB48BEBB2658C40312D33E5415B7926823590E91C3A791F6EB0D7FC2A
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad99037f-79ce-493d-a08b-df2f7528f160","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728746347941,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):285
                          Entropy (8bit):5.359383249012154
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXIV7UJJkVoZcg1vRcR0YGvPoAvJfPmwrPeUkwRe9:YvXKXIVOlZc0vDwGH56Ukee9
                          MD5:F45AE30D29CCA796BD127FF8F8FD6335
                          SHA1:DA93CC33D385F751B18330A9046EEDEA95BDDB21
                          SHA-256:95CDB334B1343D77A9A7D81B87B1D4E957BCF5179E37025FE0B4FE2A2D63599A
                          SHA-512:BCDAEEB7E08731B314CD61A7A54A15184C352EA0F309079EB22632848CDA652738D8BCD605387F010ABF7E1BF0F29AB4CF34F32EA0F63C01FD4A072E832FD30B
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad99037f-79ce-493d-a08b-df2f7528f160","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728746347941,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1091
                          Entropy (8bit):5.691957829016333
                          Encrypted:false
                          SSDEEP:24:Yv6XIclzvDtpLgE7cgD6SOGtnnl0RCmK8czOCYvS8:YvWJZhgs6SraAh8cvYK8
                          MD5:5D9B4FD7BA4480C7E1BEA5F5E500BC70
                          SHA1:C422B884AF12F1C0FA2E30FCFE9170D9DDE53F4E
                          SHA-256:95B98E0687AC1362C627FF26057D426D3C1C0B7A53E85624BEA261544DCDFF5F
                          SHA-512:39DFBEBBCB16D4BA7B2AE95E775D10083852275642853C2CE8C1326F5B543FFC022FABD1E6A31C59F9520244C9887BFBFD3FFBF0C3124BE0B9371FA0FE9C9BB6
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad99037f-79ce-493d-a08b-df2f7528f160","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728746347941,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_2","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"67a3a874-888f-4d96-9f3d-26e70c3e0be1","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgUERGIGZpbGVzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjoiUkdTMDM1MS1FTlUtQ2hhbGxlbmdlcjIifQ==","dataType":"ap

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1050
                          Entropy (8bit):5.658249274625793
                          Encrypted:false
                          SSDEEP:24:Yv6XIclzvDxVLgEF0c7sbnl0RCmK8czOCYHflEpwiVJ:YvWJVFg6sGAh8cvYHWpw8
                          MD5:94143AB66B725943D8E70534C3E5634F
                          SHA1:C1F8DE3FB4DD9C2A300BDDBDA2B8191136ACA747
                          SHA-256:26E9711535A40478E3CD9CBC6DCBC01E45C594326F216341C8A067336A6D8C36
                          SHA-512:BC89DFE279254FB1919EE166E0E11C14C6A65DA07C943FD277D73A09757514AFD71C9B440FC1FF2C14CAA5DD9CE3EEF92D380A9FF0101E75FA2E7E6889CA7F4B
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad99037f-79ce-493d-a08b-df2f7528f160","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728746347941,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):292
                          Entropy (8bit):5.309637822665223
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXIV7UJJkVoZcg1vRcR0YGvPoAvJfQ1rPeUkwRe9:YvXKXIVOlZc0vDwGY16Ukee9
                          MD5:36546C4390BCB71BC8DB3E560BE7ACA8
                          SHA1:BD627B080CB3CAFDC67B277E9106403FB32E6A5F
                          SHA-256:EBE407463A53A28BE44165A802FCFBD83A40FB8E5B404ECC92958EB99B1CE168
                          SHA-512:73A39F991FABDD334CE1900F1EF1B13B4C16763F2500370F562FEE300414C05D3DD441727D814D631174C67BF3132DEC39A73FED6903AAD4864C8F273F1594FD
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad99037f-79ce-493d-a08b-df2f7528f160","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728746347941,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1098
                          Entropy (8bit):5.692283172016093
                          Encrypted:false
                          SSDEEP:24:Yv6XIclzvDg2LgEFcs2SOGt0nl0RCmK8czOCUaBtCrfS8:YvWJ0ogq2SrhAh8cvUgEm8
                          MD5:3173202F5E2A80B53B5076DE9A450438
                          SHA1:8E77823C1DC7F3FA2BFADE00CE915436EDFBA8AF
                          SHA-256:908C6DE1C08F0A4B5959BFBAB9BE1B50CB037A55505AF1B324577E63D1197857
                          SHA-512:A4BA491F5D6195D488C58D4AB8F252F29DE19AE8B525C614D7BF4270EE978027EBEDAF084784ACB73EDC8832215E20A994F8683FA206F6AB84BFE2FD7263068E
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad99037f-79ce-493d-a08b-df2f7528f160","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728746347941,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_0","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"abdf1d9d-2114-4953-95a6-4eed783b9872","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlR1cm4gc2Nhbm5lZCBwYXBlciBkb2N1bWVudHNcbmludG8gaW5zdGFudGx5IGVkaXRhYmxlIFBERnMuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNoYWxsZW5nZXIyIn0=","dataTy

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1164
                          Entropy (8bit):5.703967036216226
                          Encrypted:false
                          SSDEEP:24:Yv6XIclzvDoKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5J:YvWJEEgqprtrS5OZjSlwTmAfSKD
                          MD5:8CC5D6DB0A45CB81F46ECAEC69EE7399
                          SHA1:C614DAB9DE0F7DDFC7E298CF3AB1A2CF9197DC80
                          SHA-256:F52D31970B623E83BA252B4E5FD780C65F37E3BABAED4AFB0E38B7C5206DA326
                          SHA-512:DD198EF2BC5EE64E229C7D3F699DA93AFC7B68ACB239B89B386F4C3DFBA999EBFEBE1D9440D0CE4E8D5A9AE5FE903034C1949E22783A8B90CB6A0A4E883D16E0
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad99037f-79ce-493d-a08b-df2f7528f160","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728746347941,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):289
                          Entropy (8bit):5.311587385703268
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXIV7UJJkVoZcg1vRcR0YGvPoAvJfYdPeUkwRe9:YvXKXIVOlZc0vDwGg8Ukee9
                          MD5:588120E823F2FD590394BC80F5F04A65
                          SHA1:AA824003CE060D16C43B81B353552655ABE67B35
                          SHA-256:1AE5B1816A54F3B8DCCBB941BB11A18F27AE53E758B684E97B27F058A9F4F26E
                          SHA-512:28F41C3F5552EE4EDC3D91C3090991658546F413A8DE118FBD4E4A03CC638CFC247B9528D9DA6305AB69D6B516A060FBB572F351DC8BA14442D541E466785868
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad99037f-79ce-493d-a08b-df2f7528f160","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728746347941,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1395
                          Entropy (8bit):5.779193747394259
                          Encrypted:false
                          SSDEEP:24:Yv6XIclzvDHrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNx:YvWJrHgDv3W2aYQfgB5OUupHrQ9FJD
                          MD5:4699163293A8B467CDE41FC9A5830051
                          SHA1:494BA23AB0809D16FDAFE917AB0F95ADE3D0D1D3
                          SHA-256:82826DFAE9C330575736049BD593F257D275E585B9D0CDA8D10F9D0E788DE867
                          SHA-512:CEEA5F4AAF3200C0033EF68FEAF34DF939C1FF7D2FFCABC58A3256278DEC23A1EA34E3E9F1FDF0339E764EB07BEDDE336082D1EA08CE0B61423DA616A1B46AB1
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad99037f-79ce-493d-a08b-df2f7528f160","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728746347941,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):291
                          Entropy (8bit):5.295054844987417
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXIV7UJJkVoZcg1vRcR0YGvPoAvJfbPtdPeUkwRe9:YvXKXIVOlZc0vDwGDV8Ukee9
                          MD5:E137B487C32D2EF1D80B6A869463A32A
                          SHA1:E33E4D8DCBEDD04BCCF159998C6C99FE9C57E1AF
                          SHA-256:EB900A67758D6F434E37E241DC63D0A0B2AA32F6875702F3DA9534EDC9D81DBB
                          SHA-512:842AEED10E791665D4668BEE2E34F596346CE6B6D72083AC2A5F57D32DCA6AEA0EBCF527903936A38AED0B13DD25029B864A564B114695808AB378E3FA94CA39
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad99037f-79ce-493d-a08b-df2f7528f160","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728746347941,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):287
                          Entropy (8bit):5.2998666843457825
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXIV7UJJkVoZcg1vRcR0YGvPoAvJf21rPeUkwRe9:YvXKXIVOlZc0vDwG+16Ukee9
                          MD5:4B00F99185329BD7ABB35BB8261C73FB
                          SHA1:F27E06DB7594F666CE6F4CA2203D80C55629F65E
                          SHA-256:93104927D712510E4E430511AC6FFD58AC7A84A8FF9DFFF534D0FC248F7B8C38
                          SHA-512:1432F33D1733203B6EBC6783A80BD8B8CE012DBFDCDFC3C2C8E68081BC21B97943B33F4B4566FD15D24A20545F679A6C9B76FF9E91B59C8892E64A7E6402256F
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad99037f-79ce-493d-a08b-df2f7528f160","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728746347941,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1054
                          Entropy (8bit):5.668656441908782
                          Encrypted:false
                          SSDEEP:24:Yv6XIclzvDVamXayLgE6cTg4QSOGtNaqnl0RCmK8czOC/CrfS8:YvWJ1BgSXQSrOAh8cv6m8
                          MD5:7A0B22DDBFD120CBFE1DDC625C0AC948
                          SHA1:52C6944D3595429D4114D0AB72606B841A499FDC
                          SHA-256:7E843E31276A609C7BAB06D95303B0FA7BA60CBDFB4A4595DF2F067E7B02A598
                          SHA-512:AD7C8B07FCE3146FC573B08B9A642D9F1666A9229928D1D251C51ACFDFD76A82BDEBDB9126E423EC1B0645085BFE7BF8849E47BC7C4682650FB454CBDE71AB19
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad99037f-79ce-493d-a08b-df2f7528f160","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728746347941,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_1","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"7fe39695-394c-4706-9b50-651e7499d428","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNoYWxsZW5nZXIyIn0=","dataType":"application\/json","encodingScheme":tru

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):286
                          Entropy (8bit):5.274407260362669
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXIV7UJJkVoZcg1vRcR0YGvPoAvJfshHHrPeUkwRe9:YvXKXIVOlZc0vDwGUUUkee9
                          MD5:DDCF38F4E89C30FA155275ACCB96ABD5
                          SHA1:8D764CA3C59AED46515F0DE2BCE5023548212228
                          SHA-256:A76CA2BD7156CEB312CD9B6DAE80A917193F7CC8C0C91CDA38300E39C7FA3297
                          SHA-512:1460DD7890A8BF35750B8A4C4E9F0450C25ED1E577BAE048BB0970FDCDB45447DDEDDC2EDAC553455FDD00484447773FF9BBBADEEC808ECDCF6756626CFDCBE4
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad99037f-79ce-493d-a08b-df2f7528f160","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728746347941,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):782
                          Entropy (8bit):5.370857641169749
                          Encrypted:false
                          SSDEEP:12:YvXKXIVOlZc0vDwGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWF:Yv6XIclzvDm168CgEXX5kcIfANh8
                          MD5:8A20612F1CAD33EA518190BB54C818DE
                          SHA1:B1C024EAA0AD0FE8ED80752DE1FD28622099456F
                          SHA-256:12A856882834B1C96B067354BF829A52C657F108EC68161A0AAE29289D64FEA1
                          SHA-512:255C8E7698B580514394827645E688FD145A0ABCA5374767E93449F5297FF031B73B38FE7FC180B3010DD93C4FD90893F9BCB32BA6884BE6A80FA086F5F6941B
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"ad99037f-79ce-493d-a08b-df2f7528f160","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728746347941,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1728567637972}}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):4
                          Entropy (8bit):0.8112781244591328
                          Encrypted:false
                          SSDEEP:3:e:e
                          MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                          SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                          SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                          SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                          Malicious:false
                          Preview:....

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):2818
                          Entropy (8bit):5.139804285640745
                          Encrypted:false
                          SSDEEP:24:YveFhatayrg3AOCfFjGaFp5KDwC58ajLj0SqPbCi2U3fb2LS0j4OZB56f9RUunOG:YGqgPqjzFa/DngbhFDO8OZBm9RR
                          MD5:CF3A5BE3D25649B09E361E16AF4AE345
                          SHA1:75DDA82AC02C137C057615EEE030A6FDDAAD1D4E
                          SHA-256:6C646AB068D70D6CFA5AF8C79A06FD477C098FD627CDB414489F04F30F078E70
                          SHA-512:3A407A306CBCBD6BC7BBC1DB1D538B52E940631A1F7D62251CCBD2EC36BF3F2A6CE32A80CB8A30C8CDEB494912EFF35E165848449BD8A2FDFCF473932726DEF7
                          Malicious:false
                          Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"146b3d7a8207d5a8cc09c4791b516dc8","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1728567637000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"8d60a7cec371a08f2d69413f488f7f5c","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1728567636000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"3a1f5ce8268b5ce340c597230ec4b5c9","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1054,"ts":1728567636000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"fbe824670fc7b2542769a46761bbf826","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1091,"ts":1728567636000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"262358f222ca81b6741cf0af767162f3","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1098,"ts":1728567636000},{"id":"Edit_InApp_Aug2020","info":{"dg":"7e72d461f89ffc126d2c431f3020b0d7","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                          Category:dropped
                          Size (bytes):12288
                          Entropy (8bit):1.18857796417492
                          Encrypted:false
                          SSDEEP:48:TGufl2GL7msEHUUUUUUUUxOSvR9H9vxFGiDIAEkGVvpFI:lNVmswUUUUUUUU8+FGSItC
                          MD5:4EB15F8CB068013B89A9C1C78C31C088
                          SHA1:B9B7901F8A3C59305CA9D485AA0A13B52748ED72
                          SHA-256:3972F72F12EF6EC3B33CECF7F7324FE4006B4D99A0E14802AA296458C09766F8
                          SHA-512:12739DB36C35F115B324BB62444535C23625A29B6D124F92EA5EFF707CD89F88E276038123908FAFD715736D8A7F5FC1B0935CE5C4A321EA0915B168B5D14BFB
                          Malicious:false
                          Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite Rollback Journal
                          Category:dropped
                          Size (bytes):8720
                          Entropy (8bit):1.6064705314857637
                          Encrypted:false
                          SSDEEP:48:7MFKUUUUUUUUUUxcvR9H9vxFGiDIAEkGVvcvqFl2GL7msH:7vUUUUUUUUUUSFGSItCKVmsH
                          MD5:19400FEC50FC9EA7006A5A953B419BA7
                          SHA1:F948899938E8722E816A90B89E33D03F0FF16453
                          SHA-256:0DF5E3AD5045C1A7EC9533383F5D5CCC43B743F9D7B2DC77B4A5E42D5FFDE335
                          SHA-512:6F20E3B07783445EA69EA0186DCAF09A6608F6454FED39E2BF115C9B44DEDBDFF2DD1E16BD25CF56A400FAEAE72E16A71E30C98F78F4B8118B3B29876297F832
                          Malicious:false
                          Preview:.... .c......G........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Temp\MSI6533e.LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):246
                          Entropy (8bit):3.5162684137903053
                          Encrypted:false
                          SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8ErOaxKw:Qw946cPbiOxDlbYnuRKPKw
                          MD5:A394588EE45B3845E10F721564FE9F42
                          SHA1:DA4168EAAFDEF924E75894BEF743846942794BAF
                          SHA-256:B277E8170EA733B449EC1B0CB5963B366EA9D45DD8DACCD454806DEF8AA42ABF
                          SHA-512:F23B567CAC7ED97F064F508E60FA187E97F5AF3855E3E254998B895A33D98623BCBB6F824ED97DCEC39346DA212F2A54B7FD884C649AB778F3A21FA0C039AD7F
                          Malicious:false
                          Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.0./.1.0./.2.0.2.4. . .0.9.:.4.0.:.3.9. .=.=.=.....

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-10 09-40-33-623.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with very long lines (393)
                          Category:dropped
                          Size (bytes):16525
                          Entropy (8bit):5.345946398610936
                          Encrypted:false
                          SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                          MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                          SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                          SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                          SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                          Malicious:false
                          Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with very long lines (393), with CRLF line terminators
                          Category:dropped
                          Size (bytes):16603
                          Entropy (8bit):5.339076893827228
                          Encrypted:false
                          SSDEEP:384:Qg8tEYyay2l9UrGRgGj96oMVt+ZKwC68fsiEumkPD29AiSd9vOKfHq6XyoKn4jTL:Ob8j
                          MD5:0D085864D3A290653C2FF2D4EAB9C76D
                          SHA1:D7CAC734DFFBB94D0FD9A4E0749567E7AF9F6BD8
                          SHA-256:ACACCDBF939998CEB55C7D4C3455102A1EBD2CECD03CFD418156C2AF89A548D4
                          SHA-512:6CBE4BCCA2144A1B97169AEFD7A97ADEDAC11A9EE1BF435A72B7041BD0112E79070A59447CFF262C6342EAAEC0C55CF6F3FBAACB2CEEA2920A63B4018AED90EE
                          Malicious:false
                          Preview:SessionID=d38e7e45-0bfd-4367-9a24-021f1e2ca022.1728567633665 Timestamp=2024-10-10T09:40:33:665-0400 ThreadID=7516 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=d38e7e45-0bfd-4367-9a24-021f1e2ca022.1728567633665 Timestamp=2024-10-10T09:40:33:687-0400 ThreadID=7516 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=d38e7e45-0bfd-4367-9a24-021f1e2ca022.1728567633665 Timestamp=2024-10-10T09:40:33:687-0400 ThreadID=7516 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=d38e7e45-0bfd-4367-9a24-021f1e2ca022.1728567633665 Timestamp=2024-10-10T09:40:33:687-0400 ThreadID=7516 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=d38e7e45-0bfd-4367-9a24-021f1e2ca022.1728567633665 Timestamp=2024-10-10T09:40:33:687-0400 ThreadID=7516 Component=ngl-lib_NglAppLib Description="SetConf

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):29752
                          Entropy (8bit):5.386669807156942
                          Encrypted:false
                          SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2ry:9M
                          MD5:A928AC756023109B9D046AE2D722D877
                          SHA1:881E6F79765E97DF632DB8E21181B0DE9F695255
                          SHA-256:73F37485AA9E66958B2972B945A9E5ECFE3BAB26F25B38972447687DE983AE82
                          SHA-512:685B74FA52A189D3B0F68AD40832368FE359BDBC9E925C5737B6ECB6A17E65E8B552538E1065FEF5B94A8E4B10613B6B9ADDE9522496BFFB239C64C0B15A9A7A
                          Malicious:false
                          Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                          C:\Users\user\AppData\Local\Temp\acrocef_low\54d16b9e-fab2-4ba0-b6c3-8945316bbc84.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                          Category:dropped
                          Size (bytes):386528
                          Entropy (8bit):7.9736851559892425
                          Encrypted:false
                          SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                          MD5:5C48B0AD2FEF800949466AE872E1F1E2
                          SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                          SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                          SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                          Malicious:false
                          Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                          C:\Users\user\AppData\Local\Temp\acrocef_low\d0db4d27-22b2-4a05-945e-8d7a7981dc35.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                          Category:dropped
                          Size (bytes):1419751
                          Entropy (8bit):7.976496077007677
                          Encrypted:false
                          SSDEEP:24576:/xVwYIGNPoeWL07oYGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwZG7WLxYGZN3mlind9i4ufFXpAXkru
                          MD5:595D52F056D9D1FF19D516F23C677369
                          SHA1:463739610C6108B2A704D1483FB4CBC88C026D47
                          SHA-256:05CC4FC8F7F02ECBC2C67933B998CC5A281DBD2CA4205460731AFDBAE42BF72A
                          SHA-512:DB58A87B6BB916D9E7CD63248F2FD8B6F3131974C8DB8ED9D3B86A74EA060602A58B9743BFF5763785F5BCC4C6E1A11AF80B7144264AD178B553232C42A55040
                          Malicious:false
                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                          C:\Users\user\AppData\Local\Temp\acrocef_low\d4790999-cea7-42b3-9898-48f9be10beb9.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                          Category:dropped
                          Size (bytes):758601
                          Entropy (8bit):7.98639316555857
                          Encrypted:false
                          SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                          MD5:3A49135134665364308390AC398006F1
                          SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                          SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                          SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                          Malicious:false
                          Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                          C:\Users\user\AppData\Local\Temp\acrocef_low\f6f1bcd8-0d49-4751-9315-0d22935dc37f.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                          Category:dropped
                          Size (bytes):1407294
                          Entropy (8bit):7.97605879016224
                          Encrypted:false
                          SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                          MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                          SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                          SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                          SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                          Malicious:false
                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                          Static File Info

                          General

                          File type:PDF document, version 1.7, 1 pages
                          Entropy (8bit):7.963602327131849
                          TrID:
                          • Adobe Portable Document Format (5005/1) 100.00%
                          File name:20241009_081551.pdf
                          File size:659'399 bytes
                          MD5:f484e5a411a8fce3b83b52394a38e5fd
                          SHA1:9ae19978c161dec8cc2bf731b0d66704be6a6214
                          SHA256:d701f941b2385fca99c95a47f71e6271f4a3866541236410d147f4e62ebe051f
                          SHA512:867bb0e1ba41a13ed96da5b1b16af97721643b4548799c14a6a980fc7215e7240ea335f7473c033058a2cbce2058fbc96cd962497c049d0febd713be548d57bf
                          SSDEEP:12288:618KncRrgYKLktAoOR3012YRn6H6Fs9LFGTN7HzO7l2gtZcvF2H1BZW:618KncmLZZ9HFcsBFGTNW/G2VBZW
                          TLSH:67E4239CDF9735456CB4E76FE6D6922693C5BD0AE9A8B0A12B803B851DF07812C1CF4C
                          File Content Preview:%PDF-1.7.%.....3 0 obj.<</Parent 4 0 R/MediaBox[0 0 595 841]/Contents 5 0 R/Resources 6 0 R/Type/Page>>.endobj.5 0 obj.<</Length 7 0 R>>.stream.q.595.00 0.00 0.00 841.00 0.00 0.00 cm./strip0 Do.Q..endstream.endobj.7 0 obj.52.endobj.9 0 obj.<</Type/XObject

                          File Icon

                          Icon Hash:62cc8caeb29e8ae0

                          Static PDF Info

                          General

                          Header:%PDF-1.7
                          Total Entropy:7.963602
                          Total Bytes:659399
                          Stream Entropy:7.963502
                          Stream Bytes:658308
                          Entropy outside Streams:5.052728
                          Bytes outside Streams:1091
                          Number of EOF found:1
                          Bytes after EOF:

                          Keywords Statistics

                          NameCount
                          obj11
                          endobj11
                          stream2
                          endstream2
                          xref1
                          trailer1
                          startxref1
                          /Page1
                          /Encrypt0
                          /ObjStm0
                          /URI0
                          /JS0
                          /JavaScript0
                          /AA0
                          /OpenAction0
                          /AcroForm0
                          /JBIG2Decode0
                          /RichMedia0
                          /Launch0
                          /EmbeddedFile0

                          Image Streams

                          IDDHASHMD5Preview
                          9756767671794155db960208822d7e2b377b4b8e0107ecfd5

                          Network Behavior

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Oct 10, 2024 15:40:44.683099985 CEST49746443192.168.2.423.200.196.138
                          Oct 10, 2024 15:40:44.683137894 CEST4434974623.200.196.138192.168.2.4
                          Oct 10, 2024 15:40:44.683207989 CEST49746443192.168.2.423.200.196.138
                          Oct 10, 2024 15:40:44.683412075 CEST49746443192.168.2.423.200.196.138
                          Oct 10, 2024 15:40:44.683428049 CEST4434974623.200.196.138192.168.2.4
                          Oct 10, 2024 15:40:45.251609087 CEST4434974623.200.196.138192.168.2.4
                          Oct 10, 2024 15:40:45.253343105 CEST49746443192.168.2.423.200.196.138
                          Oct 10, 2024 15:40:45.253366947 CEST4434974623.200.196.138192.168.2.4
                          Oct 10, 2024 15:40:45.256967068 CEST4434974623.200.196.138192.168.2.4
                          Oct 10, 2024 15:40:45.257320881 CEST49746443192.168.2.423.200.196.138
                          Oct 10, 2024 15:40:45.293906927 CEST49746443192.168.2.423.200.196.138
                          Oct 10, 2024 15:40:45.294236898 CEST4434974623.200.196.138192.168.2.4
                          Oct 10, 2024 15:40:45.295437098 CEST49746443192.168.2.423.200.196.138
                          Oct 10, 2024 15:40:45.339409113 CEST4434974623.200.196.138192.168.2.4
                          Oct 10, 2024 15:40:45.347486973 CEST49746443192.168.2.423.200.196.138
                          Oct 10, 2024 15:40:45.347507954 CEST4434974623.200.196.138192.168.2.4
                          Oct 10, 2024 15:40:45.392134905 CEST4434974623.200.196.138192.168.2.4
                          Oct 10, 2024 15:40:45.392236948 CEST49746443192.168.2.423.200.196.138
                          Oct 10, 2024 15:40:45.393311024 CEST49746443192.168.2.423.200.196.138
                          Oct 10, 2024 15:40:45.393326998 CEST4434974623.200.196.138192.168.2.4

                          UDP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Oct 10, 2024 15:40:44.304974079 CEST5150853192.168.2.41.1.1.1
                          Oct 10, 2024 15:40:56.844316959 CEST5835353192.168.2.41.1.1.1
                          Oct 10, 2024 15:41:12.406676054 CEST6197553192.168.2.41.1.1.1

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Oct 10, 2024 15:40:44.304974079 CEST192.168.2.41.1.1.10x41eeStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                          Oct 10, 2024 15:40:56.844316959 CEST192.168.2.41.1.1.10xa8bcStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                          Oct 10, 2024 15:41:12.406676054 CEST192.168.2.41.1.1.10xcc4Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Oct 10, 2024 15:40:43.407985926 CEST1.1.1.1192.168.2.40x5623No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                          Oct 10, 2024 15:40:43.407985926 CEST1.1.1.1192.168.2.40x5623No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                          Oct 10, 2024 15:40:44.313096046 CEST1.1.1.1192.168.2.40x41eeNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                          Oct 10, 2024 15:40:56.851522923 CEST1.1.1.1192.168.2.40xa8bcNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                          Oct 10, 2024 15:41:12.415288925 CEST1.1.1.1192.168.2.40xcc4No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

                          HTTP Request Dependency Graph

                          • armmf.adobe.com

                          HTTPS Proxied Packets

                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.44974623.200.196.1384437716C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          TimestampBytes transferredDirectionData
                          2024-10-10 13:40:45 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                          Host: armmf.adobe.com
                          Connection: keep-alive
                          Accept-Language: en-US,en;q=0.9
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                          Sec-Fetch-Site: same-origin
                          Sec-Fetch-Mode: no-cors
                          Sec-Fetch-Dest: empty
                          Accept-Encoding: gzip, deflate, br
                          If-None-Match: "78-5faa31cce96da"
                          If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                          2024-10-10 13:40:45 UTC198INHTTP/1.1 304 Not Modified
                          Content-Type: text/plain; charset=UTF-8
                          Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                          ETag: "78-5faa31cce96da"
                          Date: Thu, 10 Oct 2024 13:40:45 GMT
                          Connection: close


                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:0
                          Start time:09:40:29
                          Start date:10/10/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\20241009_081551.pdf"
                          Imagebase:0x7ff6bc1b0000
                          File size:5'641'176 bytes
                          MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:1
                          Start time:09:40:30
                          Start date:10/10/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                          Imagebase:0x7ff74bb60000
                          File size:3'581'912 bytes
                          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:3
                          Start time:09:40:30
                          Start date:10/10/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1732,i,17494166975454114938,2148100432959137793,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                          Imagebase:0x7ff74bb60000
                          File size:3'581'912 bytes
                          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          Disassembly

                          No disassembly