Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
19194R21.pdf

Overview

General Information

Sample name:19194R21.pdf
Analysis ID:1537087
MD5:8523b894e3341389e8b0f8f46d84fb3b
SHA1:b2c37f027bd960ebae79e32984d81a1e4b8720eb
SHA256:58031f56fff1a6b777cda8244e8acad871b5c247c1ec3f7ed468baba820fbe63
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7320 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\19194R21.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7584 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7868 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2132 --field-trial-handle=1512,i,9219026977050960623,12236995261974750430,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49750
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49750
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49750
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49750
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49750
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49750
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49750
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49750
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49750
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49750
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49750
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49750 -> 96.7.168.138:443
Source: Joe Sandbox ViewIP Address: 96.7.168.138 96.7.168.138
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: classification engineClassification label: clean2.winPDF@14/47@2/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7500Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-18 08-59-38-099.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\19194R21.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2132 --field-trial-handle=1512,i,9219026977050960623,12236995261974750430,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2132 --field-trial-handle=1512,i,9219026977050960623,12236995261974750430,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 19194R21.pdfInitial sample: PDF keyword /JS count = 0
Source: 19194R21.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: 19194R21.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: 19194R21.pdfInitial sample: PDF keyword obj count = 59
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1537087 Sample: 19194R21.pdf Startdate: 18/10/2024 Architecture: WINDOWS Score: 2 14 x1.i.lencr.org 2->14 7 Acrobat.exe 18 72 2->7         started        process3 process4 9 AcroCEF.exe 107 7->9         started        process5 11 AcroCEF.exe 4 9->11         started        dnsIp6 16 96.7.168.138, 443, 49750 INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR United States 11->16

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
    • URL Reputation: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    96.7.168.138
    		unknownUnited States
    		262589INTERNEXABRASILOPERADORADETELECOMUNICACOESSABRfalse

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1537087
    Start date and time:2024-10-18 14:58:22 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 4m 30s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowspdfcookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:11
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:19194R21.pdf
    Detection:CLEAN
    Classification:clean2.winPDF@14/47@2/1
    EGA Information:Failed
    HCA Information:
    • Successful, ratio: 100%
    • Number of executed functions: 0
    • Number of non-executed functions: 0
    Cookbook Comments:
    • Found application associated with file extension: .pdf
    • Found PDF document
    • Close Viewer

    Warnings

    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 2.19.126.143, 2.19.126.149, 184.28.88.176, 162.159.61.3, 172.64.41.3, 52.5.13.197, 23.22.254.206, 52.202.204.11, 54.227.187.23, 2.23.197.184
    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
    • Not all processes where analyzed, report is missing behavior information
    • VT rate limit hit for: 19194R21.pdf

    Simulations

    Behavior and APIs

    TimeTypeDescription
    08:59:46API Interceptor1x Sleep call for process: AcroCEF.exe modified

    LLM Input / Output

    InputOutput
    URL: PDF document Model: claude-3-haiku-20240307
    ```json
{
  "contains_trigger_text": true,
  "trigger_text": "VIEW SHARED FILE",
  "prominent_button_name": "VIEW SHARED FILE",
  "text_input_field_labels": [
    "Email Address"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": true,
  "has_visible_qrcode": false
}
    URL: PDF document Model: claude-3-haiku-20240307
    ```json
{
  "brands": [
    "BELO CORP."
  ]
}

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    96.7.168.138ddsfsfsa.pdfGet hashmaliciousUnknownBrowse
      v2.0.pdfGet hashmaliciousUnknownBrowse
        Xfab BENEFIT ENROLLMENT GUIDE 2024.pdfGet hashmaliciousHTMLPhisher, Mamba2FABrowse
          Project_Proposal_Review_and_Approval13617.pdfGet hashmaliciousUnknownBrowse
            tots.batGet hashmaliciousUnknownBrowse
              ordine.pdfGet hashmaliciousHtmlDropperBrowse
                ordine.pdfGet hashmaliciousUnknownBrowse
                  https://myloginpage.pages.dev/20230508.pdfGet hashmaliciousHTMLPhisherBrowse

                    Domains

                    No context

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    INTERNEXABRASILOPERADORADETELECOMUNICACOESSABRddsfsfsa.pdfGet hashmaliciousUnknownBrowse
                    • 96.7.168.138
                    armv4l.elfGet hashmaliciousUnknownBrowse
                    • 200.220.215.193
                    v2.0.pdfGet hashmaliciousUnknownBrowse
                    • 96.7.168.138
                    mpsl.elfGet hashmaliciousMiraiBrowse
                    • 187.108.156.187
                    Xfab BENEFIT ENROLLMENT GUIDE 2024.pdfGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                    • 96.7.168.138
                    Project_Proposal_Review_and_Approval13617.pdfGet hashmaliciousUnknownBrowse
                    • 96.7.168.138
                    tots.batGet hashmaliciousUnknownBrowse
                    • 96.7.168.138
                    RCD_9384-39403-1.pdfGet hashmaliciousUnknownBrowse
                    • 96.7.164.138
                    ordine.pdfGet hashmaliciousHtmlDropperBrowse
                    • 96.7.168.138
                    ordine.pdfGet hashmaliciousUnknownBrowse
                    • 96.7.168.138

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):292
                    Entropy (8bit):5.225033492193055
                    Encrypted:false
                    SSDEEP:6:DcG/yq2Pwkn2nKuAl9OmbnIFUt8qcA1Zmw+qcWRkwOwkn2nKuAl9OmbjLJ:A9vYfHAahFUt8nA1/+nC5JfHAaSJ
                    MD5:8DDDC5B641870234B3C5E6E6B8982781
                    SHA1:706BCB6C7A67138F4AC6A1FA6D22946758AA8750
                    SHA-256:EA1C299EC1D663BFE961043465EDA7387C54BE477B3BA913D20856364A4C629A
                    SHA-512:40C7BFD337C70551A88150FE983BD0D96ABDDD235A35276D0664C3D401D3740447BF63657B3CEDE2E39F2EA49DA074C9D7F65B513E0A99A84B462C7F3CB7768C
                    Malicious:false
                    Reputation:low
                    Preview:2024/10/18-08:59:37.084 1ea0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/18-08:59:37.086 1ea0 Recovering log #3.2024/10/18-08:59:37.086 1ea0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):292
                    Entropy (8bit):5.225033492193055
                    Encrypted:false
                    SSDEEP:6:DcG/yq2Pwkn2nKuAl9OmbnIFUt8qcA1Zmw+qcWRkwOwkn2nKuAl9OmbjLJ:A9vYfHAahFUt8nA1/+nC5JfHAaSJ
                    MD5:8DDDC5B641870234B3C5E6E6B8982781
                    SHA1:706BCB6C7A67138F4AC6A1FA6D22946758AA8750
                    SHA-256:EA1C299EC1D663BFE961043465EDA7387C54BE477B3BA913D20856364A4C629A
                    SHA-512:40C7BFD337C70551A88150FE983BD0D96ABDDD235A35276D0664C3D401D3740447BF63657B3CEDE2E39F2EA49DA074C9D7F65B513E0A99A84B462C7F3CB7768C
                    Malicious:false
                    Reputation:low
                    Preview:2024/10/18-08:59:37.084 1ea0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/18-08:59:37.086 1ea0 Recovering log #3.2024/10/18-08:59:37.086 1ea0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):336
                    Entropy (8bit):5.168051083695223
                    Encrypted:false
                    SSDEEP:6:DcNhq2Pwkn2nKuAl9Ombzo2jMGIFUt8qcKHZmw+qcKVkwOwkn2nKuAl9Ombzo2jz:ATvYfHAa8uFUt8nA/+no5JfHAa8RJ
                    MD5:C9DB19B3A317D9B823963C2DF0766E8F
                    SHA1:5845FB34D7A37027159B9B42D90329D736F183B1
                    SHA-256:6A149EEA0AB1AA4D4AA615891A4B4AD4BB192C97A6D1679BAEF088DBEEBD9B50
                    SHA-512:16E56BA6CD9CD4D8A035E892D6BE36AA95FB95FEC7938399818B14E3E7B80A72A00D5633E4D77822C1A4841F112E41553287DE2849A5810AE871E3E592B348FA
                    Malicious:false
                    Reputation:low
                    Preview:2024/10/18-08:59:37.099 1ee0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/18-08:59:37.101 1ee0 Recovering log #3.2024/10/18-08:59:37.101 1ee0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):336
                    Entropy (8bit):5.168051083695223
                    Encrypted:false
                    SSDEEP:6:DcNhq2Pwkn2nKuAl9Ombzo2jMGIFUt8qcKHZmw+qcKVkwOwkn2nKuAl9Ombzo2jz:ATvYfHAa8uFUt8nA/+no5JfHAa8RJ
                    MD5:C9DB19B3A317D9B823963C2DF0766E8F
                    SHA1:5845FB34D7A37027159B9B42D90329D736F183B1
                    SHA-256:6A149EEA0AB1AA4D4AA615891A4B4AD4BB192C97A6D1679BAEF088DBEEBD9B50
                    SHA-512:16E56BA6CD9CD4D8A035E892D6BE36AA95FB95FEC7938399818B14E3E7B80A72A00D5633E4D77822C1A4841F112E41553287DE2849A5810AE871E3E592B348FA
                    Malicious:false
                    Reputation:low
                    Preview:2024/10/18-08:59:37.099 1ee0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/18-08:59:37.101 1ee0 Recovering log #3.2024/10/18-08:59:37.101 1ee0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0d3a2e0e-00be-4ab9-8c4d-911b283c5c29.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:JSON data
                    Category:modified
                    Size (bytes):475
                    Entropy (8bit):4.962073186358444
                    Encrypted:false
                    SSDEEP:12:YH/um3RA8sqyMsBdOg2H4caq3QYiubInP7E4TX:Y2sRdsfdMHz3QYhbG7n7
                    MD5:A50A6B390A2DAFCD6C666858609A1A45
                    SHA1:1C32C12FCB4D00670B44206BA9299EC9ED24B122
                    SHA-256:C55B1E2A56118D51D78463AF6730AC917476B79DA0762FBBCD34880F78B021B2
                    SHA-512:45149C25EC51023792A013EDDE3D9F24980081B8D291C8FCF5521B30E477A129738FF2619CED751D98EC558B66259A27A8675969CC5261196C1D37608F4F1975
                    Malicious:false
                    Reputation:low
                    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13373816387188969","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":321901},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\197d76c8-46ce-46fe-a98e-54bf323e784f.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):475
                    Entropy (8bit):4.967403857886107
                    Encrypted:false
                    SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
                    MD5:B7761633048D74E3C02F61AD04E00147
                    SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
                    SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
                    SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
                    Malicious:false
                    Reputation:moderate, very likely benign file
                    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):475
                    Entropy (8bit):4.967403857886107
                    Encrypted:false
                    SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
                    MD5:B7761633048D74E3C02F61AD04E00147
                    SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
                    SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
                    SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
                    Malicious:false
                    Reputation:moderate, very likely benign file
                    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF688a73.TMP (copy)

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):475
                    Entropy (8bit):4.967403857886107
                    Encrypted:false
                    SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
                    MD5:B7761633048D74E3C02F61AD04E00147
                    SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
                    SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
                    SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
                    Malicious:false
                    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):4730
                    Entropy (8bit):5.247964544859148
                    Encrypted:false
                    SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo70Dz6Z:etJCV4FiN/jTN/2r8Mta02fEhgO73gof
                    MD5:F357733CB87E43EB5EDD15E1BED82768
                    SHA1:7DF0D526D559F673BC05555B0990F8C063EAC4F1
                    SHA-256:40F3A284BA6AB549FE9E3BDF1BFE4EDB398BEED4E6B05E5039E504A82839E54C
                    SHA-512:498F45824DBCA76DBBC98FF71C9CF341B2C07474AA078E19486CC7A6A9AFE738003B885826DB44113CC48199413E3D2A6647FF055A07EC96CAEC91245936C75C
                    Malicious:false
                    Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):324
                    Entropy (8bit):5.197254727993156
                    Encrypted:false
                    SSDEEP:6:DcCSdq2Pwkn2nKuAl9OmbzNMxIFUt8qcePZmw+qctfkwOwkn2nKuAl9OmbzNMFLJ:AfvYfHAa8jFUt8nk/+n95JfHAa84J
                    MD5:8FFEC474FD68612630E942B942637102
                    SHA1:2082C6C26980C1EAC16C5B3AE4D235C02DFBEE45
                    SHA-256:399A2B3FEB974BD15A6F3BA4BB22BE1BEBC57DA85A8CBC1412E9A0DF714CE6B3
                    SHA-512:032BD1445C7BE900F431F00609EBFD7833D18B50594E0F208999C77222D482DDC991040EDD9BCD76A65CDE696F750857D91FE2F89A6421645A06791685EEBC56
                    Malicious:false
                    Preview:2024/10/18-08:59:37.976 1ee0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/18-08:59:38.043 1ee0 Recovering log #3.2024/10/18-08:59:38.051 1ee0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):324
                    Entropy (8bit):5.197254727993156
                    Encrypted:false
                    SSDEEP:6:DcCSdq2Pwkn2nKuAl9OmbzNMxIFUt8qcePZmw+qctfkwOwkn2nKuAl9OmbzNMFLJ:AfvYfHAa8jFUt8nk/+n95JfHAa84J
                    MD5:8FFEC474FD68612630E942B942637102
                    SHA1:2082C6C26980C1EAC16C5B3AE4D235C02DFBEE45
                    SHA-256:399A2B3FEB974BD15A6F3BA4BB22BE1BEBC57DA85A8CBC1412E9A0DF714CE6B3
                    SHA-512:032BD1445C7BE900F431F00609EBFD7833D18B50594E0F208999C77222D482DDC991040EDD9BCD76A65CDE696F750857D91FE2F89A6421645A06791685EEBC56
                    Malicious:false
                    Preview:2024/10/18-08:59:37.976 1ee0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/18-08:59:38.043 1ee0 Recovering log #3.2024/10/18-08:59:38.051 1ee0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241018125940Z-178.bmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                    Category:dropped
                    Size (bytes):71190
                    Entropy (8bit):0.9157690851560711
                    Encrypted:false
                    SSDEEP:96:sXMotD+Y4B8MJLscU6JUbM5nveNMVHWQt/MAcBZ/3DloaFAivfh:wdneLHiv3nT
                    MD5:3CD6CF8C3F33E012CCDF668401ADF719
                    SHA1:7D0E921FCAE594324CA5A36B59875F042FEFC846
                    SHA-256:702A1FB8F0D4A8D156CD4E848347AA888C0102BD75BF6FA77B85936B340D76FD
                    SHA-512:758DAF2121BFB79A0AEEE1373E5720F24CAD8D915AEF72C7E5F87F247AD737396CE97446D777D4AB064DD7107793EDE2D28A21C7AFDB45568667DA1800897237
                    Malicious:false
                    Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                    Category:dropped
                    Size (bytes):86016
                    Entropy (8bit):4.445273891175217
                    Encrypted:false
                    SSDEEP:384:yezci5tGiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rJs3OazzU89UTTgUL
                    MD5:81280038E78AE3A5F8FCE58392A73F5A
                    SHA1:8253FD50E538967D33F69E367E8C9299CD920B46
                    SHA-256:87FCD54A22B0C18F28660CCB9A0A2479F8FD61DC5657C6FBD73CEE2A62590FCD
                    SHA-512:1CF6620945E750A386077D03D68C6B7E47ECF24809AAB218A4C4F740A8F61AC12C97B1B28398F827EB61556ECAC36BBCB7C5D5A78E10B2EBBD634492788B78A7
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite Rollback Journal
                    Category:dropped
                    Size (bytes):8720
                    Entropy (8bit):3.7759334753092593
                    Encrypted:false
                    SSDEEP:48:7Mkp/E2ioyV/ioy9oWoy1Cwoy17KOioy1noy1AYoy1Wioy1hioybioyToy1noy1j:7Ppju/F6XKQedb9IVXEBodRBkB
                    MD5:9DB5E5AF90C3DFCF22B9FAAEA0FDB184
                    SHA1:B81C487052C7786C26DDD90A634CA51CFF2E358E
                    SHA-256:CC5034D2CBFD6F126B7C6720FF6D755B4E6C63D08AC4FDA7B2F32A672DC789B7
                    SHA-512:0AC9C64A99060BA6EE06CCC8B8E71CBDCA128C9983028CDAEB3DC9F786A4943800DB9F00890378C78F79F3D5290C9BF79205BC32E7451E737B799F7201ADD399
                    Malicious:false
                    Preview:.... .c......F,................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:Certificate, Version=3
                    Category:dropped
                    Size (bytes):1391
                    Entropy (8bit):7.705940075877404
                    Encrypted:false
                    SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                    MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                    SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                    SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                    SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                    Malicious:false
                    Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):192
                    Entropy (8bit):2.7647458239154146
                    Encrypted:false
                    SSDEEP:3:kkFklpoeRlfllXlE/HT8kJhlXNNX8RolJuRdxLlGB9lQRYwpDdt:kKdeRmT8oldNMa8RdWBwRd
                    MD5:D46B682C43A0CB61DA4379F5BB33115C
                    SHA1:04F8200C856D05E2510F2D108E327643DEC0A297
                    SHA-256:49EADB724C7ABD30DAF8344CDDEBBA7A9375A7B41865D4BCD643AEE0243CB7E1
                    SHA-512:ECCE0518C1627BC71D322B3A0C0E919012A354038040E905A414D29C4F0F421D50EF71B926D1F66DF860695165FD107ABDD76D2DD9C7F50F7C827653E8B2966B
                    Malicious:false
                    Preview:p...... ..........b.]!..(....................................................... ..........W....4...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7500

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:PostScript document text
                    Category:dropped
                    Size (bytes):185099
                    Entropy (8bit):5.182478651346149
                    Encrypted:false
                    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                    MD5:94185C5850C26B3C6FC24ABC385CDA58
                    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                    Malicious:false
                    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:PostScript document text
                    Category:dropped
                    Size (bytes):185099
                    Entropy (8bit):5.182478651346149
                    Encrypted:false
                    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                    MD5:94185C5850C26B3C6FC24ABC385CDA58
                    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                    Malicious:false
                    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):243196
                    Entropy (8bit):3.3450692389394283
                    Encrypted:false
                    SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
                    MD5:F5567C4FF4AB049B696D3BE0DD72A793
                    SHA1:EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
                    SHA-256:D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
                    SHA-512:E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
                    Malicious:false
                    Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):295
                    Entropy (8bit):5.373225996260062
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HXFRIR32O9VoZcg1vRcR0YEsKKoAvJM3g98kUwPeUkwRe9:YvXKXHIBEZc0v35GMbLUkee9
                    MD5:049FC53AC45EFDBDAB18B4FBA8D50124
                    SHA1:D8CBE5DCBD28BB936EAB819243002AA89F96B78D
                    SHA-256:591D14A7EEE55359B102C0924339EA9DB352408E9F284C94DF70F21721342F5E
                    SHA-512:5D7E62391574C5A567A6E16035E36C1072379543621D282EF2B187066F6EBA8653EB06212CD05406A116D7286C495ABE442177E292F25314C8059600D7E689FD
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"9dda4934-8132-4355-aabb-73700877526f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729434466859,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):294
                    Entropy (8bit):5.326295518389564
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HXFRIR32O9VoZcg1vRcR0YEsKKoAvJfBoTfXpnrPeUkwRe9:YvXKXHIBEZc0v35GWTfXcUkee9
                    MD5:FAEC0ADCF6925CFE85F97EAE88B5F116
                    SHA1:8B65C0DA0D5F5559AE1EB4C2ECE58FF4074E5702
                    SHA-256:0C845B3243122010E33719D94C18A5914E19AF26A3B7760B11F55C2FB528F2BB
                    SHA-512:D242E688D5CB7F01E2DCB086756CD667A3EA4F5EF56A8F983895EB97DD18EB2E8ADE13D9A9989F9466372301498C491D1EC214DC9638855A865758998FF5AB2B
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"9dda4934-8132-4355-aabb-73700877526f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729434466859,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):294
                    Entropy (8bit):5.305186371000321
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HXFRIR32O9VoZcg1vRcR0YEsKKoAvJfBD2G6UpnrPeUkwRe9:YvXKXHIBEZc0v35GR22cUkee9
                    MD5:24FABD34351493BB86BE1944B189B18A
                    SHA1:321E3CDC104074A9C74DF0749AFAB78D6184B2C8
                    SHA-256:54904FE3C524E3CD0238EE1E9A794029932B8C4719D577A0FB1F72FC4E8A2EC1
                    SHA-512:F8C3C389AC9D982E03BA92A22E4A812DA2DC245346A6EA1104B5F2512A2C3222810AAFF4440E171392E21E1F8E65D916B1E3E6D341D9D8805638AB22F112B5F3
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"9dda4934-8132-4355-aabb-73700877526f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729434466859,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):285
                    Entropy (8bit):5.360582558944445
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HXFRIR32O9VoZcg1vRcR0YEsKKoAvJfPmwrPeUkwRe9:YvXKXHIBEZc0v35GH56Ukee9
                    MD5:A91635271B6742D44D36481DEF55555C
                    SHA1:D6555092830CAD4EFED19C00C40413920AF267C9
                    SHA-256:28FCA95838DBCBA1015D2C56FFFED8384FEAD5EE5F56A9456FAD56FE1E1DCBF2
                    SHA-512:87C94B87FEB95FE1F80DA174F008FF28D868B9A416B6CE58FA89A284AEC42886932E420F9073EE8E7017FB49349CFDDA97BE8F6C05B76F9D10C47FB2A1F6BBBE
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"9dda4934-8132-4355-aabb-73700877526f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729434466859,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):1055
                    Entropy (8bit):5.66523935747723
                    Encrypted:false
                    SSDEEP:24:Yv6X8EzvOpLgEscLf7nnl0RCmK8czOCCSH1:YvcGhgGzaAh8cv/V
                    MD5:1F9433BE13503B5E89E3D1E5BAE0A6B1
                    SHA1:F3B5E20ED76CA5965D062A3C7453B1721908C821
                    SHA-256:2D4D939DEE923E2EAFDBFF7B88401AABAD45962CA86D83421EF865729FAEA2FF
                    SHA-512:9584503DA375725C5BC3EA3EF1CF33D6235EFF7361F1D4627E7C700DB881FB096120D2B6E9FB2BC3153973DA47F338169E53FA08BCD7ED315E321369CAAAFDD3
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"9dda4934-8132-4355-aabb-73700877526f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729434466859,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_1","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"eb1a4bce-8215-46f1-b44c-154b21a85d60","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingScheme":tr

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):1050
                    Entropy (8bit):5.655830016996937
                    Encrypted:false
                    SSDEEP:24:Yv6X8EzvYVLgEF0c7sbnl0RCmK8czOCYHflEpwiVu1:YvcwFg6sGAh8cvYHWpwV
                    MD5:6E64C1DF83C7E79716F32A4CC282CC45
                    SHA1:D3054478F5E61982EA7368832D38BA4509EDA2BD
                    SHA-256:E87B9BF3BEAA4D22DD35A72CE3B9BD807B58A94470D446048AF4494B20C3FB93
                    SHA-512:A159689E17201A3C36E2C7F3A98FA1CDCF993F6DD4372BD16686FBA6DA7D8FA94353533A50E3C1C75884D84F135979F6CB8FB540AD25D0ACE2CE3A82BA75B772
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"9dda4934-8132-4355-aabb-73700877526f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729434466859,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):292
                    Entropy (8bit):5.313416600226047
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HXFRIR32O9VoZcg1vRcR0YEsKKoAvJfQ1rPeUkwRe9:YvXKXHIBEZc0v35GY16Ukee9
                    MD5:640FCF677B3F8E5D79EF4059B8FB6D4A
                    SHA1:B9DDAB6648265E13A5CEAA3F47E79FF5708F8409
                    SHA-256:4D81FEA48BBF75EB28B7A9A8FDC52BB5291D6B18080274C7A81DB4F9A675FA55
                    SHA-512:D7CD559F12DFA6EE5756960EB7C1B1E7ECD5B71CB8DC654A3E53A256C9B94DC9902DE7FE9E74F7283A21AFB2E9B9B629C1DE70BAB388FE541EBA4D5312939B5C
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"9dda4934-8132-4355-aabb-73700877526f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729434466859,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):1038
                    Entropy (8bit):5.648837322083477
                    Encrypted:false
                    SSDEEP:24:Yv6X8Ezvd2LgEF7cciAXs0nl0RCmK8czOCAPtciBu1:YvcVogc8hAh8cvAW
                    MD5:2188D04E7B85C52A9039E01D839B7406
                    SHA1:F7773410A4BB4298145582409C2BE311EBCD93B3
                    SHA-256:264250F82CCF0EEA1F71F20F194BC5C2098A0622C868BB45899705A15A9ECEDC
                    SHA-512:7467548655AFB3ADFF3A414010A1FCD4ED45A8D7F5F2BF3EE1ADB49814BE2262558AFDCF164EDFB9515FAB73DF16FD7601FC0C435B934BFBE1F9DD736126202E
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"9dda4934-8132-4355-aabb-73700877526f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729434466859,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):1164
                    Entropy (8bit):5.703689693933831
                    Encrypted:false
                    SSDEEP:24:Yv6X8Ezv1KLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5u1:Yvc9EgqprtrS5OZjSlwTmAfSKK
                    MD5:8B215AB762FEBFD4A428BA392D5D2949
                    SHA1:4681A3F26358CCA7CCBCC16E9EAFE347D927E19B
                    SHA-256:63381F83E3E24652ADD183F2098D18FA201CCDC7823E8A75D1E369F6259BB347
                    SHA-512:917291391C67D2DFFF62C3D0DBF0500B7C4EF9C3D54F626158E598E06F7B6EAAB4CD3579F62E86DF804DF9AB25994C0A23ECC6C770AF1C68E136BD02563E3183
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"9dda4934-8132-4355-aabb-73700877526f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729434466859,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):289
                    Entropy (8bit):5.3145557549122575
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HXFRIR32O9VoZcg1vRcR0YEsKKoAvJfYdPeUkwRe9:YvXKXHIBEZc0v35Gg8Ukee9
                    MD5:21D6F86281B7EB42E87BDD346C2D9AA7
                    SHA1:CD0D06D4AE4695A99DE221CE9A72C8BC94DADFAF
                    SHA-256:FC96A5CD98514263EFA19BB79360DBF687BF6948B7228CCFE0D0AC23BBA17CEF
                    SHA-512:8D9497044023484E208EB912FE2164C1F8B7899441329DE662C7115487B123947A8E439865FB95FD81FC628ADC313177DBA534D0955B41C3320CCFB0DCEACEDF
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"9dda4934-8132-4355-aabb-73700877526f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729434466859,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):1395
                    Entropy (8bit):5.779779643112842
                    Encrypted:false
                    SSDEEP:24:Yv6X8EzvorLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNT:YvcAHgDv3W2aYQfgB5OUupHrQ9FJZ
                    MD5:ECE910876BD8C14C775499E919F26E84
                    SHA1:A9E6F3987FF0DE8AA6B8A52B69DDDBE64025716F
                    SHA-256:5CC7A1CCEF0941024510493599F65D5754B32513447871B6D0C17C6B904CB6D2
                    SHA-512:93B7F7CFA9B02E5CBE0E863EBC3B997A21567CD9E09477B1EAF9D099B258B124BE62F6D8FE23BB83507092797CB6558DFB8DF90CAC3FCDCB24C4554E776F9579
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"9dda4934-8132-4355-aabb-73700877526f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729434466859,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):291
                    Entropy (8bit):5.298002813033459
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HXFRIR32O9VoZcg1vRcR0YEsKKoAvJfbPtdPeUkwRe9:YvXKXHIBEZc0v35GDV8Ukee9
                    MD5:E4D8558616841AB56989B6B2E7168149
                    SHA1:19EECE2E13E4F35FE22B574F02612C9B68235ECA
                    SHA-256:144CE5EA1DE1018B0CB6F1A33577829EE0444D5A1194D8C5B087992DB090971C
                    SHA-512:E70871592EE492209523FAD8EA64CC8D38EA231EECE531000BF2706FF50BEA2FC7A0548CF5F97B022214918BEE885812691B58BBF9D38F0722A7CAD21CA94AB5
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"9dda4934-8132-4355-aabb-73700877526f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729434466859,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):287
                    Entropy (8bit):5.30315160464142
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HXFRIR32O9VoZcg1vRcR0YEsKKoAvJf21rPeUkwRe9:YvXKXHIBEZc0v35G+16Ukee9
                    MD5:4DB5B4BE70F0CCE3C7F477956235D6BF
                    SHA1:CB268C02B71E5ED4577221EC3B041B138C2C781C
                    SHA-256:79DCD9C9F9D1254B839CFACC7E23CA52C60A5CB9DBF8164BC460C57AC2665C9E
                    SHA-512:43ECDD52211F2FB3AEC9F6D5B40D5975968EEDAF899C8E561FEC8B08487056A9F96887C687CFDB290A7993AF0610D3EFB0BF2296D218A2116075C22343DF28B9
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"9dda4934-8132-4355-aabb-73700877526f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729434466859,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):1026
                    Entropy (8bit):5.6354974576795245
                    Encrypted:false
                    SSDEEP:24:Yv6X8EzvSamXayLgE7cMCBNaqnl0RCmK8czOC/BSH1:YvcUBgACBOAh8cvMV
                    MD5:FAB15C6E900ECED0E4B92C01CD5D2A39
                    SHA1:C1218DEF341EDF2B1B46124E5862C2E2DB8792D8
                    SHA-256:D19AB9CD9BD405A6E6B76F75E69E194DC6AF4E2E9ED5CD4D35DF11635F029983
                    SHA-512:7D466435D0280B8F02BCE08AABA33EBCF899D1D6ECC293F721A9A5D3167B1DE190FB48B728E8D89E8332C3B835FACDF35ABA410B36A2A25D25444AD0362B283B
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"9dda4934-8132-4355-aabb-73700877526f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729434466859,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_0","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"6291f52b-6cb0-4d31-bc46-37ce85e9eb25","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1751323379000,"s

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):286
                    Entropy (8bit):5.277935954020714
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HXFRIR32O9VoZcg1vRcR0YEsKKoAvJfshHHrPeUkwRe9:YvXKXHIBEZc0v35GUUUkee9
                    MD5:17F92B63D7E91A41B38B92BAFB204CAD
                    SHA1:4440C17E441F0A648FCC30D032D301AF2E20083A
                    SHA-256:470F5CAE659BEE6E0B9893B3CD8376CE89F6EAE8E57529A6071C8670A48F6FAD
                    SHA-512:D8C1CB4437D5BCAEF4CF1B6C65029A6A5525F32091EE19903407B566372C9EFB51AF54C6421B1F3DF7B4B58BE5DBD792DEA947AA0FF7486C22AD46F0321CAF6B
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"9dda4934-8132-4355-aabb-73700877526f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729434466859,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):782
                    Entropy (8bit):5.375464193023646
                    Encrypted:false
                    SSDEEP:12:YvXKXHIBEZc0v35GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWy1:Yv6X8Ezvl168CgEXX5kcIfANhH1
                    MD5:EC934FBF49F288F2E3BC0493B5F6862A
                    SHA1:94990B24F06579573E1DB4F8380FB2B722BEE00A
                    SHA-256:59AB0B0F1351E7A73347B815851A46A3A9BD8DC3BC9AAA9432048AFD02EC9112
                    SHA-512:626E78D3E6B26792D55F87CCE458FC447E0007759F6BD114E45B6F9F0A83EC2DAB42E5031D2B5B30B6E880C75628CC96DE589062088F72FDF30A6BDEF9EAF1BC
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"9dda4934-8132-4355-aabb-73700877526f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729434466859,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1729256386912}}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):4
                    Entropy (8bit):0.8112781244591328
                    Encrypted:false
                    SSDEEP:3:e:e
                    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                    Malicious:false
                    Preview:....

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):2818
                    Entropy (8bit):5.138140230270308
                    Encrypted:false
                    SSDEEP:24:YW73Dbn5awqCaycduRzGQC+JDsdefzcstueSjGXj0SugAS2jV2LS4Fft5QaU9dt5:YW7fC9wXJoQfzJARGTdwVGptVU9dD
                    MD5:E088672F6ACD18F33E21E29D9DEA68C5
                    SHA1:D6EF2673EC35EFE6EE35C87D1B0CEA42ECBF5238
                    SHA-256:1ECCACA38CABFF2005661111C7771FE5A81A03C018283D0B5E91147F5B469357
                    SHA-512:4FC4BB300236A4C91A4EE48DB83936A05D5C81E3BCC8B729D111361059129691EFD33940B7B50F15181DE59B7EF4683AA89C2960DC36D653222FD4E10059BD25
                    Malicious:false
                    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"3d3a99b429182728bcec1b083c956b8b","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1729256386000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"7dd6258bb40b12a766c072d3f090af10","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1729256386000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"340f5a4787cfd99583f654fe35bfd1a1","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1026,"ts":1729256386000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"9c336ccbb1c31a8bb6044db31d1ef0c0","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1055,"ts":1729256386000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"8ea25ea6e3ddcf57f798daedbafb89cd","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1729256386000},{"id":"Edit_InApp_Aug2020","info":{"dg":"4a4de00150d5b106f19a106fd4df13bf","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                    Category:dropped
                    Size (bytes):12288
                    Entropy (8bit):1.1889249353470681
                    Encrypted:false
                    SSDEEP:48:TGufl2GL7msEHUUUUUUUUMVWSSvR9H9vxFGiDIAEkGVvpQVWU:lNVmswUUUUUUUUMV/+FGSItMVf
                    MD5:20C15F159A6D21FE4938F4EFD608D365
                    SHA1:72B01459C95EA67D5692C8FE43CE015B9E3175FD
                    SHA-256:E0EA11293BC5DB3A354605280550E2AECC155118EBAC31B64C24590D567FE2F6
                    SHA-512:D615397A68903577A4E04B26561BA30ED99D6025DBD80352B8BA7864F24A231B4673A87AF34A6F0970C790D2CA3015DAA1C359B546A4D6A8B0C5479992250155
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite Rollback Journal
                    Category:dropped
                    Size (bytes):8720
                    Entropy (8bit):1.6089922104898435
                    Encrypted:false
                    SSDEEP:48:7MGKUUUUUUUUUUMVWAvR9H9vxFGiDIAEkGVv7qFl2GL7msW:7WUUUUUUUUUUMVTFGSIt5KVmsW
                    MD5:2D883470CBDEC7360CF6DA1687489D5E
                    SHA1:C624D7ADB68488B87D75A5241B01065EE7F4B41C
                    SHA-256:6D6A6B936EFB078FC72283A20E30F241CF41CEB633EF5C6E26D830764501464D
                    SHA-512:104538D1FBA21C1B3FCF5385153531F25057C229F17BB28415F7DDDAFA17CFC7CB0D9F5DEC3CDC8476B2E363782966485A300CB7AAF93D60985DA68B9574653F
                    Malicious:false
                    Preview:.... .c......F.K......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\MSI86e50.LOG

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):246
                    Entropy (8bit):3.5309417490522437
                    Encrypted:false
                    SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8sKRklcPYH:Qw946cPbiOxDlbYnuRKSLPYH
                    MD5:3E86175935768C6CDAE8FEB17AC1C67B
                    SHA1:4B19D4284C581758D8591F80DA6173C3246F8D05
                    SHA-256:6BBC0F701FCEBA0A2846A7F872113808C1F2F70C68EB5F45CD80B9CF9B08BE48
                    SHA-512:EA07235274CFD4AB4605FB4462FEE64DA48BD94826E10A8A98ED3D41814F48C220C2BFA50AF050D58AF543C3119426B5698B867BDBEA9AD6B46A381EE649B2CA
                    Malicious:false
                    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.8./.1.0./.2.0.2.4. . .0.8.:.5.9.:.5.0. .=.=.=.....

                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-18 08-59-38-099.log

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:ASCII text, with very long lines (393)
                    Category:dropped
                    Size (bytes):16525
                    Entropy (8bit):5.345946398610936
                    Encrypted:false
                    SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                    MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                    SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                    SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                    SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                    Malicious:false
                    Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:ASCII text, with very long lines (393), with CRLF line terminators
                    Category:dropped
                    Size (bytes):15114
                    Entropy (8bit):5.36861002173754
                    Encrypted:false
                    SSDEEP:384:qugLIuZjOBwyVRLSZCcNcuJ0A36nbpTpnpdX5sisP5Vhrurt2/EC5jjwjAhyh8Z7:WtyNNbJ1a
                    MD5:2658CE9271EE5CD90A2B0B4098BE1196
                    SHA1:8FF67F4534C9B3C8C50F8B8FE042A1B787C618D9
                    SHA-256:5313ACA2BCE04DCD388644ECE509DCA9614B853FE700D0DED0E9D6410D304AE8
                    SHA-512:FDC153F933C7364128D7C4533304BFEE638F283F6B989D48DF5252AEF6DF891ADA3C096A6058FC0705C3F68EE5D886FCAE57FFAB8E0A4C5322ED4CCEBFB6A1C1
                    Malicious:false
                    Preview:SessionID=12efe696-c902-4946-a7cc-9686d467a835.1729256378138 Timestamp=2024-10-18T08:59:38:138-0400 ThreadID=5252 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=12efe696-c902-4946-a7cc-9686d467a835.1729256378138 Timestamp=2024-10-18T08:59:38:139-0400 ThreadID=5252 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=12efe696-c902-4946-a7cc-9686d467a835.1729256378138 Timestamp=2024-10-18T08:59:38:139-0400 ThreadID=5252 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=12efe696-c902-4946-a7cc-9686d467a835.1729256378138 Timestamp=2024-10-18T08:59:38:139-0400 ThreadID=5252 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=12efe696-c902-4946-a7cc-9686d467a835.1729256378138 Timestamp=2024-10-18T08:59:38:139-0400 ThreadID=5252 Component=ngl-lib_NglAppLib Description="SetConf

                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):29752
                    Entropy (8bit):5.395248520548887
                    Encrypted:false
                    SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r6:u
                    MD5:ED241BE29B5482DB67703C2364EC74DD
                    SHA1:0F7E37C651ED00194A24B1E3C8096DB3C33FFC0E
                    SHA-256:20B1D6D5668D977313156F40E1104BF546E77967758730DFD5B73066E096B010
                    SHA-512:299F92192CFBB61DEAC29828E56CF8A9F0D33EE6A7B33922624B6A1CE3271A6BBE81765FCA15055F8FE32EEAA8B71627F26383962FC596596D53333EB4F0EADB
                    Malicious:false
                    Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                    C:\Users\user\AppData\Local\Temp\acrocef_low\d0f06b41-c112-424a-af0a-0e4d3bc41ad7.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                    Category:dropped
                    Size (bytes):758601
                    Entropy (8bit):7.98639316555857
                    Encrypted:false
                    SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                    MD5:3A49135134665364308390AC398006F1
                    SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                    SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                    SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                    Malicious:false
                    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                    C:\Users\user\AppData\Local\Temp\acrocef_low\e68b4145-2459-4d25-87d3-ad60cd041fad.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                    Category:dropped
                    Size (bytes):1419751
                    Entropy (8bit):7.976496077007677
                    Encrypted:false
                    SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                    MD5:18E3D04537AF72FDBEB3760B2D10C80E
                    SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                    SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                    SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                    Malicious:false
                    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                    C:\Users\user\AppData\Local\Temp\acrocef_low\f8a51962-adcd-43e4-a278-7f23fadde3f1.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                    Category:dropped
                    Size (bytes):386528
                    Entropy (8bit):7.9736851559892425
                    Encrypted:false
                    SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                    MD5:5C48B0AD2FEF800949466AE872E1F1E2
                    SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                    SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                    SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                    Malicious:false
                    Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                    C:\Users\user\AppData\Local\Temp\acrocef_low\f8f3191b-8532-40b0-8a05-ceb0201a1123.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                    Category:dropped
                    Size (bytes):1407294
                    Entropy (8bit):7.97605879016224
                    Encrypted:false
                    SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                    MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                    SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                    SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                    SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                    Malicious:false
                    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                    Static File Info

                    General

                    File type:PDF document, version 1.7, 4 pages
                    Entropy (8bit):7.938966055185457
                    TrID:
                    • Adobe Portable Document Format (5005/1) 100.00%
                    File name:19194R21.pdf
                    File size:91'111 bytes
                    MD5:8523b894e3341389e8b0f8f46d84fb3b
                    SHA1:b2c37f027bd960ebae79e32984d81a1e4b8720eb
                    SHA256:58031f56fff1a6b777cda8244e8acad871b5c247c1ec3f7ed468baba820fbe63
                    SHA512:241e86ceba92f5a8a0de2ba58d563452eccadba4595745092249f33ccaddb5daa8427042e704124d81f303954832a6019f1dd61dd9540f5abb74caae251325ef
                    SSDEEP:1536:beYpbHNlR1ExLWrIu1XHgWACwqR+wjziSv2fTxADp:beYrj1aarv3gWPbGSvkxAd
                    TLSH:B093E1349509488DF247D14596BAB269C54DF6D213CA98C1A06CFADBCCC8E2DE1E36E3
                    File Content Preview:%PDF-1.7 .%.... .1 0 obj .<< ./Type /Catalog ./Pages 2 0 R ./PageMode /UseNone ./ViewerPreferences << ./FitWindow true ./PageLayout /SinglePage ./NonFullScreenPageMode /UseNone .>> .>> .endobj .5 0 obj .<< ./Length 1452 ./Filter [ /FlateDecode ] .>> .stre

                    File Icon

                    Icon Hash:62cc8caeb29e8ae0

                    Static PDF Info

                    General

                    Header:%PDF-1.7
                    Total Entropy:7.938966
                    Total Bytes:91111
                    Stream Entropy:7.996944
                    Stream Bytes:82882
                    Entropy outside Streams:4.819151
                    Bytes outside Streams:8229
                    Number of EOF found:1
                    Bytes after EOF:

                    Keywords Statistics

                    NameCount
                    obj59
                    endobj59
                    stream16
                    endstream14
                    xref1
                    trailer1
                    startxref1
                    /Page4
                    /Encrypt0
                    /ObjStm0
                    /URI0
                    /JS0
                    /JavaScript0
                    /AA0
                    /OpenAction0
                    /AcroForm0
                    /JBIG2Decode0
                    /RichMedia0
                    /Launch0
                    /EmbeddedFile0

                    Network Behavior

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Oct 18, 2024 14:59:47.889095068 CEST49750443192.168.2.496.7.168.138
                    Oct 18, 2024 14:59:47.889133930 CEST4434975096.7.168.138192.168.2.4
                    Oct 18, 2024 14:59:47.889194965 CEST49750443192.168.2.496.7.168.138
                    Oct 18, 2024 14:59:47.889446020 CEST49750443192.168.2.496.7.168.138
                    Oct 18, 2024 14:59:47.889462948 CEST4434975096.7.168.138192.168.2.4
                    Oct 18, 2024 14:59:48.771248102 CEST4434975096.7.168.138192.168.2.4
                    Oct 18, 2024 14:59:48.771594048 CEST49750443192.168.2.496.7.168.138
                    Oct 18, 2024 14:59:48.771612883 CEST4434975096.7.168.138192.168.2.4
                    Oct 18, 2024 14:59:48.773140907 CEST4434975096.7.168.138192.168.2.4
                    Oct 18, 2024 14:59:48.773196936 CEST49750443192.168.2.496.7.168.138
                    Oct 18, 2024 14:59:48.821795940 CEST49750443192.168.2.496.7.168.138
                    Oct 18, 2024 14:59:48.822024107 CEST49750443192.168.2.496.7.168.138
                    Oct 18, 2024 14:59:48.822035074 CEST4434975096.7.168.138192.168.2.4
                    Oct 18, 2024 14:59:48.863419056 CEST4434975096.7.168.138192.168.2.4
                    Oct 18, 2024 14:59:48.871628046 CEST49750443192.168.2.496.7.168.138
                    Oct 18, 2024 14:59:48.871649981 CEST4434975096.7.168.138192.168.2.4
                    Oct 18, 2024 14:59:48.918487072 CEST49750443192.168.2.496.7.168.138
                    Oct 18, 2024 14:59:49.020637989 CEST4434975096.7.168.138192.168.2.4
                    Oct 18, 2024 14:59:49.020807028 CEST4434975096.7.168.138192.168.2.4
                    Oct 18, 2024 14:59:49.021217108 CEST49750443192.168.2.496.7.168.138
                    Oct 18, 2024 14:59:49.021249056 CEST4434975096.7.168.138192.168.2.4
                    Oct 18, 2024 14:59:49.021261930 CEST49750443192.168.2.496.7.168.138
                    Oct 18, 2024 14:59:49.021311045 CEST49750443192.168.2.496.7.168.138

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Oct 18, 2024 14:59:45.739506960 CEST6086653192.168.2.41.1.1.1
                    Oct 18, 2024 15:00:05.053188086 CEST5999453192.168.2.41.1.1.1

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Oct 18, 2024 14:59:45.739506960 CEST192.168.2.41.1.1.10x3927Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                    Oct 18, 2024 15:00:05.053188086 CEST192.168.2.41.1.1.10x898dStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Oct 18, 2024 14:59:45.782659054 CEST1.1.1.1192.168.2.40x3927No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                    Oct 18, 2024 15:00:05.417702913 CEST1.1.1.1192.168.2.40x898dNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • armmf.adobe.com

                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.44975096.7.168.1384437868C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    TimestampBytes transferredDirectionData
                    2024-10-18 12:59:48 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                    Host: armmf.adobe.com
                    Connection: keep-alive
                    Accept-Language: en-US,en;q=0.9
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                    Sec-Fetch-Site: same-origin
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: empty
                    Accept-Encoding: gzip, deflate, br
                    If-None-Match: "78-5faa31cce96da"
                    If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                    2024-10-18 12:59:49 UTC198INHTTP/1.1 304 Not Modified
                    Content-Type: text/plain; charset=UTF-8
                    Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                    ETag: "78-5faa31cce96da"
                    Date: Fri, 18 Oct 2024 12:59:48 GMT
                    Connection: close


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:1
                    Start time:08:59:33
                    Start date:18/10/2024
                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\19194R21.pdf"
                    Imagebase:0x7ff6bc1b0000
                    File size:5'641'176 bytes
                    MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:2
                    Start time:08:59:35
                    Start date:18/10/2024
                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                    Imagebase:0x7ff74bb60000
                    File size:3'581'912 bytes
                    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:4
                    Start time:08:59:37
                    Start date:18/10/2024
                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2132 --field-trial-handle=1512,i,9219026977050960623,12236995261974750430,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                    Imagebase:0x7ff74bb60000
                    File size:3'581'912 bytes
                    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    Disassembly

                    No disassembly