Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Declaratie 147379 - Exter B.V. - Exter DSM.pdf

Overview

General Information

Sample name:Declaratie 147379 - Exter B.V. - Exter DSM.pdf
Analysis ID:1541153
MD5:cb4810250c6e6aadac1c9a9f8999f46c
SHA1:ce55b6c83d7d6ccb6307dbab3ec17d42872494b3
SHA256:094e423e7aa1aeadc7df3d206ba7737a92665c53a73c02eeb8b7df505855c870
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 3672 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Declaratie 147379 - Exter B.V. - Exter DSM.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 5668 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7192 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1624,i,18207051628461340091,6838274000774451513,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.8:49724
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.8:49724
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.8:49724
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.8:49724
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.8:49724
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.8:49724
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.8:49724
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.8:49724
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.8:49724
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.8:49724
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.8:49724
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.8:49724 -> 96.7.168.138:443
Source: Joe Sandbox ViewIP Address: 96.7.168.138 96.7.168.138
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: classification engineClassification label: clean2.winPDF@14/47@1/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4508Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-24 08-11-03-476.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Declaratie 147379 - Exter B.V. - Exter DSM.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1624,i,18207051628461340091,6838274000774451513,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1624,i,18207051628461340091,6838274000774451513,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Declaratie 147379 - Exter B.V. - Exter DSM.pdfInitial sample: PDF keyword /JS count = 0
Source: Declaratie 147379 - Exter B.V. - Exter DSM.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Declaratie 147379 - Exter B.V. - Exter DSM.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1541153 Sample: Declaratie 147379 - Exter B... Startdate: 24/10/2024 Architecture: WINDOWS Score: 2 14 x1.i.lencr.org 2->14 16 bg.microsoft.map.fastly.net 2->16 7 Acrobat.exe 20 62 2->7         started        process3 process4 9 AcroCEF.exe 109 7->9         started        process5 11 AcroCEF.exe 6 9->11         started        dnsIp6 18 96.7.168.138, 443, 49724 INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR United States 11->18

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		unknown
    x1.i.lencr.org
    		unknown
    		unknownfalse
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
      • URL Reputation: safe
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      96.7.168.138
      		unknownUnited States
      		262589INTERNEXABRASILOPERADORADETELECOMUNICACOESSABRfalse

      General Information

      Joe Sandbox version:41.0.0 Charoite
      Analysis ID:1541153
      Start date and time:2024-10-24 14:09:37 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 4m 39s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:defaultwindowspdfcookbook.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:13
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:Declaratie 147379 - Exter B.V. - Exter DSM.pdf
      Detection:CLEAN
      Classification:clean2.winPDF@14/47@1/1
      EGA Information:Failed
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 0
      • Number of non-executed functions: 0
      Cookbook Comments:
      • Found application associated with file extension: .pdf
      • Found PDF document
      • Close Viewer

      Warnings

      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 184.28.88.176, 23.22.254.206, 54.227.187.23, 52.5.13.197, 52.202.204.11, 162.159.61.3, 172.64.41.3, 2.23.197.184, 199.232.214.172, 2.19.126.143, 2.19.126.149
      • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
      • Not all processes where analyzed, report is missing behavior information
      • VT rate limit hit for: Declaratie 147379 - Exter B.V. - Exter DSM.pdf

      Simulations

      Behavior and APIs

      TimeTypeDescription
      08:11:09API Interceptor2x Sleep call for process: AcroCEF.exe modified

      LLM Input / Output

      InputOutput
      URL: PDF document Model: claude-3-haiku-20240307
      ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Wegens juridische werkzaamheden in de maand augustus 2024;",
  "prominent_button_name": "unknown",
  "text_input_field_labels": [
    "Honorarium",
    "Subtotaal",
    "Btw 21% over  440,00",
    "Door u te voldoen"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
      URL: PDF document Model: claude-3-haiku-20240307
      ```json
{
  "brands": [
    "Vondst"
  ]
}

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      96.7.168.138Demande de proposition du CPE Les Coquins.pdfGet hashmaliciousUnknownBrowse
        Airbornemx Benefits Enrollment.pdfGet hashmaliciousHTMLPhisherBrowse
          Scan_8346203.pdfGet hashmaliciousUnknownBrowse
            Jwhite Pay Increase EFile997843.pdfGet hashmaliciousUnknownBrowse
              roba.txtGet hashmaliciousMeterpreter, ReflectiveLoaderBrowse
                Inv No.248730.xlsGet hashmaliciousUnknownBrowse
                  ddsfsfsa.pdfGet hashmaliciousUnknownBrowse
                    v2.0.pdfGet hashmaliciousUnknownBrowse
                      Xfab BENEFIT ENROLLMENT GUIDE 2024.pdfGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                        Project_Proposal_Review_and_Approval13617.pdfGet hashmaliciousUnknownBrowse

                          Domains

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          bg.microsoft.map.fastly.nethttps://1drv.ms/o/c/3e563d3fb2a98d1c/Emlo5KUbYYNEvKtIF-7SS0EBYSeT3hOOGuv_MbeT-n2y4g?e=HPjqUnGet hashmaliciousHtmlDropperBrowse
                          • 199.232.214.172
                          praxisbackup.exeGet hashmaliciousUnknownBrowse
                          • 199.232.210.172
                          http://74.248.121.8/d/msdownload/update/software/defu/2024/10/updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe?cacheHostOrigin=au.download.windowsupdate.comGet hashmaliciousUnknownBrowse
                          • 199.232.214.172
                          1863415243647.exeGet hashmaliciousAgentTeslaBrowse
                          • 199.232.214.172
                          11625182393171315806.jsGet hashmaliciousStrela DownloaderBrowse
                          • 199.232.210.172
                          68767783000729717.jsGet hashmaliciousStrela DownloaderBrowse
                          • 199.232.210.172
                          17233137582802518545.jsGet hashmaliciousStrela DownloaderBrowse
                          • 199.232.210.172
                          197524037151051602.jsGet hashmaliciousStrela DownloaderBrowse
                          • 199.232.210.172
                          https://t.co/yXelyYqHRkGet hashmaliciousUnknownBrowse
                          • 199.232.210.172
                          https://linkednnn.weebly.com/Get hashmaliciousUnknownBrowse
                          • 199.232.214.172

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          INTERNEXABRASILOPERADORADETELECOMUNICACOESSABRDemande de proposition du CPE Les Coquins.pdfGet hashmaliciousUnknownBrowse
                          • 96.7.168.138
                          Airbornemx Benefits Enrollment.pdfGet hashmaliciousHTMLPhisherBrowse
                          • 96.7.168.138
                          Scan_8346203.pdfGet hashmaliciousUnknownBrowse
                          • 96.7.168.138
                          Jwhite Pay Increase EFile997843.pdfGet hashmaliciousUnknownBrowse
                          • 96.7.168.138
                          roba.txtGet hashmaliciousMeterpreter, ReflectiveLoaderBrowse
                          • 96.7.168.138
                          Inv No.248730.xlsGet hashmaliciousUnknownBrowse
                          • 96.7.168.138
                          MDE_File_Sample_1a8e4ebbcc2e3f76efb2a55bb6179417263ebf3d.zipGet hashmaliciousUnknownBrowse
                          • 96.7.169.183
                          bin.armv7l.elfGet hashmaliciousMiraiBrowse
                          • 201.33.178.44
                          ddsfsfsa.pdfGet hashmaliciousUnknownBrowse
                          • 96.7.168.138
                          armv4l.elfGet hashmaliciousUnknownBrowse
                          • 200.220.215.193

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.121923154409694
                          Encrypted:false
                          SSDEEP:6:+oWGVd4q2PCHhJ2nKuAl9OmbnIFUt8toWGVnJZmw+toWGVnDkwOCHhJ2nKuAl9Oe:lWGsvBHAahFUt8+WGL/++WGB56HAaSJ
                          MD5:AAD510A37AAD50ED0C9434300F8454AC
                          SHA1:0C7B819B3F31758C3BB30C1F8EC5FF7DF61EC45B
                          SHA-256:F65AF610A83D0F2DA8830E61310D3476EDA5BC599541564710972BBB25049648
                          SHA-512:1CC5F6C4045CFD3156DCC541182CB1F37CC1976258904B97B11B3FBDF487321BDF435C363B717BDE1E782F1AC5551FD72E43293863A9736E4A17CDE8E7649531
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/24-08:11:01.170 1b80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/24-08:11:01.172 1b80 Recovering log #3.2024/10/24-08:11:01.172 1b80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.121923154409694
                          Encrypted:false
                          SSDEEP:6:+oWGVd4q2PCHhJ2nKuAl9OmbnIFUt8toWGVnJZmw+toWGVnDkwOCHhJ2nKuAl9Oe:lWGsvBHAahFUt8+WGL/++WGB56HAaSJ
                          MD5:AAD510A37AAD50ED0C9434300F8454AC
                          SHA1:0C7B819B3F31758C3BB30C1F8EC5FF7DF61EC45B
                          SHA-256:F65AF610A83D0F2DA8830E61310D3476EDA5BC599541564710972BBB25049648
                          SHA-512:1CC5F6C4045CFD3156DCC541182CB1F37CC1976258904B97B11B3FBDF487321BDF435C363B717BDE1E782F1AC5551FD72E43293863A9736E4A17CDE8E7649531
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/24-08:11:01.170 1b80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/24-08:11:01.172 1b80 Recovering log #3.2024/10/24-08:11:01.172 1b80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):338
                          Entropy (8bit):5.1425913836310295
                          Encrypted:false
                          SSDEEP:6:+oWGVdV4q2PCHhJ2nKuAl9Ombzo2jMGIFUt8toWGV3PNJZmw+toWGV3PNDkwOCHV:lWGbWvBHAa8uFUt8+WGlX/++WGlF56HA
                          MD5:CC45D23FC123663190D979A75F27F6A1
                          SHA1:0B630F1B203CA4A42E6F1B1425006FD4FF9979C9
                          SHA-256:7AB7EDD517A1DFB2FDA0A9B92CDD488601CEC17532A71D6F5B0DE4A1F4EE38E5
                          SHA-512:1845C17771ADC1A9F0C9C24380D86CC114FCEC326A01306246A491237D7583B6147D6896A68DEDA162A9E9223A0765A78A47CCB8A997F8010C808E129D3B6D82
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/24-08:11:01.254 1c44 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/24-08:11:01.256 1c44 Recovering log #3.2024/10/24-08:11:01.256 1c44 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):338
                          Entropy (8bit):5.1425913836310295
                          Encrypted:false
                          SSDEEP:6:+oWGVdV4q2PCHhJ2nKuAl9Ombzo2jMGIFUt8toWGV3PNJZmw+toWGV3PNDkwOCHV:lWGbWvBHAa8uFUt8+WGlX/++WGlF56HA
                          MD5:CC45D23FC123663190D979A75F27F6A1
                          SHA1:0B630F1B203CA4A42E6F1B1425006FD4FF9979C9
                          SHA-256:7AB7EDD517A1DFB2FDA0A9B92CDD488601CEC17532A71D6F5B0DE4A1F4EE38E5
                          SHA-512:1845C17771ADC1A9F0C9C24380D86CC114FCEC326A01306246A491237D7583B6147D6896A68DEDA162A9E9223A0765A78A47CCB8A997F8010C808E129D3B6D82
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/24-08:11:01.254 1c44 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/24-08:11:01.256 1c44 Recovering log #3.2024/10/24-08:11:01.256 1c44 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):475
                          Entropy (8bit):4.964572325322009
                          Encrypted:false
                          SSDEEP:12:YH/um3RA8sqRYSsBdOg2HEcaq3QYiub6P7E4T3y:Y2sRds9dMHX3QYhbS7nby
                          MD5:D25A82831FBAAB53DA0A9FF676399C18
                          SHA1:350EFB0B2B56CC8B0F650B34B59C0A705A4B2309
                          SHA-256:F20CB8DC5F98FBEB8B0AB91BDABB2A1D09EF0D927241321034284592013693E3
                          SHA-512:973F779D5A631FDE2CD2270522EBAF78B50D2CE3130638500641750F4099E7DDBEAA58B73E9696DE4240823AC03E768CF890CBF42932F815324ECDBE1DFE7A61
                          Malicious:false
                          Reputation:low
                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341054937965898","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146333},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.8","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF3f92b8.TMP (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):475
                          Entropy (8bit):4.964572325322009
                          Encrypted:false
                          SSDEEP:12:YH/um3RA8sqRYSsBdOg2HEcaq3QYiub6P7E4T3y:Y2sRds9dMHX3QYhbS7nby
                          MD5:D25A82831FBAAB53DA0A9FF676399C18
                          SHA1:350EFB0B2B56CC8B0F650B34B59C0A705A4B2309
                          SHA-256:F20CB8DC5F98FBEB8B0AB91BDABB2A1D09EF0D927241321034284592013693E3
                          SHA-512:973F779D5A631FDE2CD2270522EBAF78B50D2CE3130638500641750F4099E7DDBEAA58B73E9696DE4240823AC03E768CF890CBF42932F815324ECDBE1DFE7A61
                          Malicious:false
                          Reputation:low
                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341054937965898","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146333},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.8","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a3077105-57fa-49c2-9a2f-237344705b39.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):475
                          Entropy (8bit):4.964572325322009
                          Encrypted:false
                          SSDEEP:12:YH/um3RA8sqRYSsBdOg2HEcaq3QYiub6P7E4T3y:Y2sRds9dMHX3QYhbS7nby
                          MD5:D25A82831FBAAB53DA0A9FF676399C18
                          SHA1:350EFB0B2B56CC8B0F650B34B59C0A705A4B2309
                          SHA-256:F20CB8DC5F98FBEB8B0AB91BDABB2A1D09EF0D927241321034284592013693E3
                          SHA-512:973F779D5A631FDE2CD2270522EBAF78B50D2CE3130638500641750F4099E7DDBEAA58B73E9696DE4240823AC03E768CF890CBF42932F815324ECDBE1DFE7A61
                          Malicious:false
                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341054937965898","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146333},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.8","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\ddc4509a-daea-4306-9d74-bc88cb7fce2b.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:modified
                          Size (bytes):475
                          Entropy (8bit):4.964435627287755
                          Encrypted:false
                          SSDEEP:12:YH/um3RA8sqCWsBdOg2HpVcaq3QYiub6P7E4T3y:Y2sRdsL7dMHpU3QYhbS7nby
                          MD5:4B26BED9BEE624446CDEB94BCC119674
                          SHA1:B077FF05B7BEE72A439E04596CCA8AEF932D9C6D
                          SHA-256:C24545CD1712447AB0BC41E53E801108A369ECA554196741E392057248CD1E52
                          SHA-512:5145D45E6DCD275C33DFCCC334BD8FE84DB4DF9D44EE11B52C27FCC15C74A6077214D7A9F454E12FB7F3807FF6E59D56430EB041D99F4A248C040D8A4744671B
                          Malicious:false
                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374331873064699","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":233476},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.8","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):4288
                          Entropy (8bit):5.229207651851834
                          Encrypted:false
                          SSDEEP:96:S4bz5vsZ4CzSAsfTxiVud4TxY0CIOr3MCWO3VxBaw+b70hve30hZ:S43C4mS7fFi0KFYDjr3LWO3V3aw+bIhF
                          MD5:28F903BB5E646F6BD53988FD4964F1B9
                          SHA1:025DDA36032D60C2045571537E44FD6B74FEFCF1
                          SHA-256:EFBC7141D41B817F4DE102B53970AD59F8910ABA13ECE2066ECBADBD7D853A19
                          SHA-512:E15AB3212B38DF3B8DAF980E24C6A31414FCA2F5D9156EAC627FCD18B470CDA09D460B1ACF091E7A4309F29BBF38568D30A06B31FC567CEE49EA656090C45BD1
                          Malicious:false
                          Preview:*...#................version.1..namespace-8..|o................next-map-id.1.Pnamespace-656dc224_0825_4dad_892f_a4fe9098071c-https://rna-resource.acrobat.com/.0...dr................next-map-id.2.Snamespace-ef12e1ab_9f14_41d7_aae3_3f05adf09ebc-https://rna-v2-resource.acrobat.com/.1....r................next-map-id.3.Snamespace-07eb38e9_046b_46c4_bd67_b1578df56145-https://rna-v2-resource.acrobat.com/.2.$..o................next-map-id.4.Pnamespace-f0c0a73c_e89b_42d5_bb63_4f8a3b04cf3a-https://rna-resource.acrobat.com/.3+...^...............Pnamespace-656dc224_0825_4dad_892f_a4fe9098071c-https://rna-resource.acrobat.com/....^...............Pnamespace-f0c0a73c_e89b_42d5_bb63_4f8a3b04cf3a-https://rna-resource.acrobat.com/T.3.a...............Snamespace-ef12e1ab_9f14_41d7_aae3_3f05adf09ebc-https://rna-v2-resource.acrobat.com/.U..a...............Snamespace-07eb38e9_046b_46c4_bd67_b1578df56145-https://rna-v2-resource.acrobat.com/.$..o................next-map-id.5.Pnamespace-c66013b9_73b6_4b3f_b279_

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):326
                          Entropy (8bit):5.150138699248812
                          Encrypted:false
                          SSDEEP:6:+oWGVocuE4q2PCHhJ2nKuAl9OmbzNMxIFUt8toWGVoJZmw+toWGV1DkwOCHhJ2nv:lWGwvBHAa8jFUt8+WGI/++WGb56HAa8E
                          MD5:BBDBD8421E3F3EF77F8D885004EA999D
                          SHA1:9B6D75B56A83A37E2829E26509DDC444C0AF00F3
                          SHA-256:D71311D019DE8CED259CA217E65A1F720975669020AEC356CF5BE3CE741C30EF
                          SHA-512:30FAC9372F2E1D4087791C783136C0921D4B6B8387D7023055A3BE16CAAAF0B795765D80CAAF735AF6DB57B72C2F1C708265452C80ED9D44A05D8A89558EB2F9
                          Malicious:false
                          Preview:2024/10/24-08:11:02.189 1c44 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/24-08:11:02.199 1c44 Recovering log #3.2024/10/24-08:11:02.215 1c44 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):326
                          Entropy (8bit):5.150138699248812
                          Encrypted:false
                          SSDEEP:6:+oWGVocuE4q2PCHhJ2nKuAl9OmbzNMxIFUt8toWGVoJZmw+toWGV1DkwOCHhJ2nv:lWGwvBHAa8jFUt8+WGI/++WGb56HAa8E
                          MD5:BBDBD8421E3F3EF77F8D885004EA999D
                          SHA1:9B6D75B56A83A37E2829E26509DDC444C0AF00F3
                          SHA-256:D71311D019DE8CED259CA217E65A1F720975669020AEC356CF5BE3CE741C30EF
                          SHA-512:30FAC9372F2E1D4087791C783136C0921D4B6B8387D7023055A3BE16CAAAF0B795765D80CAAF735AF6DB57B72C2F1C708265452C80ED9D44A05D8A89558EB2F9
                          Malicious:false
                          Preview:2024/10/24-08:11:02.189 1c44 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/24-08:11:02.199 1c44 Recovering log #3.2024/10/24-08:11:02.215 1c44 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241024121105Z-157.bmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                          Category:dropped
                          Size (bytes):65110
                          Entropy (8bit):0.8019627179226868
                          Encrypted:false
                          SSDEEP:48:PX/8mPwVjNK4MtKza7/qhOXMtKF4tjs2+sntVt7dmt771Fh7b1q6q++i5p1Kald4:/5wvMLMc4l3SVxKiP1VlCaRxQVw/Toz7
                          MD5:1D93E002166026E8A4380955176DA0BA
                          SHA1:CC47329714582207CA7F86641589FC929B8F33D8
                          SHA-256:79A6603CDF9DA24D72D02DF56CF0BF34B48292F5BB0D9CD7DE57D12EFCDB3067
                          SHA-512:7A2566D47C7E8BA3441FA8A683CB5C5D9781CB79FEDB7CFA318C2E33D8DACBD9D22C82F494FB6A66122B21B32ADEB8F72CC3FF665BB19E72129C8D71DFFFF978
                          Malicious:false
                          Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:Certificate, Version=3
                          Category:dropped
                          Size (bytes):1391
                          Entropy (8bit):7.705940075877404
                          Encrypted:false
                          SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                          MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                          SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                          SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                          SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                          Malicious:false
                          Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                          Category:dropped
                          Size (bytes):71954
                          Entropy (8bit):7.996617769952133
                          Encrypted:true
                          SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                          MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                          SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                          SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                          SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                          Malicious:false
                          Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):192
                          Entropy (8bit):2.7673182398396405
                          Encrypted:false
                          SSDEEP:3:kkFklq2KkNttfllXlE/HT8kzr/hlXNNX8RolJuRdxLlGB9lQRYwpDdt:kKzFkPeT86r/RNMa8RdWBwRd
                          MD5:503E676D8C7E4F7E74629D7084DB795B
                          SHA1:8D042951DC248B1E1BCEDEEDE6DF63BBA6C480C7
                          SHA-256:DF973AF28E518B92BB8A7BE1E82F0D6BCD4FAACC7C78CDFEF377AC5C3190BED8
                          SHA-512:CC6031BF67B9064BDC297F25384E4FD8317DBFDCD923797775662056F477D050D5D454D17DFA27E6A94CE50DD9F2104906E7AA451110DC07FAE265BC38454C00
                          Malicious:false
                          Preview:p...... ........Y.V..&..(....................................................... ..........W...................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):328
                          Entropy (8bit):3.247897867253902
                          Encrypted:false
                          SSDEEP:6:kKBlL9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:JkDImsLNkPlE99SNxAhUe/3
                          MD5:B67B1B04F42D81EEF5554BE10DFD4B87
                          SHA1:DF986F55E995409F24A5E69B542FF107A595B2E8
                          SHA-256:7FF83B8073E905FBAED8D753725A2226D501675CC6D4EB747E6A7ABA92D72025
                          SHA-512:0AE74DC2A1A1B9B10E25786B6E8D6193A532FD73DC4977142CB2ACA265E1D6DE07E14A2CD7CC5CC955F754384F2D60A937998F646CC44497D602E895D2005018
                          Malicious:false
                          Preview:p...... .............&..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4508

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):185099
                          Entropy (8bit):5.182478651346149
                          Encrypted:false
                          SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                          MD5:94185C5850C26B3C6FC24ABC385CDA58
                          SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                          SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                          SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                          Malicious:false
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):185099
                          Entropy (8bit):5.182478651346149
                          Encrypted:false
                          SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                          MD5:94185C5850C26B3C6FC24ABC385CDA58
                          SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                          SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                          SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                          Malicious:false
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):227002
                          Entropy (8bit):3.392780893644728
                          Encrypted:false
                          SSDEEP:1536:qKPC4iyzDtrh1cK3XEiv07VK/3AYvYwgF/rRoL+sn:XPCaL/3AYvYwglFoL+sn
                          MD5:27094DF6D14B4D6728D59FFC4E31294B
                          SHA1:CC768A8693F9C122496C2BE949E13F0C36AE7888
                          SHA-256:B26846BECCDB3792F05A996D2863C7A1D286BD9F997DBC2112604EBDD206FEAC
                          SHA-512:681F8D3F21AF1B1898F6572DB44AE92CF2AF56B3E8C9421C679DF0962A6CABE44753A5327368DAB97BC9AF997EFD86B803847285BB64F427196C65C8B0348BE8
                          Malicious:false
                          Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):295
                          Entropy (8bit):5.338129986073696
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXQCH3lHYvB3/dVlPIHAR0YhMR8DoAvJM3g98kUwPeUkwRe9:YvXKXVlHYvR/ZwHAVMusGMbLUkee9
                          MD5:168EEC34814DFB8685AAD36E13C2DD43
                          SHA1:39BED427123B6CA868E159DDD8BD688EF258683F
                          SHA-256:452ABAE1D1247E92C313D7166C775F51EC46CDCBF7B7B2E83B1AE2953645EC83
                          SHA-512:74025CAF39EA2927C7287740D67B436190F8044C7D2E7D4043266D3B77E4E20A1E99FD1A95384036EDB886E13AE4877D6B358DE677F8BBDE1278A82990F17787
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"529e89fa-791a-4918-a39f-db0209ba7753","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1729944940104,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.274578883462081
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXQCH3lHYvB3/dVlPIHAR0YhMR8DoAvJfBoTfXpnrPeUkwRe9:YvXKXVlHYvR/ZwHAVMusGWTfXcUkee9
                          MD5:4D1D075CCE8BD3CB7B12493EA94587C9
                          SHA1:D48984CF52A46B52BC2241CBD1972435268E87F2
                          SHA-256:4A28D31CCC036D6A7858E34853527645FC6A02069A3CE32592A1BB1B789877B4
                          SHA-512:8BD4217959F4FE5E31A892D29E27C0D3DEC15B243589A8BB350F750FBEE04F5D65271990C76BE55BA0607471F137B0A7A305AD994C52F635DDD76BB95B1F4729
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"529e89fa-791a-4918-a39f-db0209ba7753","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1729944940104,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.253776631431286
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXQCH3lHYvB3/dVlPIHAR0YhMR8DoAvJfBD2G6UpnrPeUkwRe9:YvXKXVlHYvR/ZwHAVMusGR22cUkee9
                          MD5:5DFAA762FB18F463A679C6B8724E2EBD
                          SHA1:1B983424AFD9EB9932C71CFEB1556A042F88C10D
                          SHA-256:34E0AA0441990B9D6D9359F4BEED7467F4E5C917B72AFFA58ACAB94748B1BC9D
                          SHA-512:FB3EA906155C08052885E794E0D6DB8957FEB2D010ABF39520B67813518FADC6FFBC2B695AB32A14164BB2583806AB0A3DFF26B84E4378BD6316B2967420CF33
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"529e89fa-791a-4918-a39f-db0209ba7753","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1729944940104,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):285
                          Entropy (8bit):5.314193150154308
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXQCH3lHYvB3/dVlPIHAR0YhMR8DoAvJfPmwrPeUkwRe9:YvXKXVlHYvR/ZwHAVMusGH56Ukee9
                          MD5:874D40F79880E774539FD21C08E496C1
                          SHA1:5A3F42DB91A2CDE40D1394C662A4F200C8C98166
                          SHA-256:1228E7DC78F54F2C3875299812F9CEC5C1512B4BD1E4CFDE6823DCAA87BA2C24
                          SHA-512:D525AD3EE0BA4722F49FDA94AE6CF44E976325E52D7F09452CF90EE115F1E2F4B24A67B432886E6BB50A2974F3BB585479D4276F1BB93F9F378F6A9801BAC19F
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"529e89fa-791a-4918-a39f-db0209ba7753","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1729944940104,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1055
                          Entropy (8bit):5.663040679943687
                          Encrypted:false
                          SSDEEP:24:Yv6Xv4JhfpLgEscLf7nnl0RCmK8czOCCS3S:YvpJhfhgGzaAh8cv/3S
                          MD5:54679E96C6FCECA0A7E5D4AABCCA0A6F
                          SHA1:AB4123DC0B856A1007CBE1C88BECDB1B1553C877
                          SHA-256:7CF2A5FC3682EF400FD127F9D11663B81F6F9519247F96977CD596BE31955641
                          SHA-512:9AF9B8977C02506AC6300DB3B054F49EB7E915E5B034BA667A5FE79F6A3A473E81C9A8A0809B8CAF3D2DFFEB633BE05A6D5795094B619ADD2C02EB3A5EBC7A7D
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"529e89fa-791a-4918-a39f-db0209ba7753","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1729944940104,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_1","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"eb1a4bce-8215-46f1-b44c-154b21a85d60","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingScheme":tr

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1050
                          Entropy (8bit):5.655795685546793
                          Encrypted:false
                          SSDEEP:24:Yv6Xv4JhDVLgEF0c7sbnl0RCmK8czOCYHflEpwiVkS:YvpJhDFg6sGAh8cvYHWpw3S
                          MD5:3011FBB654C493A3FC1DBF2ECDC4555F
                          SHA1:D4C16F28593F5B8F8D3E1793065574FF440DF706
                          SHA-256:5193A14E4A3429EA4D9BF5DB1E9BC2A213E19D587484F6EE05821C56EC31E801
                          SHA-512:0D1FE50D33FCDB1F158650F3E0300470E9C9509F0BD4C577927116DD7AEE807DFD9122355F280EA1750C024567B947C9169D2D146AC6E2ED59FB41A6390221C8
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"529e89fa-791a-4918-a39f-db0209ba7753","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1729944940104,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):292
                          Entropy (8bit):5.263647997773834
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXQCH3lHYvB3/dVlPIHAR0YhMR8DoAvJfQ1rPeUkwRe9:YvXKXVlHYvR/ZwHAVMusGY16Ukee9
                          MD5:DEB6D012B6AA612D0A1C7D06BE2FA799
                          SHA1:304D35B30A792AF4B11ABA0D6A00FD4575D4A8A6
                          SHA-256:C2A08C641665D82A5F79B3CA820F2032858516EFB93D46F84F783C065AFD92FA
                          SHA-512:383C6720826819384EE5222BB84AF813A2B409C8448BE9483A12787CD9444FC4C07CAA21EA31D9AB4C0620ED22944352AEAB92693507BC9BFF457BC04DF8FD70
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"529e89fa-791a-4918-a39f-db0209ba7753","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1729944940104,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1038
                          Entropy (8bit):5.649705924798479
                          Encrypted:false
                          SSDEEP:24:Yv6Xv4JhS2LgEF7cciAXs0nl0RCmK8czOCAPtciBkS:YvpJhSogc8hAh8cvAiS
                          MD5:5B907255F63C19C597A3133B7842E94B
                          SHA1:FF185901B71250D65E535152625F0D576811F99B
                          SHA-256:C59D82C1B83F62ABBABD1B950F42F11CDF9E4FFC896E74A2C4031FE1F5D8133D
                          SHA-512:0ED6DE1707C0927F6288D7C88B4FE3D00C842A249446EA75B94C7A41DD7C2FB3473BC73840D5CD3D3A181C1B65EB17E867737BE374D43AFA7A205D43D0621E8A
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"529e89fa-791a-4918-a39f-db0209ba7753","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1729944940104,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1164
                          Entropy (8bit):5.700050031021931
                          Encrypted:false
                          SSDEEP:24:Yv6Xv4JhOKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5kS:YvpJhOEgqprtrS5OZjSlwTmAfSK2S
                          MD5:8D6CCEC0E9291FAB94A121BDA6F4A2B4
                          SHA1:57451BA0A89B7E363D8D7F365EBE35D0EFF6641E
                          SHA-256:65DC8A9AAE5E8FD22F818E65DE241F9523E785FB8C25E28C7ABD5EA3374CC970
                          SHA-512:9DD36CF2E03B5428D657BAB2EA66333AB33F8F794997B0899D21EE9E13FF66FBF2DC8C7E94932D971BAF242363775A4A1F0211B455048423BEA0DA370ED1BB47
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"529e89fa-791a-4918-a39f-db0209ba7753","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1729944940104,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):289
                          Entropy (8bit):5.272115160916455
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXQCH3lHYvB3/dVlPIHAR0YhMR8DoAvJfYdPeUkwRe9:YvXKXVlHYvR/ZwHAVMusGg8Ukee9
                          MD5:614CA7861CEAA25C6CF7036D730D137A
                          SHA1:0DD4E0398C26E1DEA9FAB4DCE3CA13CD14DA1CD7
                          SHA-256:5962E9CD25001BF9E8833E7D21F95D42E7476CC1E1D9CE6C4B070BE4CABA7363
                          SHA-512:D11B0F2CEB6539F101967043ACC430405FA1073A9F94140ED0F3D37F8A1F71670F6FA326324A65764A91F401ED0F153BA536A5A96FB27FC1576D5BC12503016A
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"529e89fa-791a-4918-a39f-db0209ba7753","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1729944940104,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1395
                          Entropy (8bit):5.772706891906669
                          Encrypted:false
                          SSDEEP:24:Yv6Xv4JhFrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNMS:YvpJhFHgDv3W2aYQfgB5OUupHrQ9FJ2S
                          MD5:C424F2A49F0AE279D46822DE52C3659E
                          SHA1:95900035F9860D29A9CDDB20B4181B885B4F6A54
                          SHA-256:1C9144BB525194AE17D4D4220064C2CBD7E5F9FCAD69A242FC8BFC9D69C8A997
                          SHA-512:CE50350A176C98A8459EB7F6865279ABC65826C3D4F868696827BB6B41BD696FB9E0AE6E4C6F84CFE03238B8D3E6E8DF887B5B8D33C74C7736C390EF5C469525
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"529e89fa-791a-4918-a39f-db0209ba7753","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1729944940104,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):291
                          Entropy (8bit):5.255853906968899
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXQCH3lHYvB3/dVlPIHAR0YhMR8DoAvJfbPtdPeUkwRe9:YvXKXVlHYvR/ZwHAVMusGDV8Ukee9
                          MD5:A642FF1F5AC6A88A4A15B5F51AE8F1AC
                          SHA1:03AA1CBB2515FEFBFDCF0126A63D2A296C77DD05
                          SHA-256:4357CA66F725DADD6EE7CF341501BB09562DA5400811EB5CB8BDE50A43256D56
                          SHA-512:6E4D4E2B9F3963A762D563870C95041C2BD7CE3F5308EE1485B8A91B8B64A9F2D3BBDD31802BA6D03AE02814736019FCEEF2F08B70F4D88AEED60C58CBABE444
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"529e89fa-791a-4918-a39f-db0209ba7753","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1729944940104,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):287
                          Entropy (8bit):5.255086165148519
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXQCH3lHYvB3/dVlPIHAR0YhMR8DoAvJf21rPeUkwRe9:YvXKXVlHYvR/ZwHAVMusG+16Ukee9
                          MD5:8E40D9E2A79AA53DE702B821EC9DB32D
                          SHA1:DD9AB5ADCFAF8A6FC4237BBA608E55247471154F
                          SHA-256:88589E9F17620B378C7BCD5033BB519BBB4B0780F12DA4A66610C0C0EF8C703E
                          SHA-512:2DA7E06A8B1C846523BDC8CBF34403DDEAE8BED67574B63BB0689268AE6FB2089DF4750B7320611AA1BA2664D29AD6B27B632845F1C3461ABDC0D777B4530E9D
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"529e89fa-791a-4918-a39f-db0209ba7753","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1729944940104,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1026
                          Entropy (8bit):5.634029853673597
                          Encrypted:false
                          SSDEEP:24:Yv6Xv4JhHamXayLgE7cMCBNaqnl0RCmK8czOC/BS3S:YvpJhfBgACBOAh8cvM3S
                          MD5:CF1C2D2A91FCDE38C09E5B4B7488F738
                          SHA1:218630BE8CB4710B4382A2B7811E9147421A7A4C
                          SHA-256:037DA36F36D0BE3C08D6CA0B54B4E187D5A8B8D67DCE9D629AACF27D9F32E28E
                          SHA-512:3A1AF406041BDEE51E964FDBD0E3A6FD3FE668C589CECFFFCA1CB8D49ED32BCC3955F0AC695F78F4F9AAA41328DB782D87A9E2EE3D847565AC6A0784373B73A5
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"529e89fa-791a-4918-a39f-db0209ba7753","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1729944940104,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_0","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"6291f52b-6cb0-4d31-bc46-37ce85e9eb25","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1751323379000,"s

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):286
                          Entropy (8bit):5.229737545266029
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXQCH3lHYvB3/dVlPIHAR0YhMR8DoAvJfshHHrPeUkwRe9:YvXKXVlHYvR/ZwHAVMusGUUUkee9
                          MD5:F291A6CEFA49C4CC0DC1A9FB4D207922
                          SHA1:A860FE2E4F2B2AC642BB06B9C47471498FD852B3
                          SHA-256:926B102BFAFEB803632DFD9B64E5AD43F481BE89ED74C95883622422F3D80E9B
                          SHA-512:74E38916770921C2BBA42230938D1D378468BD2B553D9E49B074FCEF50CE4D077BF75EED430B69FCB1FCCDCA31B0B6A549F3B72D6D85FDC85259EEB065B2F749
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"529e89fa-791a-4918-a39f-db0209ba7753","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1729944940104,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):782
                          Entropy (8bit):5.364995851300005
                          Encrypted:false
                          SSDEEP:12:YvXKXVlHYvR/ZwHAVMusGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWL:Yv6Xv4Jhs168CgEXX5kcIfANh3S
                          MD5:7681DCFE7433D47750AEDA4FF24075B8
                          SHA1:E16750C44FA396562625905C9FA9A95BA0ABCC0C
                          SHA-256:C85572172B07828786555B383A8B839FAAA4BEA539C60E4878FABFBAEF370B40
                          SHA-512:B8CCFC2B6156D72C5B9CF7C6BBD82F342F1B22819462596A6F8B3AD24B8F7912EE043ECF65A99997403D8AF93B5DDCECA5F5D546A199DA7E57E7C857E637C36D
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"529e89fa-791a-4918-a39f-db0209ba7753","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1729944940104,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1729771870164}}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):4
                          Entropy (8bit):0.8112781244591328
                          Encrypted:false
                          SSDEEP:3:e:e
                          MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                          SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                          SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                          SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                          Malicious:false
                          Preview:....

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):2818
                          Entropy (8bit):5.131959142394226
                          Encrypted:false
                          SSDEEP:48:YTTgqNp4JqBB89UBqW+8pVP4SJvrUz9KZ:KUqNeJUG9MqW+4g+ohKZ
                          MD5:BCEAE372FC649D5D46F2AC7F90CE035C
                          SHA1:0AB69835D6B353F9CA436A0475223CC285D044F8
                          SHA-256:697771CAF4F270737CC91A7F050B545CDBDFDB871E90EDF480C2C8D9B6F0705A
                          SHA-512:FAAD02C97A8DED1BB55DAB5570EF2BA5C82083EAC639C1857858A2152C67B17484D23A727E3FA6D1E56B70EB50E5DCD12AA7D4E8BC4B211282F976814DB05855
                          Malicious:false
                          Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"00e72e4646612380886502dc2f440189","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1729771869000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"5487905ea49ea9da52433ee4aad8c575","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1729771869000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"b61dd9c2be111bf9cdeea44645098d6f","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1026,"ts":1729771869000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"ec1f846243b8d23bfbdbcac568412ff9","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1055,"ts":1729771869000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"69d50b38bde0f92e109f1097920a9705","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1729771869000},{"id":"Edit_InApp_Aug2020","info":{"dg":"a0a7a52aa2cf052b188a7d2c7e0b649c","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                          Category:dropped
                          Size (bytes):12288
                          Entropy (8bit):1.3168184204208406
                          Encrypted:false
                          SSDEEP:24:TLKufx/XYKQvGJF7urs9Ohn07oz7oF0Hl0FopUEiP66UEiPbnPnNknNMeQ3itqVp:TGufl2GL7ms9WR1CPmPbPahQEypilIqS
                          MD5:1A54D2B2E91DE1EE0D0B84AF8B173F58
                          SHA1:FEB7E041D24764160A9ED4AA88F7000DDEF86CFF
                          SHA-256:3D8C5FE3583F4653F7AC6F6B2BCEAF32DED60267A833842653BB8A5E86EB37BE
                          SHA-512:D8F033486CCA40290BC69A058E0F81213AE730D7BE2FABD0C3FC4F3E7D808E64FFC086F1B015B854F5A1377C9F50666214FD8306FD33882108E8A0D06FBF7625
                          Malicious:false
                          Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite Rollback Journal
                          Category:dropped
                          Size (bytes):8720
                          Entropy (8bit):1.7809556609107904
                          Encrypted:false
                          SSDEEP:24:7+tglhn07oz7oF0Hl0FopUEiP66UEiPbnPnNknNMeQ3i4qVpaVrScVr0InQqLhxh:7MHWR1CPmPbPahQhypilIpqFl2GL7msT
                          MD5:62D0BB28D6AC3FA1165B538EDE3D6632
                          SHA1:FE4F7F3BD2BD6187B08DCA24A8095C03C9CD2EC1
                          SHA-256:AF3BC7F1432980A8113F747881858E075C40B09598022952BD7B7D70C56A0463
                          SHA-512:F98E4BF026CA60C9893B2BA96A34308E7BA2FEF4843021C72044C6F792E5913240E4FE0E421A5A47DDCD7EDB9DCAC4B9B023009F7520442CBCFCD4E0397FA7C0
                          Malicious:false
                          Preview:.... .c.....w.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^..^.^.^.^.^.^.^.p.p.p.p.p.p.p.p.p.p..........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Temp\MSIf5512.LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):246
                          Entropy (8bit):3.5030768995714583
                          Encrypted:false
                          SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8cjglE:Qw946cPbiOxDlbYnuRKH3
                          MD5:4C01736BC18D94AFDC2D824438D52650
                          SHA1:46FD5816CB5107294D7D0AB036C7D00008888188
                          SHA-256:0E0093E0D09E9F5D7A98BE0758062361DF6EAB06BB486EAECACF4DBBEE8AC33B
                          SHA-512:927065C50B1A413918319A2C2240B56BB20BF3566224BCC4502AC362649571D113E1B6DB4288B753BD73429A64216F9A36521DCA6270588CCD2515237725369D
                          Malicious:false
                          Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.1.0./.2.0.2.4. . .0.8.:.1.1.:.0.8. .=.=.=.....

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-24 08-11-03-476.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with very long lines (393)
                          Category:dropped
                          Size (bytes):16525
                          Entropy (8bit):5.33860678500249
                          Encrypted:false
                          SSDEEP:384:IC2heaVGJMUPhP80d0Wc+9eG/CCihFomva7RVRkfKhZmWWyC7rjgNgXo6ge5iaW0:X8B
                          MD5:C3FEDB046D1699616E22C50131AAF109
                          SHA1:C9EEA5A1A16BD2CD8154E8C308C8A336E990CA8D
                          SHA-256:EA948BAC75D609B74084113392C9F0615D447B7F4AACA78D818205503EACC3FD
                          SHA-512:845CDB5166B35B39215A051144452BEF9161FFD735B3F8BD232FB9A7588BA016F7939D91B62E27D6728686DFA181EFC3F3CC9954B2EDAB7FC73FCCE850915185
                          Malicious:false
                          Preview:SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:080+0200 ThreadID=6832 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_NglAppLib Description="SetConfig:

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with very long lines (393), with CRLF line terminators
                          Category:dropped
                          Size (bytes):16603
                          Entropy (8bit):5.314644243585369
                          Encrypted:false
                          SSDEEP:384:nKEXeXpXGX8XfQFeQnQmQUQPQlQsmpmVTXTrsisusRsQsJMsOZZmy+KwKMK69WQu:nDOZ2sPEeQTDewtQ6rHxxOJDnZo1LLNe
                          MD5:8FDA7EDFA22C678CCA94BB43A9BFA479
                          SHA1:E49C26235C53F4791671EFAFA05BB1CE16FCC885
                          SHA-256:FE59B7D44FA3724E02B7A76F44ADB51BF09CC08A3806DC2809AB2A5583BFF640
                          SHA-512:34E00BE2EFB4FD96EFE54E1115991F9D46279EE90B961C90C6BA4D4130B6708A8B706D8C3D2FC4A50486B4B113653D67B285F72C8D4EF9F5838EEE5C6539072C
                          Malicious:false
                          Preview:SessionID=7e97fbc2-2724-40da-84ec-60b417211ac9.1729771863490 Timestamp=2024-10-24T08:11:03:490-0400 ThreadID=7744 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=7e97fbc2-2724-40da-84ec-60b417211ac9.1729771863490 Timestamp=2024-10-24T08:11:03:491-0400 ThreadID=7744 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=7e97fbc2-2724-40da-84ec-60b417211ac9.1729771863490 Timestamp=2024-10-24T08:11:03:491-0400 ThreadID=7744 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=7e97fbc2-2724-40da-84ec-60b417211ac9.1729771863490 Timestamp=2024-10-24T08:11:03:491-0400 ThreadID=7744 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=7e97fbc2-2724-40da-84ec-60b417211ac9.1729771863490 Timestamp=2024-10-24T08:11:03:491-0400 ThreadID=7744 Component=ngl-lib_NglAppLib Description="SetConf

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):29752
                          Entropy (8bit):5.404549877136299
                          Encrypted:false
                          SSDEEP:768:nLxxtShUxQo/KLgJKLZQBSlddR8TsKLnRs4umeBS3dnKLdR5:I
                          MD5:60A142E6EE464E24ACC8BDAB4EC038D3
                          SHA1:CCBB8DE011A4068591714DF1151699BB95CB719E
                          SHA-256:4C9FAB87837077F9348E58C21779B1B19CE557C1C021FCB883ED7A3C608C672F
                          SHA-512:B5654B654EA36D5DA07F68B7F8601015C884CCAC694F2E5F85B8B91DE874AE55AB0D674072683B9F524FF3652CBEB36E1E3B4E9B102F915618C8D3329E0E93B5
                          Malicious:false
                          Preview:05-10-2023 10:18:29:.---2---..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 10:18:29:.Closing File..05-10-

                          C:\Users\user\AppData\Local\Temp\acrocef_low\2a2ebc55-c12e-4ca6-9686-1ee5dd93265b.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                          Category:dropped
                          Size (bytes):758601
                          Entropy (8bit):7.98639316555857
                          Encrypted:false
                          SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                          MD5:3A49135134665364308390AC398006F1
                          SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                          SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                          SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                          Malicious:false
                          Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                          C:\Users\user\AppData\Local\Temp\acrocef_low\5273b4b2-a6d7-4430-808e-9c50c0dd230f.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                          Category:dropped
                          Size (bytes):1419751
                          Entropy (8bit):7.976496077007677
                          Encrypted:false
                          SSDEEP:24576:GP7ouWLYZwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:BuWLYZwZGuGZn3mlind9i4ufFXpAXkru
                          MD5:217ABC57FA3F0D90BF80A43AC782AB59
                          SHA1:FB0F16B823FA9B34F7F8B104A429C0768BE56121
                          SHA-256:837573D29AD478BA777C839D363206CA89E1E71B6740489FEA59E40E6CD866B0
                          SHA-512:7EC28AAC22713E12794374556BD2776DE1DAFB723181C2A12A8CD7A5F3FAC66DB3CF06A7AD36D4AAA3F974F8E1EA3FEB809CBAE43752F56E849ED5A6AAD9BE9B
                          Malicious:false
                          Preview:...........}.s.H....W`E.........M9h...q..p......%..!q.p....~..2......DlWtW!)?_.|....?..?.s.w1.i..G...h6.]..y...p..m.b..N..rr..F..Xc...l.4.."..Q.... hL.p......s...x6..:.....x.~.6.Q..~......~b7..k.l......Yc.G[....hY3...C..n..|.'6......i4f...,.."...O.b...x..,..jgc..bTn....,u.F..0......V.K,u..p....X.wAap...+.G..v....i.z...E.Rj8.a.r..<@.q.'...!.4..]...|..3...-.2...`...4..i...w......$0D.....i./a......Z.]..e.mj..c}.?.....o......c...W..+....c...W...?8...n.......U..7..O........@....'...^.z..=.m....o.o<..~....... ...C{......w.m.h.-Q...6.(..uk/w!...Z..n.....p.U........T^w..[....1l...../i......0..1U|}../xS}.q..B|.......h>....S....g...A.s6.=.&....~.\.......-N.p...._.xex.....}.r..q$..<.S;l=. ..P..55;....[.}.T......d.p..vd'vl.].DN..o...................D...].......I}.t...D`?..n.A.zT..:@.`S5.K..,R....h...XzT....F..Xt...R...+N.....ee...P...F+C.....dq...r..5..aP.zY....c.f/..Pn...:f.>.Z..s.+.......7...O.C.#..6.....=.K.5{.%6,..Z.....DqZ.4....g-%.p..n...\

                          C:\Users\user\AppData\Local\Temp\acrocef_low\54eb0025-b04c-4a71-a4af-a08f99b55f11.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                          Category:dropped
                          Size (bytes):386528
                          Entropy (8bit):7.9736851559892425
                          Encrypted:false
                          SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                          MD5:5C48B0AD2FEF800949466AE872E1F1E2
                          SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                          SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                          SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                          Malicious:false
                          Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                          C:\Users\user\AppData\Local\Temp\acrocef_low\5c07850b-c976-4c3a-a37b-aa13ec213f0b.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                          Category:dropped
                          Size (bytes):1407294
                          Entropy (8bit):7.97605879016224
                          Encrypted:false
                          SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                          MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                          SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                          SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                          SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                          Malicious:false
                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                          Static File Info

                          General

                          File type:PDF document, version 1.7, 2 pages
                          Entropy (8bit):6.71052628906673
                          TrID:
                          • Adobe Portable Document Format (5005/1) 100.00%
                          File name:Declaratie 147379 - Exter B.V. - Exter DSM.pdf
                          File size:192'510 bytes
                          MD5:cb4810250c6e6aadac1c9a9f8999f46c
                          SHA1:ce55b6c83d7d6ccb6307dbab3ec17d42872494b3
                          SHA256:094e423e7aa1aeadc7df3d206ba7737a92665c53a73c02eeb8b7df505855c870
                          SHA512:a7d1b3216216f088c942a2762e6deae87096083d30d7d9af3af2ebe5a54d7acaf4876da816cf683b4eacdfdc44e38f423b805a47487f96c4c5b5678363d9f59c
                          SSDEEP:1536:izm9/IWRX5SMml8E6ixMFGUzBF1fTY1y0KOHhgaFK3BVro3HgM8V1vvUunncMeA4:TVZ+sOa5OyAOo8V1vCb1i4/
                          TLSH:7214C363DD888A5BF11687BEFA237C79225E7266F6C7B3F104381CEB4A51401AD87079
                          File Content Preview:%PDF-1.7.%.....1 0 obj.<<./Type /Pages./Count 2./Kids [ 4 0 R 22 0 R ].>>.endobj.2 0 obj.<<./Producer (Legalsense\040\050www\056legalsense\056nl\051)./Author ()./CreationDate (D\07220240913095131\05501\04700\047)./Creator (\050unspecified\051)./Keywords (

                          File Icon

                          Icon Hash:62cc8caeb29e8ae0

                          Static PDF Info

                          General

                          Header:%PDF-1.7
                          Total Entropy:6.710526
                          Total Bytes:192510
                          Stream Entropy:6.724240
                          Stream Bytes:179154
                          Entropy outside Streams:4.378816
                          Bytes outside Streams:13356
                          Number of EOF found:1
                          Bytes after EOF:

                          Keywords Statistics

                          NameCount
                          obj33
                          endobj33
                          stream12
                          endstream12
                          xref1
                          trailer1
                          startxref1
                          /Page2
                          /Encrypt0
                          /ObjStm0
                          /URI0
                          /JS0
                          /JavaScript0
                          /AA0
                          /OpenAction0
                          /AcroForm0
                          /JBIG2Decode0
                          /RichMedia0
                          /Launch0
                          /EmbeddedFile0

                          Image Streams

                          IDDHASHMD5Preview
                          18010100000000000b25d801fb1492547b0fd0a54292943fcc
                          3301010000000000006975824d0a75d6b0b1bbc34eaffee976

                          Network Behavior

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Oct 24, 2024 14:11:13.791143894 CEST49724443192.168.2.896.7.168.138
                          Oct 24, 2024 14:11:13.791177034 CEST4434972496.7.168.138192.168.2.8
                          Oct 24, 2024 14:11:13.791336060 CEST49724443192.168.2.896.7.168.138
                          Oct 24, 2024 14:11:13.791716099 CEST49724443192.168.2.896.7.168.138
                          Oct 24, 2024 14:11:13.791732073 CEST4434972496.7.168.138192.168.2.8
                          Oct 24, 2024 14:11:14.511929035 CEST4434972496.7.168.138192.168.2.8
                          Oct 24, 2024 14:11:14.512294054 CEST49724443192.168.2.896.7.168.138
                          Oct 24, 2024 14:11:14.512306929 CEST4434972496.7.168.138192.168.2.8
                          Oct 24, 2024 14:11:14.513442993 CEST4434972496.7.168.138192.168.2.8
                          Oct 24, 2024 14:11:14.513509035 CEST49724443192.168.2.896.7.168.138
                          Oct 24, 2024 14:11:14.564537048 CEST49724443192.168.2.896.7.168.138
                          Oct 24, 2024 14:11:14.564718008 CEST4434972496.7.168.138192.168.2.8
                          Oct 24, 2024 14:11:14.564743996 CEST49724443192.168.2.896.7.168.138
                          Oct 24, 2024 14:11:14.611341000 CEST4434972496.7.168.138192.168.2.8
                          Oct 24, 2024 14:11:14.614310026 CEST49724443192.168.2.896.7.168.138
                          Oct 24, 2024 14:11:14.614322901 CEST4434972496.7.168.138192.168.2.8
                          Oct 24, 2024 14:11:14.661176920 CEST49724443192.168.2.896.7.168.138
                          Oct 24, 2024 14:11:14.687745094 CEST4434972496.7.168.138192.168.2.8
                          Oct 24, 2024 14:11:14.687835932 CEST4434972496.7.168.138192.168.2.8
                          Oct 24, 2024 14:11:14.688045979 CEST49724443192.168.2.896.7.168.138
                          Oct 24, 2024 14:11:14.688358068 CEST49724443192.168.2.896.7.168.138
                          Oct 24, 2024 14:11:14.688369036 CEST4434972496.7.168.138192.168.2.8
                          Oct 24, 2024 14:11:14.688380957 CEST49724443192.168.2.896.7.168.138
                          Oct 24, 2024 14:11:14.688431978 CEST49724443192.168.2.896.7.168.138

                          UDP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Oct 24, 2024 14:11:08.971493006 CEST5786353192.168.2.81.1.1.1

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Oct 24, 2024 14:11:08.971493006 CEST192.168.2.81.1.1.10x91aeStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Oct 24, 2024 14:11:08.980535030 CEST1.1.1.1192.168.2.80x91aeNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                          Oct 24, 2024 14:11:10.043135881 CEST1.1.1.1192.168.2.80xe013No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                          Oct 24, 2024 14:11:10.043135881 CEST1.1.1.1192.168.2.80xe013No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

                          HTTP Request Dependency Graph

                          • armmf.adobe.com

                          HTTPS Proxied Packets

                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.84972496.7.168.1384437192C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          TimestampBytes transferredDirectionData
                          2024-10-24 12:11:14 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                          Host: armmf.adobe.com
                          Connection: keep-alive
                          Accept-Language: en-US,en;q=0.9
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                          Sec-Fetch-Site: same-origin
                          Sec-Fetch-Mode: no-cors
                          Sec-Fetch-Dest: empty
                          Accept-Encoding: gzip, deflate, br
                          If-None-Match: "78-5faa31cce96da"
                          If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                          2024-10-24 12:11:14 UTC198INHTTP/1.1 304 Not Modified
                          Content-Type: text/plain; charset=UTF-8
                          Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                          ETag: "78-5faa31cce96da"
                          Date: Thu, 24 Oct 2024 12:11:14 GMT
                          Connection: close


                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:0
                          Start time:08:11:00
                          Start date:24/10/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Declaratie 147379 - Exter B.V. - Exter DSM.pdf"
                          Imagebase:0x7ff6e8200000
                          File size:5'641'176 bytes
                          MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:2
                          Start time:08:11:00
                          Start date:24/10/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                          Imagebase:0x7ff79c940000
                          File size:3'581'912 bytes
                          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:4
                          Start time:08:11:01
                          Start date:24/10/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1624,i,18207051628461340091,6838274000774451513,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                          Imagebase:0x7ff79c940000
                          File size:3'581'912 bytes
                          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          Disassembly

                          No disassembly