Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PPI Submittal.pdf

Overview

General Information

Sample name:PPI Submittal.pdf
Analysis ID:1537104
MD5:c5e6ae17541577544d9c46e54544a51c
SHA1:b1afa092b7ce35f99f71a8c4814c5e708aa424e4
SHA256:1ee9855f10e199576a49f318eed6f3a3bd4fb523b4a28464cc28c5ad6b14cfed
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7128 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\PPI Submittal.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 3332 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7208 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1552,i,9938820051784610952,14837667456933209763,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 96.7.168.138:443
Source: Joe Sandbox ViewIP Address: 96.7.168.138 96.7.168.138
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: classification engineClassification label: clean2.winPDF@14/49@1/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3900Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-18 09-13-42-710.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\PPI Submittal.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1552,i,9938820051784610952,14837667456933209763,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1552,i,9938820051784610952,14837667456933209763,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: PPI Submittal.pdfStatic file information: File size 7218070 > 6291456
Source: PPI Submittal.pdfInitial sample: PDF keyword /JS count = 0
Source: PPI Submittal.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: PPI Submittal.pdfInitial sample: PDF keyword stream count = 477
Source: PPI Submittal.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: PPI Submittal.pdfInitial sample: PDF keyword endobj count = 478
Source: PPI Submittal.pdfInitial sample: PDF keyword endstream count = 477
Source: PPI Submittal.pdfInitial sample: PDF keyword obj count = 479
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1537104 Sample: PPI Submittal.pdf Startdate: 18/10/2024 Architecture: WINDOWS Score: 2 14 x1.i.lencr.org 2->14 7 Acrobat.exe 18 74 2->7         started        process3 process4 9 AcroCEF.exe 106 7->9         started        process5 11 AcroCEF.exe 4 9->11         started        dnsIp6 16 96.7.168.138, 443, 49748 INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR United States 11->16

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
    • URL Reputation: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    96.7.168.138
    		unknownUnited States
    		262589INTERNEXABRASILOPERADORADETELECOMUNICACOESSABRfalse

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1537104
    Start date and time:2024-10-18 15:12:28 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 4m 48s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowspdfcookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:11
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:PPI Submittal.pdf
    Detection:CLEAN
    Classification:clean2.winPDF@14/49@1/1
    Cookbook Comments:
    • Found application associated with file extension: .pdf
    • Found PDF document
    • Close Viewer

    Warnings

    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 23.43.60.134, 2.19.126.149, 2.19.126.143, 162.159.61.3, 172.64.41.3, 23.22.254.206, 54.227.187.23, 52.202.204.11, 52.5.13.197, 2.23.197.184, 93.184.221.240
    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
    • Not all processes where analyzed, report is missing behavior information
    • VT rate limit hit for: PPI Submittal.pdf

    Simulations

    Behavior and APIs

    TimeTypeDescription
    09:13:48API Interceptor2x Sleep call for process: AcroCEF.exe modified

    LLM Input / Output

    InputOutput
    URL: PDF document Model: claude-3-haiku-20240307
    ```json
{
    "contains_trigger_text": false,
    "trigger_text": "unknown",
    "prominent_button_name": "unknown",
    "text_input_field_labels": [
        "Print Name:",
        "License Number  Standard Plans Examiner:",
        "Standard Inspector:",
        "Trade Categories:",
        "License #:"
    ],
    "pdf_icon_visible": false,
    "has_visible_captcha": false,
    "has_urgent_text": false,
    "has_visible_qrcode": false
}
    URL: PDF document Model: claude-3-haiku-20240307
    ```json
{
  "brands": [
    "Marion County Board of County Commissioners",
    "My Amelia, Inc DBA Inspected.com"
  ]
}

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    96.7.168.138ddsfsfsa.pdfGet hashmaliciousUnknownBrowse
      v2.0.pdfGet hashmaliciousUnknownBrowse
        Xfab BENEFIT ENROLLMENT GUIDE 2024.pdfGet hashmaliciousHTMLPhisher, Mamba2FABrowse
          Project_Proposal_Review_and_Approval13617.pdfGet hashmaliciousUnknownBrowse
            tots.batGet hashmaliciousUnknownBrowse
              ordine.pdfGet hashmaliciousHtmlDropperBrowse
                ordine.pdfGet hashmaliciousUnknownBrowse
                  https://myloginpage.pages.dev/20230508.pdfGet hashmaliciousHTMLPhisherBrowse

                    Domains

                    No context

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    INTERNEXABRASILOPERADORADETELECOMUNICACOESSABRddsfsfsa.pdfGet hashmaliciousUnknownBrowse
                    • 96.7.168.138
                    armv4l.elfGet hashmaliciousUnknownBrowse
                    • 200.220.215.193
                    v2.0.pdfGet hashmaliciousUnknownBrowse
                    • 96.7.168.138
                    mpsl.elfGet hashmaliciousMiraiBrowse
                    • 187.108.156.187
                    Xfab BENEFIT ENROLLMENT GUIDE 2024.pdfGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                    • 96.7.168.138
                    Project_Proposal_Review_and_Approval13617.pdfGet hashmaliciousUnknownBrowse
                    • 96.7.168.138
                    tots.batGet hashmaliciousUnknownBrowse
                    • 96.7.168.138
                    RCD_9384-39403-1.pdfGet hashmaliciousUnknownBrowse
                    • 96.7.164.138
                    ordine.pdfGet hashmaliciousHtmlDropperBrowse
                    • 96.7.168.138
                    ordine.pdfGet hashmaliciousUnknownBrowse
                    • 96.7.168.138

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):292
                    Entropy (8bit):5.205641730423115
                    Encrypted:false
                    SSDEEP:6:hnn3Ht+q2Pwkn2nKuAl9OmbnIFUt8WnnzZmw+WnnjVkwOwkn2nKuAl9OmbjLJ:hn3ovYfHAahFUt8Wnz/+Wnp5JfHAaSJ
                    MD5:DFB30FFD81A480165864787971A26C98
                    SHA1:2D7F26B0F021DED1E58A1C8F03E6F05783FC53BD
                    SHA-256:34B2E43A517899A3D8EE271A785ED178052B9516A07B0DDCF9B96198090F4041
                    SHA-512:F823487CF57D8AB2F3B20AA0B4206135EE2EFA19FE4534229DE03763C8B0F0F7E1421672FAC6E83AB2A5C5E94335D0C544DCE03BBC2F334FA948B46D174866A0
                    Malicious:false
                    Reputation:low
                    Preview:2024/10/18-09:13:40.397 1bb8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/18-09:13:40.399 1bb8 Recovering log #3.2024/10/18-09:13:40.399 1bb8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):292
                    Entropy (8bit):5.205641730423115
                    Encrypted:false
                    SSDEEP:6:hnn3Ht+q2Pwkn2nKuAl9OmbnIFUt8WnnzZmw+WnnjVkwOwkn2nKuAl9OmbjLJ:hn3ovYfHAahFUt8Wnz/+Wnp5JfHAaSJ
                    MD5:DFB30FFD81A480165864787971A26C98
                    SHA1:2D7F26B0F021DED1E58A1C8F03E6F05783FC53BD
                    SHA-256:34B2E43A517899A3D8EE271A785ED178052B9516A07B0DDCF9B96198090F4041
                    SHA-512:F823487CF57D8AB2F3B20AA0B4206135EE2EFA19FE4534229DE03763C8B0F0F7E1421672FAC6E83AB2A5C5E94335D0C544DCE03BBC2F334FA948B46D174866A0
                    Malicious:false
                    Reputation:low
                    Preview:2024/10/18-09:13:40.397 1bb8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/18-09:13:40.399 1bb8 Recovering log #3.2024/10/18-09:13:40.399 1bb8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):336
                    Entropy (8bit):5.174037382202814
                    Encrypted:false
                    SSDEEP:6:hnnc4q2Pwkn2nKuAl9Ombzo2jMGIFUt8Wnnr3JZmw+Wnnr3DkwOwkn2nKuAl9OmT:hnLvYfHAa8uFUt8Wnl/+Wn35JfHAa8RJ
                    MD5:2A919FD9E07D50334984DCDB0A6D0231
                    SHA1:CC5C876D4923EBF20A929C572F181EE62710DEDD
                    SHA-256:D09AF33D82981F5D240D6198B1BA5CB18B818CC24E901F8CCDACFC342413ED15
                    SHA-512:7AACD8FCBF561E6FA73BD3D7270B3FC49CB49E6F2D4E41233CB78C90CDA015C2E62F253748A3B409813AC7302A9A3D9849A358307465A8C460A18253DE36A884
                    Malicious:false
                    Reputation:low
                    Preview:2024/10/18-09:13:40.454 1c80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/18-09:13:40.455 1c80 Recovering log #3.2024/10/18-09:13:40.455 1c80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):336
                    Entropy (8bit):5.174037382202814
                    Encrypted:false
                    SSDEEP:6:hnnc4q2Pwkn2nKuAl9Ombzo2jMGIFUt8Wnnr3JZmw+Wnnr3DkwOwkn2nKuAl9OmT:hnLvYfHAa8uFUt8Wnl/+Wn35JfHAa8RJ
                    MD5:2A919FD9E07D50334984DCDB0A6D0231
                    SHA1:CC5C876D4923EBF20A929C572F181EE62710DEDD
                    SHA-256:D09AF33D82981F5D240D6198B1BA5CB18B818CC24E901F8CCDACFC342413ED15
                    SHA-512:7AACD8FCBF561E6FA73BD3D7270B3FC49CB49E6F2D4E41233CB78C90CDA015C2E62F253748A3B409813AC7302A9A3D9849A358307465A8C460A18253DE36A884
                    Malicious:false
                    Reputation:low
                    Preview:2024/10/18-09:13:40.454 1c80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/18-09:13:40.455 1c80 Recovering log #3.2024/10/18-09:13:40.455 1c80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\24d854f3-7389-4c99-843d-157744a8f3ef.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):475
                    Entropy (8bit):4.966895279106768
                    Encrypted:false
                    SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4T3y:Y2sRdsVdMHO3QYhbG7nby
                    MD5:2B2DD4FFCADFFFA544C423CE65A911E2
                    SHA1:3C690C4670D732A1F54C5BD0B93A7CFF6CA96720
                    SHA-256:7ACAC2E53C854E8000F43FE4CB549E82A2B9F6A957366C429ABB730EE326CBD0
                    SHA-512:51D13C2DCDFB21C1C0F1756DA980098861148C6CE5CBB18F8D6247FB33D1037B60EB4CE27C7AC482D705509BD1BDF1EDDBC619CC6D6610A3EED3F2AAD0185C50
                    Malicious:false
                    Reputation:moderate, very likely benign file
                    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\49ee5304-188b-4d74-ac9d-bbb20753f5dd.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:JSON data
                    Category:modified
                    Size (bytes):475
                    Entropy (8bit):4.966596943422396
                    Encrypted:false
                    SSDEEP:12:YH/um3RA8sqy0HoShsBdOg2HrYYZcaq3QYiubInP7E4T3y:Y2sRdsWIJdMHMYg3QYhbG7nby
                    MD5:1A0D4E683BC4FF4649D2D5456038E9C4
                    SHA1:3262B724FE45D87672715795B9AF16044B9C1C6F
                    SHA-256:55B3D5A8A0B0EBB4501A9154439B00E8BEA5CF46A8A60866A60F00D7A6F39E1F
                    SHA-512:0E8AF95C87B78F05C65F78F4932A01DE8D3155423F919CECADD0740B35F4F5830A6BBDCB308D0CBE45B76C4A5471C4BFD35FCC23F3013FF6C21AB960A3674B44
                    Malicious:false
                    Reputation:low
                    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13373817232218794","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":220630},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):475
                    Entropy (8bit):4.966895279106768
                    Encrypted:false
                    SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4T3y:Y2sRdsVdMHO3QYhbG7nby
                    MD5:2B2DD4FFCADFFFA544C423CE65A911E2
                    SHA1:3C690C4670D732A1F54C5BD0B93A7CFF6CA96720
                    SHA-256:7ACAC2E53C854E8000F43FE4CB549E82A2B9F6A957366C429ABB730EE326CBD0
                    SHA-512:51D13C2DCDFB21C1C0F1756DA980098861148C6CE5CBB18F8D6247FB33D1037B60EB4CE27C7AC482D705509BD1BDF1EDDBC619CC6D6610A3EED3F2AAD0185C50
                    Malicious:false
                    Reputation:moderate, very likely benign file
                    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF431622.TMP (copy)

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):475
                    Entropy (8bit):4.966895279106768
                    Encrypted:false
                    SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4T3y:Y2sRdsVdMHO3QYhbG7nby
                    MD5:2B2DD4FFCADFFFA544C423CE65A911E2
                    SHA1:3C690C4670D732A1F54C5BD0B93A7CFF6CA96720
                    SHA-256:7ACAC2E53C854E8000F43FE4CB549E82A2B9F6A957366C429ABB730EE326CBD0
                    SHA-512:51D13C2DCDFB21C1C0F1756DA980098861148C6CE5CBB18F8D6247FB33D1037B60EB4CE27C7AC482D705509BD1BDF1EDDBC619CC6D6610A3EED3F2AAD0185C50
                    Malicious:false
                    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):4730
                    Entropy (8bit):5.245298091995292
                    Encrypted:false
                    SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo73hcKu6cKZ:etJCV4FiN/jTN/2r8Mta02fEhgO73gop
                    MD5:198EC196E416F9CC66C550B234F00D37
                    SHA1:8639E844899B4B8CC483A900DC76F90C1BB8F6F7
                    SHA-256:93678923220719499E01CFDAF210A3A33D0FBFEB8DF665C863407D4C73799097
                    SHA-512:6DBA2AA1977D9C1CACE34C347628C1E5CD34EBE7754B966DB2A80E8F70D7676052EC2507AEB17B6FC3FB3C5F18DBE48E54A460D263CF47644BDC2EAFB1692A72
                    Malicious:false
                    Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):324
                    Entropy (8bit):5.213348158227407
                    Encrypted:false
                    SSDEEP:6:hn0O4q2Pwkn2nKuAl9OmbzNMxIFUt8WnwmJZmw+WnwNXNDkwOwkn2nKuAl9OmbzE:h0tvYfHAa8jFUt8WwQ/+WwNXF5JfHAab
                    MD5:38B25F7707753D2F119B9DBE8251282B
                    SHA1:697F1C2B09C17CDF6348D0818AC10F3751373B26
                    SHA-256:81D566DFC49B2E427966C52EB5C5DD131024D6F741B90641732CFDBC54E20538
                    SHA-512:C6A1884CBB91903E23A1B12DE01D58378DF7C0F2EE22AC8E85B1D6AFD75D1E0FE9D2D9D246241C740C02746230F14D0E018E6589BA3858E3D6E3C977D1195F99
                    Malicious:false
                    Preview:2024/10/18-09:13:41.539 1c80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/18-09:13:41.571 1c80 Recovering log #3.2024/10/18-09:13:41.576 1c80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):324
                    Entropy (8bit):5.213348158227407
                    Encrypted:false
                    SSDEEP:6:hn0O4q2Pwkn2nKuAl9OmbzNMxIFUt8WnwmJZmw+WnwNXNDkwOwkn2nKuAl9OmbzE:h0tvYfHAa8jFUt8WwQ/+WwNXF5JfHAab
                    MD5:38B25F7707753D2F119B9DBE8251282B
                    SHA1:697F1C2B09C17CDF6348D0818AC10F3751373B26
                    SHA-256:81D566DFC49B2E427966C52EB5C5DD131024D6F741B90641732CFDBC54E20538
                    SHA-512:C6A1884CBB91903E23A1B12DE01D58378DF7C0F2EE22AC8E85B1D6AFD75D1E0FE9D2D9D246241C740C02746230F14D0E018E6589BA3858E3D6E3C977D1195F99
                    Malicious:false
                    Preview:2024/10/18-09:13:41.539 1c80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/18-09:13:41.571 1c80 Recovering log #3.2024/10/18-09:13:41.576 1c80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241018131345Z-172.bmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                    Category:dropped
                    Size (bytes):71190
                    Entropy (8bit):2.3528101182483234
                    Encrypted:false
                    SSDEEP:384:xRDDDDDDDDDDDDDDDDDBDDDDDDDDDDDDDDDDDDDTDDDDDDDDDDDDDDDDDDDDDDDz:F9WYzpzZX
                    MD5:73B49C1E01421F4916A3704B77E2BB4A
                    SHA1:E11AED10A7D81A4F9A84905F10B90CF1B45C10A2
                    SHA-256:CD526270886938EC1D6976D2B7DBEDB58DA56DD937DF0FB15D6D51E2C58E7AA9
                    SHA-512:7FC2174435D9129A76C249582E89714AB06DB6BAE20E0C6AC8CAB7BC29D9DAC577463E8D294CC16161A2AA67A5351CDD4497B92C8A7C66B2C79B6DD7144F5E03
                    Malicious:false
                    Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                    Category:dropped
                    Size (bytes):86016
                    Entropy (8bit):4.445066267908185
                    Encrypted:false
                    SSDEEP:384:yezci5tAiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rXs3OazzU89UTTgUL
                    MD5:64069A7DFE8525C37AF9C51DEA3912E0
                    SHA1:02233DBB946A04F086736DF03F8B98513C626C60
                    SHA-256:26110EB594E587C459CC59FEF40AB1BC170D5931AB12DB4DCF563C4A4AA2C09F
                    SHA-512:4C5A13818924321720F5438FECABA669A5469062EB6D37EB81BEC82DB48FD02DD230972B6CBED22D7CD5D5FD12A70BD772EA11A5DB3F91CD228A4C344E8624A5
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite Rollback Journal
                    Category:dropped
                    Size (bytes):8720
                    Entropy (8bit):3.774103163844887
                    Encrypted:false
                    SSDEEP:48:7MZp/E2ioyVeioy9oWoy1Cwoy1eKOioy1noy1AYoy1Wioy1hioybioyUoy1noy1q:7apjueFVXKQJOQb9IVXEBodRBkQ
                    MD5:60BAB892675744E5B969CFA295603533
                    SHA1:1E7E4EC295F0FD7B1AA317D16EABA42CC1CD019B
                    SHA-256:9DEA10E4A23148341BF82CDBBF41C285EBFB8637092260F187A2C99BF248050C
                    SHA-512:6F89F6B112D29C941569996797A68C8D9DFAE66A79185834C9D8074E5D013561E825B62B0DC7A5752E41EBF782C4DABE5D25D4485FD52C5990E20B45583E3C63
                    Malicious:false
                    Preview:.... .c.....FM.U...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:Certificate, Version=3
                    Category:dropped
                    Size (bytes):1391
                    Entropy (8bit):7.705940075877404
                    Encrypted:false
                    SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                    MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                    SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                    SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                    SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                    Malicious:false
                    Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                    Category:dropped
                    Size (bytes):71954
                    Entropy (8bit):7.996617769952133
                    Encrypted:true
                    SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                    MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                    SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                    SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                    SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                    Malicious:false
                    Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):192
                    Entropy (8bit):2.7647458239154146
                    Encrypted:false
                    SSDEEP:3:kkFklBSHD031fllXlE/HT8k0szltNNX8RolJuRdxLlGB9lQRYwpDdt:kK/HD0mT86JTNMa8RdWBwRd
                    MD5:07D115F5514E91D4AF4F493A9D9C03D8
                    SHA1:CC8FEA5DEAEB7905790594CEAA79E3FFBFB2FD82
                    SHA-256:D941D0D490609C2AD6199AA773699F99841D448603BB9196833B4502AB45C3D0
                    SHA-512:A980C91890EA43D5BB65B09B89FC656D23877B104DB819ACC937FF07DAFA7179B7359573175D55B3AB5790E5075C3E3670314869148408FDD34B7C26D97940E3
                    Malicious:false
                    Preview:p...... ........r7.._!..(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:data
                    Category:modified
                    Size (bytes):328
                    Entropy (8bit):3.1279761948813087
                    Encrypted:false
                    SSDEEP:6:kKYmi9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:vdDnLNkPlE99SNxAhUe/3
                    MD5:9DBC7E6E22DD21BCF0C50DABE8B30841
                    SHA1:CE6E7E85857CDBB11C9007BCDC936710CE108D73
                    SHA-256:44E7263B9FAE241CFEFD223DE7CEF32676367D0B4066AFC1B92CA8BFBE53368C
                    SHA-512:E0501FA38717993EB31D16C8BDBF78960931426CC52D4FCC0CE972794B4CA345B340AE7D6A16A26085A0DF543B652DFECAD639B527C75B886C0FB56E0911C9D8
                    Malicious:false
                    Preview:p...... ........a."._!..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3900

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:PostScript document text
                    Category:dropped
                    Size (bytes):185099
                    Entropy (8bit):5.182478651346149
                    Encrypted:false
                    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                    MD5:94185C5850C26B3C6FC24ABC385CDA58
                    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                    Malicious:false
                    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:PostScript document text
                    Category:dropped
                    Size (bytes):185099
                    Entropy (8bit):5.182478651346149
                    Encrypted:false
                    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                    MD5:94185C5850C26B3C6FC24ABC385CDA58
                    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                    Malicious:false
                    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):243196
                    Entropy (8bit):3.3450692389394283
                    Encrypted:false
                    SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
                    MD5:F5567C4FF4AB049B696D3BE0DD72A793
                    SHA1:EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
                    SHA-256:D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
                    SHA-512:E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
                    Malicious:false
                    Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):295
                    Entropy (8bit):5.33492945055332
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HXHDHYjWaB5dJHdVoZcg1vRcR0YCMRRL2ieoAvJM3g98kUwPeUkwRe9:YvXKXzY6KOZc0v1QtZGMbLUkee9
                    MD5:09AFD079BD52D770B8D9A3A608420B1A
                    SHA1:2D592590CDC453FF78D9C06EB4E5687473B0B424
                    SHA-256:E913198B63D57EF067A3B10E2283E0D3A91555D13D4906931382C2A35C1A1185
                    SHA-512:826DFE9173E9241C14641F63FE75B7C8523B4D70EDC454E71FE84E41AFE9FFC1F861978C21A6EB10676366FB52A6C04FF94556EE5BA65DA45E19CD683FB6506C
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"040d7e5d-9c57-420a-9b56-330d900d06ee","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729432294464,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):294
                    Entropy (8bit):5.2853638194650046
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HXHDHYjWaB5dJHdVoZcg1vRcR0YCMRRL2ieoAvJfBoTfXpnrPeUkwRe9:YvXKXzY6KOZc0v1QtZGWTfXcUkee9
                    MD5:FF84C248417BFC7A740417C68EA63580
                    SHA1:400267A6BC9405044D7A0683C560242892025B08
                    SHA-256:A721647494B401C9524010527991A9E0718B6C1CC92992E2F67FE1CD2F982168
                    SHA-512:E20E6FA6C1517F52D860749CC783763A091BEF6055D3CAD053DE2A5D5F5D24222E0BD587041471039952DDDFF196C5FC220684FA11CCD96D7F80159B08F209AD
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"040d7e5d-9c57-420a-9b56-330d900d06ee","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729432294464,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):294
                    Entropy (8bit):5.264631613379674
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HXHDHYjWaB5dJHdVoZcg1vRcR0YCMRRL2ieoAvJfBD2G6UpnrPeUkwRe9:YvXKXzY6KOZc0v1QtZGR22cUkee9
                    MD5:4399A78A059C3F9646C1786F552C77BF
                    SHA1:884E8C16B505545837D9BAE2C3B092554CFB4F30
                    SHA-256:10158D09297CF8ED532B9A5587F5AE1331E00B9AA32412BD4ED3EFEDB2F94F1F
                    SHA-512:ADF3DB4C060D843C117F35010744BDC5F0A7218E40CA52C62EAFA857EAD4DB9B19DC6DE0C05987387E44D748F878F0EBD1B8C5EDF321E5D25169810C1177129C
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"040d7e5d-9c57-420a-9b56-330d900d06ee","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729432294464,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):285
                    Entropy (8bit):5.320942274791852
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HXHDHYjWaB5dJHdVoZcg1vRcR0YCMRRL2ieoAvJfPmwrPeUkwRe9:YvXKXzY6KOZc0v1QtZGH56Ukee9
                    MD5:0709B46AA506B9537D571C475372FF06
                    SHA1:03AA01379255343DE1D921A4CD498E4799197106
                    SHA-256:D76731D66F74F0A7032ED62850FDB0336D792C57CB470782596BC110F89DDD33
                    SHA-512:68A8FD59DB879151B4CECED3BCED4E64CFFA9D42FC5796E419ACF63712F58FA3D65FE00366F601899F7C4D5E95A7794C5B938775FF6613146F5BED9F404FFCB3
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"040d7e5d-9c57-420a-9b56-330d900d06ee","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729432294464,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):1055
                    Entropy (8bit):5.6539472921178575
                    Encrypted:false
                    SSDEEP:24:Yv6XcOzv8+pLgEscLf7nnl0RCmK8czOCCSr:YvWE+hgGzaAh8cv/r
                    MD5:81DAB6EE610AD7536B0DF5239D576EED
                    SHA1:D2E4AD98B3403F349A8370A4694E5977ED97A8AA
                    SHA-256:A3148149214456B3DF35C62A0279E2B3952F4D6364C1842F9FEAAF7C3F14F7EF
                    SHA-512:20597168F5365D661042FFF3908A71A67EA3399785290CA653A9C3B090F7BE983932E0CB1E2A7E5A98A7D2B236F70E47784E6B7D89B1D6FD3686E4E9DE9EE196
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"040d7e5d-9c57-420a-9b56-330d900d06ee","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729432294464,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_1","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"eb1a4bce-8215-46f1-b44c-154b21a85d60","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingScheme":tr

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):1050
                    Entropy (8bit):5.6452112319223176
                    Encrypted:false
                    SSDEEP:24:Yv6XcOzv8oVLgEF0c7sbnl0RCmK8czOCYHflEpwiVy:YvWEoFg6sGAh8cvYHWpwr
                    MD5:2EF5E83C1683295871478D5B6E70A39C
                    SHA1:FD76FECECF06DCBC5DA5AA3F713A38588BE09C14
                    SHA-256:0E4686AD7B8A6C99D109AF5E4093165C277ED99AD5DB51113E0F5E980526C114
                    SHA-512:06DFCBC732D7F09E7DD2DE13F9AAFBA3BA650DD7BEEFEAEADDA36C25579F2D16264D24B1048418F9BC3A47B11871C6DB050531400D99E51DF39F7F88F98917B7
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"040d7e5d-9c57-420a-9b56-330d900d06ee","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729432294464,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):292
                    Entropy (8bit):5.269134009691594
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HXHDHYjWaB5dJHdVoZcg1vRcR0YCMRRL2ieoAvJfQ1rPeUkwRe9:YvXKXzY6KOZc0v1QtZGY16Ukee9
                    MD5:82A2667CF75D8C03E7BF4F73D628D35F
                    SHA1:38A856E3A3981EB6BC0E22C96F532648EBE36D0C
                    SHA-256:EACC930671B7B3A872235CE4102174192C3CBDDB7EDA12A3EC139BDB97EB428A
                    SHA-512:4C830E7851B76DCB74646FC29B7702E6A6D76E212CF25738783D1BC70F4DCA8A1EC414C5FD7773F65D2E9E33D53FC4CFCA4A304441637697025F8C6E2D76F002
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"040d7e5d-9c57-420a-9b56-330d900d06ee","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729432294464,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):1038
                    Entropy (8bit):5.6363687198119985
                    Encrypted:false
                    SSDEEP:24:Yv6XcOzv8t2LgEF7cciAXs0nl0RCmK8czOCAPtciBy:YvWEtogc8hAh8cvAs
                    MD5:D826380FC9542AAAF87578AC8E7BF76E
                    SHA1:54BBB25FE9CA88727D0F4F5C63042EFBAFB3568A
                    SHA-256:62017940D6344EC25EDCE62F88EC5489F15B56BA9F98E05626F517C6E6AA0696
                    SHA-512:51696DF48C597B2954B29688ED92454CBC3DA216F65D95D437E305B041C78CBED5B77F56A601DCB4818B12953CCE0E1307598D89C8569601235739760C048F46
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"040d7e5d-9c57-420a-9b56-330d900d06ee","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729432294464,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):1164
                    Entropy (8bit):5.695023675572577
                    Encrypted:false
                    SSDEEP:24:Yv6XcOzv8FKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5y:YvWEFEgqprtrS5OZjSlwTmAfSKQ
                    MD5:9898BC3548514AFB17093FD2418DB991
                    SHA1:1DE0F91C04B9B4F1214B874364952F9E2E1BD43E
                    SHA-256:5BF37E6A24983D7B0546AA21EFC9628CBE129029EB91C452E802CFB7E0F38F5F
                    SHA-512:A6C3ADD04EC36C00FD4FAB2D3C5CE0E27F791C1D40B6A7DD12EB4157C491753DA19AE88CA7AAFE9FB2A09D9EDF319348A3A9E04CC139812C91BF4406E4A1D91F
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"040d7e5d-9c57-420a-9b56-330d900d06ee","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729432294464,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):289
                    Entropy (8bit):5.270975322890406
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HXHDHYjWaB5dJHdVoZcg1vRcR0YCMRRL2ieoAvJfYdPeUkwRe9:YvXKXzY6KOZc0v1QtZGg8Ukee9
                    MD5:EE2ECBA9011173E13D40527A001707AD
                    SHA1:3CA7EF8E763065AA3F008326AF36FF3C3D80C3A4
                    SHA-256:F31A69AD8AA14AADBDAEDC4AF973E18CF6E513D5E0A3C1E233922A9E94D2DCFD
                    SHA-512:26B8CB3AC97580833C30F963188605D6B407CB5FDE1E9C52F5331E03018C959D0477176F73EF6459B46B2C302E2D5315396B1E1DA703DF494C26DCF451B8ECE2
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"040d7e5d-9c57-420a-9b56-330d900d06ee","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729432294464,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):1395
                    Entropy (8bit):5.768548654468393
                    Encrypted:false
                    SSDEEP:24:Yv6XcOzv84rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNa:YvWE4HgDv3W2aYQfgB5OUupHrQ9FJQ
                    MD5:4EB3326ADDE179599A336B0836E0D132
                    SHA1:FD0EC55265DC48D4E649F6908D38DD749BF1A9BD
                    SHA-256:23A1A342DD5F4915815941671895E71BE9B505077E60587DCBFD237C4EEF8F4C
                    SHA-512:F273DDBBD3AC5AD567D85265B02AEA6452C3D8D996CD59E389EAA3DFE1B9282E616CCD00C23E190B85C2F3091FDF928638C43A6581882CB28E85AC6175B33026
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"040d7e5d-9c57-420a-9b56-330d900d06ee","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729432294464,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):291
                    Entropy (8bit):5.254721902881175
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HXHDHYjWaB5dJHdVoZcg1vRcR0YCMRRL2ieoAvJfbPtdPeUkwRe9:YvXKXzY6KOZc0v1QtZGDV8Ukee9
                    MD5:B2F465978D211EEAF4B1C903AB90B224
                    SHA1:518B85D63EE178687C44932136B153DB6ECB43D5
                    SHA-256:938D498522B592248AC92B9CA1B99954725AE59300E1C322E835CDDCF716F140
                    SHA-512:B6573F65E0EE89CCDB6F91EE7DDABD03EED7CC4E4482239BDE07EED64D0367091C9D2EB8B643463A9604FFC823D502FDB4A64F192146A594CFB51D1847EE8C0C
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"040d7e5d-9c57-420a-9b56-330d900d06ee","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729432294464,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):287
                    Entropy (8bit):5.258657230031148
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HXHDHYjWaB5dJHdVoZcg1vRcR0YCMRRL2ieoAvJf21rPeUkwRe9:YvXKXzY6KOZc0v1QtZG+16Ukee9
                    MD5:194BDE8DFFF88FBCDBFE8467367288E3
                    SHA1:B1F2CF5467A8D9EAFFAEA5C0C465C432A705693B
                    SHA-256:33406ADAC12764D8E01ACDE704E62BCA3152558793B45498EE6275FB0F836483
                    SHA-512:611A14B1D3F7CFFFE424C018CF561947473DCA113B58095189FBD076AFD47EED602AD5511E7B5CAE57E0642458BDF33A8AC7C7829D1263014EE8BE2EEC57BC1E
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"040d7e5d-9c57-420a-9b56-330d900d06ee","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729432294464,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):1026
                    Entropy (8bit):5.622176739016289
                    Encrypted:false
                    SSDEEP:24:Yv6XcOzv8iamXayLgE7cMCBNaqnl0RCmK8czOC/BSr:YvWE8BgACBOAh8cvMr
                    MD5:A6B97EB079FCA3E7A9E95BA7C1C7BA17
                    SHA1:DD5DBE9D32F3A61BB84565ACFFB5E540B9A0C39A
                    SHA-256:429B5602F292D7122311CD0265C56A893C7C16DC355A09BA9AE0E134B2E144F3
                    SHA-512:211BF3FCF0837AC1829CFFF45AE4051C121D0ACBCBA38A1BF288EC77D78B567D4402B87F58F5182889CB0AF402863B8FD15A65E6F98F57E5856D79638D5021EF
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"040d7e5d-9c57-420a-9b56-330d900d06ee","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729432294464,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_0","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"6291f52b-6cb0-4d31-bc46-37ce85e9eb25","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1751323379000,"s

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):286
                    Entropy (8bit):5.233223386865374
                    Encrypted:false
                    SSDEEP:6:YEQXJ2HXHDHYjWaB5dJHdVoZcg1vRcR0YCMRRL2ieoAvJfshHHrPeUkwRe9:YvXKXzY6KOZc0v1QtZGUUUkee9
                    MD5:19D42D74FF79D2B923FD75F1084E9F53
                    SHA1:2A17819E2FA2EFA0D659F27419A1526979C2CEC2
                    SHA-256:1C2C232B49C5DBBBC511020398C88952E62711F4CEE1C857F287DAB5650DD742
                    SHA-512:9E2DD8A83629DED457A3D83802B19E9C9EAEDFB7DA0C86369D8420D1C76AD0915DED6479B6862D47777164D89EAE03BA82ABF3D0264F07E861601FA19868DDD0
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"040d7e5d-9c57-420a-9b56-330d900d06ee","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729432294464,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):782
                    Entropy (8bit):5.355603795864809
                    Encrypted:false
                    SSDEEP:12:YvXKXzY6KOZc0v1QtZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWm:Yv6XcOzv81168CgEXX5kcIfANhr
                    MD5:83311A7BDA7EF657F5E45A4AB603587C
                    SHA1:19296295F3B6D5741CF00C87AB95FC6C9AF3CD0A
                    SHA-256:00B9413275B619841DCE2B1B4112DAA1DDAFD4BFD4ACAE4826C9059910B5DE63
                    SHA-512:7CE6085F8045747B2793E169D61BB2D86C6D707C1E8E0470B8923B8CC8C48D8E0E7F9BB5A683F9F947147AF84B3FE581DDA3661AADA6E2CC042B2402649EBFF0
                    Malicious:false
                    Preview:{"analyticsData":{"responseGUID":"040d7e5d-9c57-420a-9b56-330d900d06ee","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729432294464,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1729257229498}}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):4
                    Entropy (8bit):0.8112781244591328
                    Encrypted:false
                    SSDEEP:3:e:e
                    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                    Malicious:false
                    Preview:....

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):2818
                    Entropy (8bit):5.127043308146634
                    Encrypted:false
                    SSDEEP:24:YfBtEdVkip6tVGa02mHayKVDr/3JUV4E3VRC3/nVUooNVLfVJM+qdV/PJ+VobB48:YfBtJk0r/3A0gVna/PlkmJcgVXeOX9h
                    MD5:F1D30E3317D3DF4349009C89EBDB19F5
                    SHA1:8E854F1E238410ACEE3464E7374092E3F2635F40
                    SHA-256:3637B5B4CE9AE1ACED4D45AA63B1B864B624EF043203926D560A2C48436C05D9
                    SHA-512:CB0E46129146C9B622AE9332EEC5520766A9D08D84534FEC6C73C3BEB39D6B47AE6A3AED60E7B97868708DCF3878BC35EE3B5833623EF03271A58411816BF3FE
                    Malicious:false
                    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"3658f164d97e2a5ce5856019403258db","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1729257229000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"07f23f5db61d86f5015952be1a4769bc","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1729257229000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"d04c0ca722525f4020d98cc507029414","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1026,"ts":1729257229000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"a61dac74f17eb1d9be841e7f47ee798e","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1055,"ts":1729257229000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"5fd620d3d2d11257563181d85ff03e81","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1729257229000},{"id":"Edit_InApp_Aug2020","info":{"dg":"00f7914a99779901534a8663a6c77061","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                    Category:dropped
                    Size (bytes):12288
                    Entropy (8bit):1.1873192237421348
                    Encrypted:false
                    SSDEEP:48:TGufl2GL7msEHUUUUUUUUSUhSvR9H9vxFGiDIAEkGVvpmUF:lNVmswUUUUUUUUSUh+FGSItSUF
                    MD5:F55C23444821A6C89A61D46E3F22BB36
                    SHA1:7B8A74FA189E631EDCC61145AF4F623CA65C2D65
                    SHA-256:7DBE64722EF669C9DDDF6936069F7724A5D4751E0DA09DDFF1881D7DE6F237A1
                    SHA-512:E5F1DA188C236D9F5D9C7D10991FAF2476DCC3ABB539A54C22E7B14F58476F2FEAF5917686415C73F9245CECD59AE556A220504E514C243DC64647FC1C50716D
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite Rollback Journal
                    Category:dropped
                    Size (bytes):8720
                    Entropy (8bit):1.6034114428473074
                    Encrypted:false
                    SSDEEP:48:7MXKUUUUUUUUUUSUpvR9H9vxFGiDIAEkGVvwqFl2GL7msr:7hUUUUUUUUUUSUNFGSItqKVmsr
                    MD5:B0C6C06288FADD14A2CFD0B955F8B8D2
                    SHA1:3D9E6F80AE753A3D6FE0E34636A5841FAAD767BE
                    SHA-256:DF0A20FB6929A00972BF437C1F0747F016F0FBC4D6723DA13950D648ABC825D0
                    SHA-512:0FF11BF65DEBDE3A0470D76F347050AB12DEF931AFB0653D03273DDD2C812CBA8392FE850D54B9AE0048B2DBA9FD4301CD032364D07D02DA94EC7A40D9E544A1
                    Malicious:false
                    Preview:.... .c.....n7.v......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\MSI2637b.LOG

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):246
                    Entropy (8bit):3.529459928009153
                    Encrypted:false
                    SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8sKRasw:Qw946cPbiOxDlbYnuRKSQ
                    MD5:43EFB73DE58414B1F217B09D1F71A11F
                    SHA1:26B3F3D86E8D82BD834763C94B74E76BBE86A863
                    SHA-256:99DBF566FBC55614102D99736349664388FA959A2E8C75E705BDAACF415414E4
                    SHA-512:017EFE3DBA2C0B6158A0F620964EEC82EDDCA82A853F569B321CA4E9BEF960A76491A9E42D3E2D533B32D42FEE4FF307D688138DD8BFB5E492B45941F74EAAFE
                    Malicious:false
                    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.8./.1.0./.2.0.2.4. . .0.9.:.1.3.:.4.8. .=.=.=.....

                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-18 09-13-42-710.log

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:ASCII text, with very long lines (393)
                    Category:dropped
                    Size (bytes):16525
                    Entropy (8bit):5.345946398610936
                    Encrypted:false
                    SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                    MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                    SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                    SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                    SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                    Malicious:false
                    Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:ASCII text, with very long lines (393), with CRLF line terminators
                    Category:dropped
                    Size (bytes):15114
                    Entropy (8bit):5.338827978009275
                    Encrypted:false
                    SSDEEP:384:SOwfYmFlQt4+VkpzI027/ZSS2pMpGyOwZS+dvbdAxoGeoAzzFEmZdodI106HOA4z:0Bl
                    MD5:EFE7893E462057E468718E07BAEBBF12
                    SHA1:EF0F5092CAD6ECAC6E71F317B32480ECD0B9C3DF
                    SHA-256:AD7368323AC13F6086E1B09758E1B0635FBD4FE3FD3EC1BBE0FEA738CDAE78C6
                    SHA-512:C17A5890819B8CC9D5EB640CF69333921C2C6A69625C7A1E54EF6A5B60E43A1F5345088F7A09F6EBA8FB03087C6B186941E86B8FC7690A9311385F2389525619
                    Malicious:false
                    Preview:SessionID=db256224-45b3-4df0-bd72-0ab78bef9d09.1729257222749 Timestamp=2024-10-18T09:13:42:749-0400 ThreadID=1272 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=db256224-45b3-4df0-bd72-0ab78bef9d09.1729257222749 Timestamp=2024-10-18T09:13:42:751-0400 ThreadID=1272 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=db256224-45b3-4df0-bd72-0ab78bef9d09.1729257222749 Timestamp=2024-10-18T09:13:42:751-0400 ThreadID=1272 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=db256224-45b3-4df0-bd72-0ab78bef9d09.1729257222749 Timestamp=2024-10-18T09:13:42:751-0400 ThreadID=1272 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=db256224-45b3-4df0-bd72-0ab78bef9d09.1729257222749 Timestamp=2024-10-18T09:13:42:751-0400 ThreadID=1272 Component=ngl-lib_NglAppLib Description="SetConf

                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):29752
                    Entropy (8bit):5.392147547540374
                    Encrypted:false
                    SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2ru:C
                    MD5:3E99D21CE7CAF378C8DCD22EC090E77C
                    SHA1:F9BBC14A0482A29EDFB9D3CAB21D1C7BFCDA9818
                    SHA-256:C3897AF2DA2C70B73BD7B54AACB19110DCD11FECA3AFB0A497A5D70DE04EF804
                    SHA-512:34433FC7C9A840824140AB21783EDD5AAD02E46119D238F586A303D9985CA46E4BD116D4EAD3C8C65C3D55FD5779DFB602692D46A3DCE2DED38E493BBCBA23F0
                    Malicious:false
                    Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                    C:\Users\user\AppData\Local\Temp\acrocef_low\7d93cc9f-635e-4e4b-99c8-61dd7b1f4075.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                    Category:dropped
                    Size (bytes):1407294
                    Entropy (8bit):7.97605879016224
                    Encrypted:false
                    SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                    MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                    SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                    SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                    SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                    Malicious:false
                    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                    C:\Users\user\AppData\Local\Temp\acrocef_low\a3c585e6-cb84-40fb-b418-7e19df104f37.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                    Category:dropped
                    Size (bytes):1419751
                    Entropy (8bit):7.976496077007677
                    Encrypted:false
                    SSDEEP:24576:/VR9WL07oXGZnYIGNPJNdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:tR9WLxXGZnZGh3mlind9i4ufFXpAXkru
                    MD5:9D85D4B75E446857CE3D750299B2AF1A
                    SHA1:3CD9576D0A07B9E4454F4FF4DDF8D18EFBB764B4
                    SHA-256:D3C44F50FD2912C92DAF009689B221515709E00C839A8DA425078C96F2D6053A
                    SHA-512:1C63A091EF404FC446F1A789D33258FE9F6AD25C80375CADADF0829BC5DCD70A16A8E30E664D0A02F39E7A3D10B9E56AD7F9CA9D733A877726C1DD043B14842F
                    Malicious:false
                    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                    C:\Users\user\AppData\Local\Temp\acrocef_low\cfae7385-994b-46eb-83c6-ce3821df1268.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                    Category:dropped
                    Size (bytes):386528
                    Entropy (8bit):7.9736851559892425
                    Encrypted:false
                    SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                    MD5:5C48B0AD2FEF800949466AE872E1F1E2
                    SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                    SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                    SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                    Malicious:false
                    Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                    C:\Users\user\AppData\Local\Temp\acrocef_low\ffcffb80-9e84-4d07-ac2f-65219f7e0244.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                    Category:dropped
                    Size (bytes):758601
                    Entropy (8bit):7.98639316555857
                    Encrypted:false
                    SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                    MD5:3A49135134665364308390AC398006F1
                    SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                    SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                    SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                    Malicious:false
                    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                    Static File Info

                    General

                    File type:PDF document, version 1.7
                    Entropy (8bit):7.99828278964409
                    TrID:
                    • Adobe Portable Document Format (5005/1) 100.00%
                    File name:PPI Submittal.pdf
                    File size:7'218'070 bytes
                    MD5:c5e6ae17541577544d9c46e54544a51c
                    SHA1:b1afa092b7ce35f99f71a8c4814c5e708aa424e4
                    SHA256:1ee9855f10e199576a49f318eed6f3a3bd4fb523b4a28464cc28c5ad6b14cfed
                    SHA512:6a0532f0ba0f0901284ac0dfbca1ec8397d615ede4bc6aa5d6626860a85a1926197229b303a28c625e9d6a8df64754555e97584c18f186af418566884049e6cf
                    SSDEEP:196608:btw/jcfc7NnjwX7lBPMg3a5/i5M5XE9xA4x4tYu43P3YOO:hw/kWnYrEgS/4MgInft
                    TLSH:5F7633A376BF2119D8CA0E82FD0536E1264553E32D5A196238B0C9CE3C7CDF1B255EE6
                    File Content Preview:%PDF-1.7.%.....50 0 obj.<<./Filter /FlateDecode./Length 2574./N 3.>>.stream.H...yTSw...o......c.[....5la...Q.I...BH..AD..ED...2.mtFOE...c...}....0..8......8G.Ng......9.w..........'....0......J.....b..... ...2y..-;!....K.Z.....^..i."L..0...-....@.8.(..r.;q

                    File Icon

                    Icon Hash:62cc8caeb29e8ae0

                    Static PDF Info

                    General

                    Header:%PDF-1.7
                    Total Entropy:7.998283
                    Total Bytes:7218070
                    Stream Entropy:7.999470
                    Stream Bytes:7121144
                    Entropy outside Streams:5.126044
                    Bytes outside Streams:96926
                    Number of EOF found:1
                    Bytes after EOF:

                    Keywords Statistics

                    NameCount
                    obj479
                    endobj478
                    stream477
                    endstream477
                    xref0
                    trailer0
                    startxref1
                    /Page0
                    /Encrypt0
                    /ObjStm4
                    /URI0
                    /JS0
                    /JavaScript0
                    /AA1
                    /OpenAction0
                    /AcroForm0
                    /JBIG2Decode0
                    /RichMedia0
                    /Launch0
                    /EmbeddedFile0

                    Image Streams

                    IDDHASHMD5Preview
                    6900000000000000002d1a08bf4f7c46e21560dbcbeae812c2
                    740000000000000000edbb2e0a21a75e330050d55da5661992
                    81000000000040404086fd7931bfb9bc7adfa9e14cc36c5dc0
                    850000000000000000b9e0eeda240f5af30e379ecb142ea005
                    950000000000000000e5ca6ff758c47b8d478fb2ae78b5cfc6

                    Network Behavior

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Oct 18, 2024 15:13:52.745395899 CEST49748443192.168.2.496.7.168.138
                    Oct 18, 2024 15:13:52.745444059 CEST4434974896.7.168.138192.168.2.4
                    Oct 18, 2024 15:13:52.745635033 CEST49748443192.168.2.496.7.168.138
                    Oct 18, 2024 15:13:52.745906115 CEST49748443192.168.2.496.7.168.138
                    Oct 18, 2024 15:13:52.745918989 CEST4434974896.7.168.138192.168.2.4
                    Oct 18, 2024 15:13:53.460637093 CEST4434974896.7.168.138192.168.2.4
                    Oct 18, 2024 15:13:53.460937023 CEST49748443192.168.2.496.7.168.138
                    Oct 18, 2024 15:13:53.460949898 CEST4434974896.7.168.138192.168.2.4
                    Oct 18, 2024 15:13:53.461957932 CEST4434974896.7.168.138192.168.2.4
                    Oct 18, 2024 15:13:53.462033987 CEST49748443192.168.2.496.7.168.138
                    Oct 18, 2024 15:13:53.522110939 CEST49748443192.168.2.496.7.168.138
                    Oct 18, 2024 15:13:53.522274017 CEST4434974896.7.168.138192.168.2.4
                    Oct 18, 2024 15:13:53.522320032 CEST49748443192.168.2.496.7.168.138
                    Oct 18, 2024 15:13:53.563411951 CEST4434974896.7.168.138192.168.2.4
                    Oct 18, 2024 15:13:53.568546057 CEST49748443192.168.2.496.7.168.138
                    Oct 18, 2024 15:13:53.568556070 CEST4434974896.7.168.138192.168.2.4
                    Oct 18, 2024 15:13:53.615411043 CEST49748443192.168.2.496.7.168.138
                    Oct 18, 2024 15:13:53.646457911 CEST4434974896.7.168.138192.168.2.4
                    Oct 18, 2024 15:13:53.646549940 CEST4434974896.7.168.138192.168.2.4
                    Oct 18, 2024 15:13:53.646874905 CEST49748443192.168.2.496.7.168.138
                    Oct 18, 2024 15:13:53.647228003 CEST49748443192.168.2.496.7.168.138
                    Oct 18, 2024 15:13:53.647228003 CEST49748443192.168.2.496.7.168.138
                    Oct 18, 2024 15:13:53.647250891 CEST4434974896.7.168.138192.168.2.4
                    Oct 18, 2024 15:13:53.647311926 CEST49748443192.168.2.496.7.168.138

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Oct 18, 2024 15:13:48.285828114 CEST5347653192.168.2.41.1.1.1

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Oct 18, 2024 15:13:48.285828114 CEST192.168.2.41.1.1.10xb78fStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Oct 18, 2024 15:13:48.293494940 CEST1.1.1.1192.168.2.40xb78fNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • armmf.adobe.com

                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.44974896.7.168.1384437208C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    TimestampBytes transferredDirectionData
                    2024-10-18 13:13:53 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                    Host: armmf.adobe.com
                    Connection: keep-alive
                    Accept-Language: en-US,en;q=0.9
                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                    Sec-Fetch-Site: same-origin
                    Sec-Fetch-Mode: no-cors
                    Sec-Fetch-Dest: empty
                    Accept-Encoding: gzip, deflate, br
                    If-None-Match: "78-5faa31cce96da"
                    If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                    2024-10-18 13:13:53 UTC198INHTTP/1.1 304 Not Modified
                    Content-Type: text/plain; charset=UTF-8
                    Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                    ETag: "78-5faa31cce96da"
                    Date: Fri, 18 Oct 2024 13:13:53 GMT
                    Connection: close


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:09:13:39
                    Start date:18/10/2024
                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\PPI Submittal.pdf"
                    Imagebase:0x7ff6bc1b0000
                    File size:5'641'176 bytes
                    MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:1
                    Start time:09:13:40
                    Start date:18/10/2024
                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                    Imagebase:0x7ff74bb60000
                    File size:3'581'912 bytes
                    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:3
                    Start time:09:13:40
                    Start date:18/10/2024
                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1552,i,9938820051784610952,14837667456933209763,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                    Imagebase:0x7ff74bb60000
                    File size:3'581'912 bytes
                    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    Disassembly

                    No disassembly