Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
C0260-COUNCIL APPROVED PLANS - ISSUE D[74]-- Panels & Inverter layout .pdf

Overview

General Information

Sample name:C0260-COUNCIL APPROVED PLANS - ISSUE D[74]-- Panels & Inverter layout .pdf
Analysis ID:1543507
MD5:132ac7416a01418ff771ddaeb04e0e59
SHA1:682ac89892ce4c10b5f7008ccf76018ae0485cd8
SHA256:f921ad84ebb6c626c6d5aff981e0ecc25e37fcbbc4ea39c0d9b416ea63849546
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7480 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\C0260-COUNCIL APPROVED PLANS - ISSUE D[74]-- Panels & Inverter layout .pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7692 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7880 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1736,i,3149293254511597146,14732658930209850938,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49752
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49752
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49752
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49752
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49752
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49752
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49752
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49752
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49752
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49752
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.4:49752
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.4:49752 -> 96.7.168.138:443
Source: Joe Sandbox ViewIP Address: 96.7.168.138 96.7.168.138
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 2D85F72862B55C4EADD9E66E06947F3D0.3.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: classification engineClassification label: clean2.winPDF@14/44@2/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-27 21-56-15-783.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\C0260-COUNCIL APPROVED PLANS - ISSUE D[74]-- Panels & Inverter layout .pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1736,i,3149293254511597146,14732658930209850938,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1736,i,3149293254511597146,14732658930209850938,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C0260-COUNCIL APPROVED PLANS - ISSUE D[74]-- Panels & Inverter layout .pdfInitial sample: PDF keyword /JS count = 0
Source: C0260-COUNCIL APPROVED PLANS - ISSUE D[74]-- Panels & Inverter layout .pdfInitial sample: PDF keyword /JavaScript count = 0
Source: C0260-COUNCIL APPROVED PLANS - ISSUE D[74]-- Panels & Inverter layout .pdfInitial sample: PDF keyword /Page count = 16
Source: C0260-COUNCIL APPROVED PLANS - ISSUE D[74]-- Panels & Inverter layout .pdfInitial sample: PDF keyword stream count = 121
Source: C0260-COUNCIL APPROVED PLANS - ISSUE D[74]-- Panels & Inverter layout .pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C0260-COUNCIL APPROVED PLANS - ISSUE D[74]-- Panels & Inverter layout .pdfInitial sample: PDF keyword /ObjStm count = 21
Source: C0260-COUNCIL APPROVED PLANS - ISSUE D[74]-- Panels & Inverter layout .pdfInitial sample: PDF keyword endstream count = 121
Source: C0260-COUNCIL APPROVED PLANS - ISSUE D[74]-- Panels & Inverter layout .pdfInitial sample: PDF keyword obj count = 139
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1543507 Sample: C0260-COUNCIL APPROVED PLAN... Startdate: 28/10/2024 Architecture: WINDOWS Score: 2 14 x1.i.lencr.org 2->14 7 Acrobat.exe 20 73 2->7         started        process3 process4 9 AcroCEF.exe 106 7->9         started        process5 11 AcroCEF.exe 4 9->11         started        dnsIp6 16 96.7.168.138, 443, 49752 INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR United States 11->16

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
bg.microsoft.map.fastly.net0%VirustotalBrowse
fp2e7a.wpc.phicdn.net0%VirustotalBrowse
x1.i.lencr.org0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalseunknown
fp2e7a.wpc.phicdn.net
192.229.221.95
truefalseunknown
x1.i.lencr.org
unknown
unknownfalseunknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.3.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
96.7.168.138
unknownUnited States
262589INTERNEXABRASILOPERADORADETELECOMUNICACOESSABRfalse

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1543507
Start date and time:2024-10-28 02:54:58 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 46s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:9
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:C0260-COUNCIL APPROVED PLANS - ISSUE D[74]-- Panels & Inverter layout .pdf
Detection:CLEAN
Classification:clean2.winPDF@14/44@2/1
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 184.28.88.176, 18.207.85.246, 107.22.247.231, 34.193.227.236, 54.144.73.197, 2.20.245.133, 162.159.61.3, 172.64.41.3, 2.23.197.184, 2.20.245.135, 2.20.245.132, 2.20.245.141
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, ocsp.edge.digicert.com, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

TimeTypeDescription
21:56:22API Interceptor1x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
96.7.168.138tue.batGet hashmaliciousUnknownBrowse
    https://dl.dropboxusercontent.com/scl/fi/kzw07ghqs05mfyhu8o3ey/BestellungVRG020002.zip?rlkey=27cmmjv86s5ygdnss2oa80i1o&st=86cnbbyp&dl=0Get hashmaliciousUnknownBrowse
      bc3c228ad2c13f96cb14375c3860e802.pdfGet hashmaliciousHTMLPhisherBrowse
        Demande de proposition du CPE Les Coquins.pdfGet hashmaliciousUnknownBrowse
          Airbornemx Benefits Enrollment.pdfGet hashmaliciousHTMLPhisherBrowse
            Scan_8346203.pdfGet hashmaliciousUnknownBrowse
              Jwhite Pay Increase EFile997843.pdfGet hashmaliciousUnknownBrowse
                roba.txtGet hashmaliciousMeterpreter, ReflectiveLoaderBrowse
                  Inv No.248730.xlsGet hashmaliciousUnknownBrowse
                    ddsfsfsa.pdfGet hashmaliciousUnknownBrowse

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      fp2e7a.wpc.phicdn.netfile.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, XWormBrowse
                      • 192.229.221.95
                      Reminder.exeGet hashmaliciousAmadeyBrowse
                      • 192.229.221.95
                      Reminder.exeGet hashmaliciousAmadeyBrowse
                      • 192.229.221.95
                      file.exeGet hashmaliciousCredential FlusherBrowse
                      • 192.229.221.95
                      17300365867ee8d0cb3f1a12c6cec8645cc7e38e63369b90427fc9e5a6c72010847ed86d44312.dat-decoded.dllGet hashmaliciousUnknownBrowse
                      • 192.229.221.95
                      17300365850f5c8448f977c51317c45b12573632d1c5798125521bd3f9879ca4b9f06bfdda923.dat-decoded.dllGet hashmaliciousUnknownBrowse
                      • 192.229.221.95
                      QmFIR949GC.exeGet hashmaliciousRedLineBrowse
                      • 192.229.221.95
                      173003262782b8017037917b9961fbcad57f6b662e24836f7d97dbd52e59bb21507b98d9a6704.dat-decoded.exeGet hashmaliciousRedLineBrowse
                      • 192.229.221.95
                      1730032629d03288421fce5e7d9e6026f5a967d50c541a02112bcbceaac1a2fa9677728cde553.dat-decoded.exeGet hashmaliciousBlackshadesBrowse
                      • 192.229.221.95
                      v9dVG4fAGa.exeGet hashmaliciousClipboard HijackerBrowse
                      • 192.229.221.95
                      bg.microsoft.map.fastly.netfile.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, XWormBrowse
                      • 199.232.210.172
                      SecuriteInfo.com.Trojan.PWS.Stealer.38079.9664.9958.exeGet hashmaliciousMystic StealerBrowse
                      • 199.232.210.172
                      v9dVG4fAGa.exeGet hashmaliciousClipboard HijackerBrowse
                      • 199.232.214.172
                      3cfc9c.msiGet hashmaliciousUnknownBrowse
                      • 199.232.210.172
                      lBYtUYrlFO.exeGet hashmaliciousStealcBrowse
                      • 199.232.214.172
                      j6qRCRPE7S.ps1Get hashmaliciousMetasploitBrowse
                      • 199.232.210.172
                      2OwohMu0zx.exeGet hashmaliciousAsyncRATBrowse
                      • 199.232.210.172
                      UwOcZADSmi.exeGet hashmaliciousAsyncRATBrowse
                      • 199.232.214.172
                      vqUuq8t2Uc.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                      • 199.232.214.172
                      pXJ9iQvcQa.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                      • 199.232.214.172

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      INTERNEXABRASILOPERADORADETELECOMUNICACOESSABRtue.batGet hashmaliciousUnknownBrowse
                      • 96.7.168.138
                      https://dl.dropboxusercontent.com/scl/fi/kzw07ghqs05mfyhu8o3ey/BestellungVRG020002.zip?rlkey=27cmmjv86s5ygdnss2oa80i1o&st=86cnbbyp&dl=0Get hashmaliciousUnknownBrowse
                      • 96.7.168.138
                      bc3c228ad2c13f96cb14375c3860e802.pdfGet hashmaliciousHTMLPhisherBrowse
                      • 96.7.168.138
                      Demande de proposition du CPE Les Coquins.pdfGet hashmaliciousUnknownBrowse
                      • 96.7.168.138
                      Airbornemx Benefits Enrollment.pdfGet hashmaliciousHTMLPhisherBrowse
                      • 96.7.168.138
                      Scan_8346203.pdfGet hashmaliciousUnknownBrowse
                      • 96.7.168.138
                      Jwhite Pay Increase EFile997843.pdfGet hashmaliciousUnknownBrowse
                      • 96.7.168.138
                      roba.txtGet hashmaliciousMeterpreter, ReflectiveLoaderBrowse
                      • 96.7.168.138
                      Inv No.248730.xlsGet hashmaliciousUnknownBrowse
                      • 96.7.168.138
                      MDE_File_Sample_1a8e4ebbcc2e3f76efb2a55bb6179417263ebf3d.zipGet hashmaliciousUnknownBrowse
                      • 96.7.169.183

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.225520540653707
                      Encrypted:false
                      SSDEEP:6:1rX9+q2Pwkn2nKuAl9OmbnIFUt8kwMJZmw+kwM9VkwOwkn2nKuAl9OmbjLJ:h4vYfHAahFUt8sJ/+sD5JfHAaSJ
                      MD5:668B696EB842C5E0DA3FB4F630CCE3A8
                      SHA1:8DC4069EAFFB2480AB42DBD634A0E0E30D6E9E84
                      SHA-256:9CF10BEEB5F5877DECE8D0E3010C082E70A25BE628FC5C4DC551FF4FC9AEE2D6
                      SHA-512:45DBD34981B17CCE0DFCA82CD2D9A6AE08B73826DE57807E50FBE496013F87ADBCB204908FB485081D5EDE735B75454FF5756DF593B94B5E89F4C45533E10032
                      Malicious:false
                      Reputation:low
                      Preview:2024/10/27-21:56:13.540 1e28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/27-21:56:13.542 1e28 Recovering log #3.2024/10/27-21:56:13.542 1e28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.225520540653707
                      Encrypted:false
                      SSDEEP:6:1rX9+q2Pwkn2nKuAl9OmbnIFUt8kwMJZmw+kwM9VkwOwkn2nKuAl9OmbjLJ:h4vYfHAahFUt8sJ/+sD5JfHAaSJ
                      MD5:668B696EB842C5E0DA3FB4F630CCE3A8
                      SHA1:8DC4069EAFFB2480AB42DBD634A0E0E30D6E9E84
                      SHA-256:9CF10BEEB5F5877DECE8D0E3010C082E70A25BE628FC5C4DC551FF4FC9AEE2D6
                      SHA-512:45DBD34981B17CCE0DFCA82CD2D9A6AE08B73826DE57807E50FBE496013F87ADBCB204908FB485081D5EDE735B75454FF5756DF593B94B5E89F4C45533E10032
                      Malicious:false
                      Reputation:low
                      Preview:2024/10/27-21:56:13.540 1e28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/27-21:56:13.542 1e28 Recovering log #3.2024/10/27-21:56:13.542 1e28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):336
                      Entropy (8bit):5.225543187694216
                      Encrypted:false
                      SSDEEP:6:1LDM+q2Pwkn2nKuAl9Ombzo2jMGIFUt8kwgZmw+kuSDMVkwOwkn2nKuAl9Ombzos:BDM+vYfHAa8uFUt8/g/+bSDMV5JfHAaU
                      MD5:A963CCDB58052A002ABA3E93D0A8BF18
                      SHA1:7F1CC086908079C4E77B1917A4ADF456CF22CEE9
                      SHA-256:D30C0422A0F71023E9DE3A96353019D30668C02FD47DFA40FB79B1D66DF1D8AA
                      SHA-512:1E0674E0FA29112E44BA14E02D6C2C4032787D4FAF899689262463B0C7A67EE3E5BCBB17BB90BA0B128693525FA09FC8225269562924CE70E489471D64B29414
                      Malicious:false
                      Reputation:low
                      Preview:2024/10/27-21:56:13.595 1efc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/27-21:56:13.596 1efc Recovering log #3.2024/10/27-21:56:13.597 1efc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):336
                      Entropy (8bit):5.225543187694216
                      Encrypted:false
                      SSDEEP:6:1LDM+q2Pwkn2nKuAl9Ombzo2jMGIFUt8kwgZmw+kuSDMVkwOwkn2nKuAl9Ombzos:BDM+vYfHAa8uFUt8/g/+bSDMV5JfHAaU
                      MD5:A963CCDB58052A002ABA3E93D0A8BF18
                      SHA1:7F1CC086908079C4E77B1917A4ADF456CF22CEE9
                      SHA-256:D30C0422A0F71023E9DE3A96353019D30668C02FD47DFA40FB79B1D66DF1D8AA
                      SHA-512:1E0674E0FA29112E44BA14E02D6C2C4032787D4FAF899689262463B0C7A67EE3E5BCBB17BB90BA0B128693525FA09FC8225269562924CE70E489471D64B29414
                      Malicious:false
                      Reputation:low
                      Preview:2024/10/27-21:56:13.595 1efc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/27-21:56:13.596 1efc Recovering log #3.2024/10/27-21:56:13.597 1efc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\1cc4df5a-da30-47ee-979c-083f1802c5ef.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):475
                      Entropy (8bit):4.967403857886107
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
                      MD5:B7761633048D74E3C02F61AD04E00147
                      SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
                      SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
                      SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
                      Malicious:false
                      Reputation:moderate, very likely benign file
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):475
                      Entropy (8bit):4.967403857886107
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
                      MD5:B7761633048D74E3C02F61AD04E00147
                      SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
                      SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
                      SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
                      Malicious:false
                      Reputation:moderate, very likely benign file
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF465b2b.TMP (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):475
                      Entropy (8bit):4.967403857886107
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
                      MD5:B7761633048D74E3C02F61AD04E00147
                      SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
                      SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
                      SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
                      Malicious:false
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f2609660-e1d7-415c-8330-bef3e2c7f13c.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:modified
                      Size (bytes):475
                      Entropy (8bit):4.9729052853641855
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqfsBdOg2Hocaq3QYiubInP7E4TX:Y2sRdshdMHD3QYhbG7n7
                      MD5:05FA330361FE84815EA5D34558841AFF
                      SHA1:14DE69F469B09F310760A5971829A6F3B44E3B58
                      SHA-256:B65730E92C77DC152052295E9D5F8CDA43CFBE3CB4B40D69D65BA5E061958EAE
                      SHA-512:FFCD5DFF16FC3F6D8313CB61921D99600D6D9480CAB592C23F562093ED5CFC265687AD5B0C83175410B0C8AA42625437FF6F0FD6BA579532E304DC92462535EE
                      Malicious:false
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374640585391820","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":214476},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4730
                      Entropy (8bit):5.252190212089528
                      Encrypted:false
                      SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo70xGBxe2ZZ:etJCV4FiN/jTN/2r8Mta02fEhgO73go9
                      MD5:1094AD77A2017220674AE8F5E34F3945
                      SHA1:D3D5D5B809EC5F5C6394C5B56738A90C39DE73EB
                      SHA-256:45E56003746CC1A788AB2C6F9E058EB0C91B11B29F0F2C45E18E510006D44426
                      SHA-512:D332424E8D056ED1AAA4228F570131197FC18EAB43B117836B9A2CBBCB10713428319B05DEB754E42A6DC4BFAF2D4FE49C62050ABEF9EEB443194ABCF9FC0097
                      Malicious:false
                      Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):324
                      Entropy (8bit):5.170427951561662
                      Encrypted:false
                      SSDEEP:6:1XRUDM+q2Pwkn2nKuAl9OmbzNMxIFUt8kXkgZmw+kXkDMVkwOwkn2nKuAl9OmbzE:EDM+vYfHAa8jFUt8jg/+jDMV5JfHAa8E
                      MD5:D726AEF7A99286CBFDCFF02F4E4B6001
                      SHA1:52D9BAE4080C3362A3CB137EC4236A6C9722B8AD
                      SHA-256:D23A695D8E6FD3CAF90F1032BAA99C875EF3DA4C5BF8CFBE715D9EAD729E125B
                      SHA-512:952AFD39826A83513A66AB6B37B2387489D97C1FC76F2C71B3E610CA4723284BB152FE7EF0E401F516532CD3934C9F1F7879B7A2F27DE9D0151CAF60C6FDBAA4
                      Malicious:false
                      Preview:2024/10/27-21:56:14.009 1efc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/27-21:56:14.010 1efc Recovering log #3.2024/10/27-21:56:14.010 1efc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):324
                      Entropy (8bit):5.170427951561662
                      Encrypted:false
                      SSDEEP:6:1XRUDM+q2Pwkn2nKuAl9OmbzNMxIFUt8kXkgZmw+kXkDMVkwOwkn2nKuAl9OmbzE:EDM+vYfHAa8jFUt8jg/+jDMV5JfHAa8E
                      MD5:D726AEF7A99286CBFDCFF02F4E4B6001
                      SHA1:52D9BAE4080C3362A3CB137EC4236A6C9722B8AD
                      SHA-256:D23A695D8E6FD3CAF90F1032BAA99C875EF3DA4C5BF8CFBE715D9EAD729E125B
                      SHA-512:952AFD39826A83513A66AB6B37B2387489D97C1FC76F2C71B3E610CA4723284BB152FE7EF0E401F516532CD3934C9F1F7879B7A2F27DE9D0151CAF60C6FDBAA4
                      Malicious:false
                      Preview:2024/10/27-21:56:14.009 1efc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/27-21:56:14.010 1efc Recovering log #3.2024/10/27-21:56:14.010 1efc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241028015619Z-208.bmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PC bitmap, Windows 3.x format, 164 x -115 x 32, cbSize 75494, bits offset 54
                      Category:dropped
                      Size (bytes):75494
                      Entropy (8bit):2.7050373980940443
                      Encrypted:false
                      SSDEEP:768:5j8r3a08ocGl/GGBE7pZw0lXkoVYrbh4H3Q0fjQrcZjansEXwnjFedjI+cKhGVp6:/0Wn4/Z
                      MD5:D4C9C3B4722C538A43DCC3BC70054307
                      SHA1:D554F0C82CF8119CFC3366A0398D8F0B87E5E4EE
                      SHA-256:8F0267EB9AE887EC59A68794EF65F249892C6DD59FB38E4530E98071EA734F2D
                      SHA-512:A8C2EDFD367B597F285FE8B32CE4289941C88872A0D6488E48CAE7EB5E6B28AD1E9DF2A6E5CBE4B1B62CE1A6E2F622D0B5A859C45D7F4DEE4EB6F188FF78635E
                      Malicious:false
                      Preview:BM.&......6...(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                      Category:dropped
                      Size (bytes):86016
                      Entropy (8bit):4.445111315445502
                      Encrypted:false
                      SSDEEP:384:yezci5tOiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rhs3OazzU89UTTgUL
                      MD5:77AEDCFD039769755D12A4394C065DB0
                      SHA1:74780833B70B0441DB8BD9111EA76CED1578ABFD
                      SHA-256:6BCFD3EF89892B58E415C7B089A24675236DD4B120DE46303045EC8CAF1BF1DC
                      SHA-512:CBC16385856E79A72341431490654936043A75E88645AF65403DE75CE8B09E6DB721B676ABE9CCB817482B16C1E5FEF9A63F8AF64C895CB53BC7C96EED6BF700
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):3.773597708283631
                      Encrypted:false
                      SSDEEP:48:7Mtp/E2ioyVfioy9oWoy1Cwoy1LKOioy1noy1AYoy1Wioy1hioybioyjoy1noy1U:7upjufFaXKQ2Hb9IVXEBodRBkk
                      MD5:4A2B64332AAAB9E4D906DC5ED7DE01FB
                      SHA1:8A59C792B60A81A9380E32365EFE64D0BB723B4B
                      SHA-256:CA4C832F4E8123B0937DD8969FE7050378E5F8D333633CCD2B5A224689AD09E8
                      SHA-512:6071A69C57BB00DD4182B483E75646CB89F14D40F9E1CE4DD9AD54022E2ACA471FA74C5C491B5EB355865CDF6BE53F4F697A08F1DE157B5AEE42347D52C02840
                      Malicious:false
                      Preview:.... .c.....c5|}...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:Certificate, Version=3
                      Category:dropped
                      Size (bytes):1391
                      Entropy (8bit):7.705940075877404
                      Encrypted:false
                      SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                      MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                      SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                      SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                      SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                      Malicious:false
                      Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):192
                      Entropy (8bit):2.7621925687296174
                      Encrypted:false
                      SSDEEP:3:kkFklNGH5FVltfllXlE/HT8k2Kal1NNX8RolJuRdxLlGB9lQRYwpDdt:kKfZPleT8CaNMa8RdWBwRd
                      MD5:5D6355DFAB0BED1C67B6176D3658FDF7
                      SHA1:E4DB80D9E8DDCC0A86341F2B88DA5A4D0143F4BE
                      SHA-256:4360B227BB166F41FE4CD18B3985CD05450352D2984D0B406DC913CC1CEB2050
                      SHA-512:D4B3722E93546CD5EF110CB0EF0FD67489C9DE758E1CD3CA5D4F815A21E73FBF1D70406E11B48D7202F4CA910AAEAEB1A300A837AB6448398855D7D1811F1EF9
                      Malicious:false
                      Preview:p...... ........~#...(..(....................................................... ..........W...../..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):295
                      Entropy (8bit):5.375273515547188
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXsCyuZUaQGrKHVoZcg1vRcR0YNheoAvJM3g98kUwPeUkwRe9:YvXKXsCF2GK2Zc0v2VGMbLUkee9
                      MD5:689AF9CDB0E60C97BF9B7BA9185558F7
                      SHA1:45FBE26663A4EB66B4BFDC6B4BC55943271D29E5
                      SHA-256:96E84C924BDD81C6A2F3DC5D15C63F9D513199CADDE4744417778C031D5977A5
                      SHA-512:921F74E2EACEC692CE0A90622FFB28F649E5A018BE37697BA225B05175CF9F99EFB705CF20A5780617DFE861349B1F5E906D34FF4176DA94D6115694D840DCD7
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"f1bddeb3-9fcd-4e5c-9388-13ac2ead51fe","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730256863886,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.320402958363653
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXsCyuZUaQGrKHVoZcg1vRcR0YNheoAvJfBoTfXpnrPeUkwRe9:YvXKXsCF2GK2Zc0v2VGWTfXcUkee9
                      MD5:814FD04B6B85546705E9C041AAF4E6BA
                      SHA1:393C6C830C7C767B88BEEE07EE357BE18D1F8A19
                      SHA-256:183DA4F0EE8938F1A2872CC38FD104E6E94FE0CBD1A6DF7CBCE9FEE334CC0D22
                      SHA-512:D7EB06CA611F7A08B86289E10429CC2F5B35B17CEA4CD58A9A8F0EDEF08E4B4EC5F852BD239C701A0FB6E95FE69505CF576F677D219AF9D2BD236DA45B2A81A7
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"f1bddeb3-9fcd-4e5c-9388-13ac2ead51fe","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730256863886,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.299073020787877
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXsCyuZUaQGrKHVoZcg1vRcR0YNheoAvJfBD2G6UpnrPeUkwRe9:YvXKXsCF2GK2Zc0v2VGR22cUkee9
                      MD5:F6776642FE2F27B0EFB8E566F99E5818
                      SHA1:62430C1BD77EEB3B52110AAF8B16126AA06DE26D
                      SHA-256:1ABC18E579582E1AC1603A67F6F6AA016B8AF6994EE8C45C139AAA47DC1AA35B
                      SHA-512:14C846A4A70C606E6DBDB3E19C4FF2E14344EFAE739D519D41D860DB2A44BB9F96DC29EDC7FC54D69C66710DE0FD41FE7658ACA80DFC5B2D006E158740549CAB
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"f1bddeb3-9fcd-4e5c-9388-13ac2ead51fe","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730256863886,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):285
                      Entropy (8bit):5.362701921013574
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXsCyuZUaQGrKHVoZcg1vRcR0YNheoAvJfPmwrPeUkwRe9:YvXKXsCF2GK2Zc0v2VGH56Ukee9
                      MD5:DC02F0B3CCE48DDC736C4D714E81CCF7
                      SHA1:6608CBE67DDB7AB0FC4D8EA1F2309ED9D73F86D6
                      SHA-256:172955C76BA94A97B9F3350987F316A241AA05949981A5A44DE2B737886C42FE
                      SHA-512:FAEDC2C61249265C965945DC2D0D0D0046FE7F77F38E0398AC626C5BFD4572550AC6ABB3F75F5E5B13DE9469277D0F20797EC144E4EE538A289480F7D54C50DD
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"f1bddeb3-9fcd-4e5c-9388-13ac2ead51fe","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730256863886,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1055
                      Entropy (8bit):5.655379338096464
                      Encrypted:false
                      SSDEEP:24:Yv6X9g2zv3pLgEscLf7nnl0RCmK8czOCCSCb:YvoPvhgGzaAh8cv/Cb
                      MD5:6E7664F05092C73536A989F41D113D6D
                      SHA1:2BA05E307E4C186876DE08588D0E6DE05C11A99C
                      SHA-256:D26D844C43145186E8E4F8DA98228FE8A98F6C518336C7AE295D34ED470F4C81
                      SHA-512:B15102DEA25005A42121C7C4649F9F12EB8BBF88E8BC83BBAE4BAFE5B6A3A77DDD8A416AC3600453FDB5C427545AC103303BF13F61AB85E6EBEB5E4DB926042E
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"f1bddeb3-9fcd-4e5c-9388-13ac2ead51fe","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730256863886,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_1","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"eb1a4bce-8215-46f1-b44c-154b21a85d60","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingScheme":tr

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1050
                      Entropy (8bit):5.648516729151981
                      Encrypted:false
                      SSDEEP:24:Yv6X9g2zvbVLgEF0c7sbnl0RCmK8czOCYHflEpwiVZb:YvoPzFg6sGAh8cvYHWpwCb
                      MD5:936E713D4A810DC21ADBA7ABCC3C987F
                      SHA1:6265665CC5B7D8A783B220BAFD335DA76858841E
                      SHA-256:7BFF82F3E15580CA1F7CCD5DDD4136D1851C52469E7E4041F0EBC0BAD6FE3AAC
                      SHA-512:6529EE68E0B4E5791F437634ED8EC1D95CFF742A56969ABCDB5809C4002CF2C52BFA5A185CACF852B3360C51496CC39D60061420898F8C73853D64849A0AA00B
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"f1bddeb3-9fcd-4e5c-9388-13ac2ead51fe","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730256863886,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.307483680199958
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXsCyuZUaQGrKHVoZcg1vRcR0YNheoAvJfQ1rPeUkwRe9:YvXKXsCF2GK2Zc0v2VGY16Ukee9
                      MD5:933358B3FC84FD9E7762449EB8CA27B2
                      SHA1:41A848E669ABCA660A40FE261D5B505CFACDEA74
                      SHA-256:A35AB7E0BC674417077D536AC41BFB4A746B2FB6074B20B4B86C040E3FACA933
                      SHA-512:686B6A644977894AB664DF3575ACF575D78F3AE2B6739666AE6E5F87360BBFC0568C34D57752A43ED2E6275697BC981AD80370A1A896275F25AFFD4B95E7EF36
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"f1bddeb3-9fcd-4e5c-9388-13ac2ead51fe","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730256863886,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1038
                      Entropy (8bit):5.64399055856863
                      Encrypted:false
                      SSDEEP:24:Yv6X9g2zvq2LgEF7cciAXs0nl0RCmK8czOCAPtciBZb:YvoPCogc8hAh8cvAPb
                      MD5:29F8BD47F23CCC53CDC4B028D2E0BA85
                      SHA1:196878AD085611549E9F7A23C45A0B30DB18698A
                      SHA-256:C99604E958FE6E24B8B509A4A7195CFBDA650533F205A54EFF4D97F77AC3B195
                      SHA-512:BF1F274BD0E5205E4A97408D1C28D39459CE55AE33B80567635A5F46A0DD794287D7B5797A87D4E06AA8438A282AE6AC854CF2E36543FEA641FA58DF369394D2
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"f1bddeb3-9fcd-4e5c-9388-13ac2ead51fe","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730256863886,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1164
                      Entropy (8bit):5.697064525960028
                      Encrypted:false
                      SSDEEP:24:Yv6X9g2zv2KLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5Zb:YvoP+EgqprtrS5OZjSlwTmAfSKLb
                      MD5:4D4521C69A88D288584BE40EDB03AF9F
                      SHA1:0AC12769DE8E742A7B5EA6BC18562FEC136C8747
                      SHA-256:234462F16B5D56B36583CDAF326FCC08DAEDD7E313FC1BA1F01997EED94A4979
                      SHA-512:CBA37907376A42A0B1567DDB005CC0850E83FC60A91BB93A31251AFD0EDCC5C4AA22BB8E1E95B7BA6B3B0E0A7507391C17C34B00B34215721D8679C7B533B036
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"f1bddeb3-9fcd-4e5c-9388-13ac2ead51fe","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730256863886,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.310365367253071
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXsCyuZUaQGrKHVoZcg1vRcR0YNheoAvJfYdPeUkwRe9:YvXKXsCF2GK2Zc0v2VGg8Ukee9
                      MD5:CCF28E375031072F77B10468A6A86DD1
                      SHA1:941F92C65647E88A982FA0148246B0311AE57B34
                      SHA-256:2DCB17B1658D36E45A43E674EA0D7930C9A1A74F44642E3C5E5D8278210C2E7D
                      SHA-512:6C90871E13B27EFAA87CA377F7AE9154185F6C844C907FEC34236F3A35287B28FA1941A6D35E43AC1E028A3EE105C7651811976FA8E5B7040F140BC30EE96A00
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"f1bddeb3-9fcd-4e5c-9388-13ac2ead51fe","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730256863886,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1395
                      Entropy (8bit):5.773994719524525
                      Encrypted:false
                      SSDEEP:24:Yv6X9g2zv9rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNhb:YvoP1HgDv3W2aYQfgB5OUupHrQ9FJLb
                      MD5:ED31C4BF86A1D59DE79C5AC49A75B7A5
                      SHA1:AB268164E0D598DD4DF0FB28AB0B7DCF347208AB
                      SHA-256:129449C906A8473B6D23BF08A8AAD5EB6EEDD2D2070ED796BB95A273662A75D0
                      SHA-512:B4DCB9C2F3D22F89858F662DCCE03456AD2229BD51C23351824DBBBB17FFEF8A84CC3AD3255888079A09B265E51BD98B0048B573A4D837DA214BA82F8B510C00
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"f1bddeb3-9fcd-4e5c-9388-13ac2ead51fe","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730256863886,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):291
                      Entropy (8bit):5.293841225289457
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXsCyuZUaQGrKHVoZcg1vRcR0YNheoAvJfbPtdPeUkwRe9:YvXKXsCF2GK2Zc0v2VGDV8Ukee9
                      MD5:1828C4FC106149C4E7BC1C15A435AF14
                      SHA1:D932030FE955AB8155F80A1C39B46FC331E49162
                      SHA-256:74F61025C08E48B0E7518A6BA741B2CCF7F2218F5C27EA2B3A7C074EF5E79193
                      SHA-512:6E6CBEEEA55050C7A2459EAC28666A9B1860E3B3A864EE06B3E3778B399280B634F657EE41EA662431A29715661DBA2F88B62E6055792A4D4D0BD9169B0A6ACC
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"f1bddeb3-9fcd-4e5c-9388-13ac2ead51fe","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730256863886,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):287
                      Entropy (8bit):5.29863615008757
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXsCyuZUaQGrKHVoZcg1vRcR0YNheoAvJf21rPeUkwRe9:YvXKXsCF2GK2Zc0v2VG+16Ukee9
                      MD5:0387D061A1C3FF7460905BC634312933
                      SHA1:FA7FB4224D33C18598910D8525BBF9D07DE62B3E
                      SHA-256:7F08048479834E2EE811E02FE8751C9DE19E5E61C8EB0E9299EFFD4DFF46CDC0
                      SHA-512:F69AB1AA3AA3CF95D33AD22AE70E9784B8A7AE865E0ABDEBAD1EBEADEBA4B1A265BD2B94659FAF619E1734CE20BD948022E446A74E70B9A94467816C8A51A7D7
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"f1bddeb3-9fcd-4e5c-9388-13ac2ead51fe","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730256863886,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):5.625752316898265
                      Encrypted:false
                      SSDEEP:24:Yv6X9g2zvPamXayLgE7cMCBNaqnl0RCmK8czOC/BSCb:YvoPPBgACBOAh8cvMCb
                      MD5:94582459670E6C33BDC8089D0D900FB0
                      SHA1:F746E0531F6D0DA637200C2680E995E7600BFD07
                      SHA-256:84D862D8A28298EB6D972C56F530D281BDD4C3269E7E6F5DEFF69B88624DED4E
                      SHA-512:37D9EED2FA8A2D54A5EEF47818D49F1D32BF5357D477D7D620517B6137CF3C3563B5F3EAE451B3713D3906C7D63B12DEBFD28AAC413E77C4DDF42492EB7AEF30
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"f1bddeb3-9fcd-4e5c-9388-13ac2ead51fe","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730256863886,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_0","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"6291f52b-6cb0-4d31-bc46-37ce85e9eb25","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1751323379000,"s

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):286
                      Entropy (8bit):5.2732922303397185
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXsCyuZUaQGrKHVoZcg1vRcR0YNheoAvJfshHHrPeUkwRe9:YvXKXsCF2GK2Zc0v2VGUUUkee9
                      MD5:E2B79A5C64FC5655C4AAFA8610B597DD
                      SHA1:AA94754DAE4ABF7219E9D35483596E9BCD5388D8
                      SHA-256:650A6602491FC1117EED027A2CEF54589A16B69D7A9ED39CA2EE59B26ABE78D6
                      SHA-512:922120194651057E26FDC5F82D9D433008F061C4BA40026363C426A21C634B7E18EA55579D4EFB8E6B7552FF0A5744351B1BCFF75A23D36F0ED0655D966ECD8E
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"f1bddeb3-9fcd-4e5c-9388-13ac2ead51fe","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730256863886,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):782
                      Entropy (8bit):5.366922734619546
                      Encrypted:false
                      SSDEEP:12:YvXKXsCF2GK2Zc0v2VGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWVb:Yv6X9g2zv0168CgEXX5kcIfANhCb
                      MD5:18E9213F0A742457EE3D2253485D06FE
                      SHA1:DBC438A0B90B833FD7930C7BB53573D45472542E
                      SHA-256:37C61A5C11C0EB133EAB09304B8C5542556AB307E1AD514E8AE660E8F69B8D5F
                      SHA-512:4D57B9893AE8D441CF5AE955DF81F7987E162FB7F3A0173425AE37A1F2118810BDB1FA3A39C03032367A47D3CE0432EC43475A18762078F74B2A87B216833058
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"f1bddeb3-9fcd-4e5c-9388-13ac2ead51fe","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730256863886,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1730080583922}}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4
                      Entropy (8bit):0.8112781244591328
                      Encrypted:false
                      SSDEEP:3:e:e
                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                      Malicious:false
                      Preview:....

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2818
                      Entropy (8bit):5.1179478605386
                      Encrypted:false
                      SSDEEP:48:Ytd0Q/UrOFicKPAst36G+wQQzg1MrEpmz1qmbDeE/i9ccf3w3:Sd0Q/UrEKPAsp6GRQQzg1no4mbCEocw+
                      MD5:553E8B727A58AD3F60F296BEAC862E12
                      SHA1:8289E4675311CBBFD5A16C48314C9BEF68F8C449
                      SHA-256:27F66FD6B75FF9DE6CDA6CAA0D09B4A717106F676825C32AFE049BD5882ACCCE
                      SHA-512:5D81F6319876C5227C79E447EAB024776D1D1339A74B5775C523383887B5D7C4D56D3934C08A88806FDEAB9DC0606C851E60DB0182B804D4A89AF349B710B280
                      Malicious:false
                      Preview:{"all":[{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"af221d4229255c77769950125074189e","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1730080582000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"ef23f487674cfc34aa272b6fb7c2b21a","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1026,"ts":1730080582000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"ca4dc97f4406dd90b235f1fffa4afc46","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1055,"ts":1730080582000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"d54eed97f1b74e23e83944ccd41691aa","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1730080582000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"15090c673cf6d5d3073a0f1f2bdd2b74","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1730080582000},{"id":"Edit_InApp_Aug2020","info":{"dg":"443c94ac50c887868c619981e1e37d79","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                      Category:dropped
                      Size (bytes):12288
                      Entropy (8bit):1.1882576667842195
                      Encrypted:false
                      SSDEEP:48:TGufl2GL7msEHUUUUUUUUOSvR9H9vxFGiDIAEkGVvpU:lNVmswUUUUUUUUO+FGSItI
                      MD5:647A5374DD6A144D62E76ED2611ADCF8
                      SHA1:D14ADA580DAEE637F830ED60C62EA4853565303D
                      SHA-256:8236F0D900C28D9E9804BFA41C8F4F85816E3C321A3552AEB2EA05F4AD3DED8B
                      SHA-512:F1124F5C2B43B724EA162E7641D136187183753563767917E30852EE8124AD1296FAFE9783A0A13B3D7E2467515CC5FB340C2B9034A243264C3E143BAF2FB51B
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):1.6088007497582124
                      Encrypted:false
                      SSDEEP:48:7Mh7KUUUUUUUUUUcvR9H9vxFGiDIAEkGVvJqFl2GL7msa:7vUUUUUUUUUUsFGSIt/KVmsa
                      MD5:18FD199BCB44425C28D513F3FC3DE68F
                      SHA1:0588229937A1C58668BFC65890FA710842060801
                      SHA-256:D625FB1251D1FA3A019770E70B20D22B4BF40CD47759BD340541C6A71C60D004
                      SHA-512:5D739CFF51A9AC8F7577BA66FD1B148FEB466973318714F6F03AE52B20CF02813F21194282251FEA7F57134DB44EBDF11AE652380426587A773769ADD87337C4
                      Malicious:false
                      Preview:.... .c.....&........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\MSI5a8e2.LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):246
                      Entropy (8bit):3.505069684106714
                      Encrypted:false
                      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K85u1lH:Qw946cPbiOxDlbYnuRKl9
                      MD5:A090B23959962C91469E1A7716430C6C
                      SHA1:E26301D2754C8C6F23CE224B05EA861F87628809
                      SHA-256:2313CB490C88A0B4E0A4194A618B355989945B2F257C93A8AB42F4436D7907EB
                      SHA-512:9FDE52395EF2BC9F2C297558FA07C61AEA1E62D6E12BFDAEDEBCAFD7EB3C3B1426CFDD273F052FEA92330608F8E7B08DA18689A70F3DFA99A3CA8A9199C255AA
                      Malicious:false
                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.7./.1.0./.2.0.2.4. . .2.1.:.5.6.:.2.1. .=.=.=.....

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-27 21-56-15-783.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393)
                      Category:dropped
                      Size (bytes):16525
                      Entropy (8bit):5.345946398610936
                      Encrypted:false
                      SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                      MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                      SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                      SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                      SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                      Malicious:false
                      Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393), with CRLF line terminators
                      Category:dropped
                      Size (bytes):15114
                      Entropy (8bit):5.370062831384868
                      Encrypted:false
                      SSDEEP:384:4xsoF44hMiYlpfnn+6opuEuQhZyMciTHWUXrCsA8pUMiYfaixBKD6LYLuT579YkL:4Ere
                      MD5:6D98E3E41A57F32A79466BC256A91B13
                      SHA1:015FEB255D4355F3611A47A69CBA9026DABF4FC7
                      SHA-256:B0515A85F751D19730580B4CC89752AF3CDC73FE70341267EB4210D689425691
                      SHA-512:0C42396AD440DB60630C9DBE2AF300609A6507846465545F2BA99BE96002801544EAF4E1D0C97D117A264E805107A448D5AA11171AC2A873475C33E3DE709674
                      Malicious:false
                      Preview:SessionID=563c804e-d4e7-4b19-8099-d0fdfb15c482.1730080575831 Timestamp=2024-10-27T21:56:15:831-0400 ThreadID=7684 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=563c804e-d4e7-4b19-8099-d0fdfb15c482.1730080575831 Timestamp=2024-10-27T21:56:15:842-0400 ThreadID=7684 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=563c804e-d4e7-4b19-8099-d0fdfb15c482.1730080575831 Timestamp=2024-10-27T21:56:15:842-0400 ThreadID=7684 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=563c804e-d4e7-4b19-8099-d0fdfb15c482.1730080575831 Timestamp=2024-10-27T21:56:15:842-0400 ThreadID=7684 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=563c804e-d4e7-4b19-8099-d0fdfb15c482.1730080575831 Timestamp=2024-10-27T21:56:15:842-0400 ThreadID=7684 Component=ngl-lib_NglAppLib Description="SetConf

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):29752
                      Entropy (8bit):5.400065517589783
                      Encrypted:false
                      SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r5:1
                      MD5:1128A84CDCC7E22994E9D90E1C7103F7
                      SHA1:ED2C205521316EDD496DE6936E0E0A449D2ECDD2
                      SHA-256:17FABA482E765430308D985FDA7226430D393E949C372AEC06B07D7BF2098E05
                      SHA-512:3347823DDEB4B03D3E6D068169F05E4AD6940694A5D2387BF413E157D494428414DB9281DB997071637BB3682BC248E49643A6A66F2EB31A50611F74180D393D
                      Malicious:false
                      Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                      C:\Users\user\AppData\Local\Temp\acrocef_low\38ad56b6-4de4-4c79-810e-61cb105666b1.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 634912
                      Category:dropped
                      Size (bytes):1407294
                      Entropy (8bit):7.97605879016224
                      Encrypted:false
                      SSDEEP:24576:/x3GZfAdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07lwYIGNPBVWo7oW:J3GZQ3mlind9i4ufFXpAXkrfUs0JwZGn
                      MD5:3F3CE9511FE8F6B4090401A7FBEC7989
                      SHA1:5D55058222BDAB1EC47E6E1EA5ADADE9212C5253
                      SHA-256:D4CA9E0D68A78B2D460B60203EEA1F406FA3F512EB310A90E3686638DBCE03CC
                      SHA-512:B92B6F687FED217BFE7618E70A54204F3A7DD14B008A836F48681931FC58C1C0ED548D368B7C7D9B9D4E2F46D18CBC4469F767A51A2EC1FDB19D7B19C5A4427E
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      C:\Users\user\AppData\Local\Temp\acrocef_low\ef420f76-c75a-4a6f-8b54-b2339a5f9394.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57837
                      Category:dropped
                      Size (bytes):1419751
                      Entropy (8bit):7.976496077007677
                      Encrypted:false
                      SSDEEP:24576:/xA7owWLaGZDwYIGNPJxdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07c:JVwWLaGZDwZGV3mlind9i4ufFXpAXkrj
                      MD5:96E2EE6506759519A5E3E5E550F28388
                      SHA1:477522A699526F3EC2270AD0B3D3B8D6609F8BBB
                      SHA-256:D135FEF8231B87D1F758B3D31FC5467BC933321F7E8EACB316F933DBA36474D5
                      SHA-512:C84E93CB72ABC0742C44BF13608472EDD30BE64358C0DA350D9D54C0A88EC45931D48CE1DA823FC527E5134E7277B16AFE0521F2716C067A519FDD390DB315CC
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      C:\Users\user\AppData\Local\Temp\acrocef_low\f163f821-d6be-4495-9a0d-789b57417b2a.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                      Category:dropped
                      Size (bytes):386528
                      Entropy (8bit):7.9736851559892425
                      Encrypted:false
                      SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                      MD5:5C48B0AD2FEF800949466AE872E1F1E2
                      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                      Malicious:false
                      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                      C:\Users\user\AppData\Local\Temp\acrocef_low\f85b720d-df38-4818-b085-ff968564cf34.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                      Category:dropped
                      Size (bytes):758601
                      Entropy (8bit):7.98639316555857
                      Encrypted:false
                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                      MD5:3A49135134665364308390AC398006F1
                      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                      Malicious:false
                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                      Static File Info

                      General

                      File type:PDF document, version 1.7 (zip deflate encoded)
                      Entropy (8bit):7.99787618289509
                      TrID:
                      • Adobe Portable Document Format (5005/1) 100.00%
                      File name:C0260-COUNCIL APPROVED PLANS - ISSUE D[74]-- Panels & Inverter layout .pdf
                      File size:3'683'293 bytes
                      MD5:132ac7416a01418ff771ddaeb04e0e59
                      SHA1:682ac89892ce4c10b5f7008ccf76018ae0485cd8
                      SHA256:f921ad84ebb6c626c6d5aff981e0ecc25e37fcbbc4ea39c0d9b416ea63849546
                      SHA512:0f247442ff97ff847cbd83c4c0109de397909be346cca153669ba75a77083d4815fc6eb742a252872f276b1face80deb40c33e4c58a43c2508fdd366bfba2a0c
                      SSDEEP:98304:wnO80OB3RHxLXJbK8gpxeHhSvKBEFr/0eEF9wDb0R/9wDb0Rm:2O80IdW8g/chhBdeE4
                      TLSH:5F06338A1D6AAC78D02E6D71E70862672DCBE8D5405C7B27FB2F8A045312C49ED53BD3
                      File Content Preview:%PDF-1.7.%......232 0 obj.<</Linearized 1/L 3683293/O 234/E 239694/N 16/T 3682692/H [ 717 838]>>.endobj. .283 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<43382D35422D43392D42452D46302D41><72F815DCFF5D460791B339F6224562

                      File Icon

                      Icon Hash:62cc8caeb29e8ae0

                      Static PDF Info

                      General

                      Header:%PDF-1.7
                      Total Entropy:7.997876
                      Total Bytes:3683293
                      Stream Entropy:7.998067
                      Stream Bytes:3661142
                      Entropy outside Streams:5.381377
                      Bytes outside Streams:22151
                      Number of EOF found:2
                      Bytes after EOF:

                      Keywords Statistics

                      NameCount
                      obj139
                      endobj139
                      stream121
                      endstream121
                      xref0
                      trailer0
                      startxref2
                      /Page16
                      /Encrypt0
                      /ObjStm21
                      /URI0
                      /JS0
                      /JavaScript0
                      /AA0
                      /OpenAction0
                      /AcroForm1
                      /JBIG2Decode0
                      /RichMedia0
                      /Launch0
                      /EmbeddedFile0

                      Image Streams

                      IDDHASHMD5Preview
                      26291b2ec717071310d468db27b7fc9c4bc7486bee72246abe5
                      2636c6ed28e8e8e8cb2a42aa6cf498aab6fcc32d5e9fcc4f88d
                      2700c8c0c8c8c0c800fb4df2aa8faa192ceab9fc66874718e7
                      2802d8d0c0c0c4c040d51170a3da3f56249f1d6d4d31e5c2ac

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Oct 28, 2024 02:56:26.578671932 CET49752443192.168.2.496.7.168.138
                      Oct 28, 2024 02:56:26.578748941 CET4434975296.7.168.138192.168.2.4
                      Oct 28, 2024 02:56:26.579010010 CET49752443192.168.2.496.7.168.138
                      Oct 28, 2024 02:56:26.579010010 CET49752443192.168.2.496.7.168.138
                      Oct 28, 2024 02:56:26.579083920 CET4434975296.7.168.138192.168.2.4
                      Oct 28, 2024 02:56:27.380475998 CET4434975296.7.168.138192.168.2.4
                      Oct 28, 2024 02:56:27.380785942 CET49752443192.168.2.496.7.168.138
                      Oct 28, 2024 02:56:27.380815983 CET4434975296.7.168.138192.168.2.4
                      Oct 28, 2024 02:56:27.384367943 CET4434975296.7.168.138192.168.2.4
                      Oct 28, 2024 02:56:27.384457111 CET49752443192.168.2.496.7.168.138
                      Oct 28, 2024 02:56:27.389528990 CET49752443192.168.2.496.7.168.138
                      Oct 28, 2024 02:56:27.389693975 CET49752443192.168.2.496.7.168.138
                      Oct 28, 2024 02:56:27.389703989 CET4434975296.7.168.138192.168.2.4
                      Oct 28, 2024 02:56:27.431360006 CET4434975296.7.168.138192.168.2.4
                      Oct 28, 2024 02:56:27.431890011 CET49752443192.168.2.496.7.168.138
                      Oct 28, 2024 02:56:27.431905031 CET4434975296.7.168.138192.168.2.4
                      Oct 28, 2024 02:56:27.478737116 CET49752443192.168.2.496.7.168.138
                      Oct 28, 2024 02:56:27.544673920 CET4434975296.7.168.138192.168.2.4
                      Oct 28, 2024 02:56:27.544806004 CET4434975296.7.168.138192.168.2.4
                      Oct 28, 2024 02:56:27.544873953 CET49752443192.168.2.496.7.168.138
                      Oct 28, 2024 02:56:27.545084000 CET49752443192.168.2.496.7.168.138
                      Oct 28, 2024 02:56:27.545114040 CET4434975296.7.168.138192.168.2.4
                      Oct 28, 2024 02:56:27.545139074 CET49752443192.168.2.496.7.168.138
                      Oct 28, 2024 02:56:27.545170069 CET49752443192.168.2.496.7.168.138

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Oct 28, 2024 02:56:22.665227890 CET6371553192.168.2.41.1.1.1
                      Oct 28, 2024 02:56:43.870675087 CET5220053192.168.2.41.1.1.1

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Oct 28, 2024 02:56:22.665227890 CET192.168.2.41.1.1.10x86faStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                      Oct 28, 2024 02:56:43.870675087 CET192.168.2.41.1.1.10x1149Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Oct 28, 2024 02:56:07.508299112 CET1.1.1.1192.168.2.40x8343No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                      Oct 28, 2024 02:56:07.508299112 CET1.1.1.1192.168.2.40x8343No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                      Oct 28, 2024 02:56:08.172954082 CET1.1.1.1192.168.2.40xfb1fNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                      Oct 28, 2024 02:56:08.172954082 CET1.1.1.1192.168.2.40xfb1fNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                      Oct 28, 2024 02:56:22.673216105 CET1.1.1.1192.168.2.40x86faNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                      Oct 28, 2024 02:56:43.879789114 CET1.1.1.1192.168.2.40x1149No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • armmf.adobe.com

                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.44975296.7.168.1384437880C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      TimestampBytes transferredDirectionData
                      2024-10-28 01:56:27 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                      Host: armmf.adobe.com
                      Connection: keep-alive
                      Accept-Language: en-US,en;q=0.9
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                      Sec-Fetch-Site: same-origin
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      Accept-Encoding: gzip, deflate, br
                      If-None-Match: "78-5faa31cce96da"
                      If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                      2024-10-28 01:56:27 UTC198INHTTP/1.1 304 Not Modified
                      Content-Type: text/plain; charset=UTF-8
                      Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                      ETag: "78-5faa31cce96da"
                      Date: Mon, 28 Oct 2024 01:56:27 GMT
                      Connection: close


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:2
                      Start time:21:56:12
                      Start date:27/10/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\C0260-COUNCIL APPROVED PLANS - ISSUE D[74]-- Panels & Inverter layout .pdf"
                      Imagebase:0x7ff6bc1b0000
                      File size:5'641'176 bytes
                      MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:3
                      Start time:21:56:13
                      Start date:27/10/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                      Imagebase:0x7ff74bb60000
                      File size:3'581'912 bytes
                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:5
                      Start time:21:56:13
                      Start date:27/10/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1736,i,3149293254511597146,14732658930209850938,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                      Imagebase:0x7ff74bb60000
                      File size:3'581'912 bytes
                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      Disassembly

                      No disassembly