Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Summary.pdf

Overview

General Information

Sample name:Summary.pdf
Analysis ID:1543856
MD5:2828be795a4940ac1f0dfdca2defd5f2
SHA1:4248cbff8bf936fa8958ecb0687fb3500cbd4595
SHA256:6528651a41307cad2ec1b88ea458f673cbf435ea239232b829f32b89f302d1f5
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7424 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Summary.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7632 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7820 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2040 --field-trial-handle=1636,i,16405949658811608484,8588834111336071474,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.7:49721 -> 96.6.168.143:443
Source: global trafficTCP traffic: 192.168.2.7:49721 -> 96.6.168.143:443
Source: global trafficTCP traffic: 192.168.2.7:49721 -> 96.6.168.143:443
Source: global trafficTCP traffic: 192.168.2.7:49721 -> 96.6.168.143:443
Source: global trafficTCP traffic: 192.168.2.7:49721 -> 96.6.168.143:443
Source: global trafficTCP traffic: 192.168.2.7:49721 -> 96.6.168.143:443
Source: global trafficTCP traffic: 192.168.2.7:49721 -> 96.6.168.143:443
Source: global trafficTCP traffic: 192.168.2.7:49721 -> 96.6.168.143:443
Source: global trafficTCP traffic: 192.168.2.7:49721 -> 96.6.168.143:443
Source: global trafficTCP traffic: 192.168.2.7:49721 -> 96.6.168.143:443
Source: global trafficTCP traffic: 192.168.2.7:49721 -> 96.6.168.143:443
Source: global trafficTCP traffic: 192.168.2.7:49721 -> 96.6.168.143:443
Source: global trafficTCP traffic: 96.6.168.143:443 -> 192.168.2.7:49721
Source: global trafficTCP traffic: 192.168.2.7:49721 -> 96.6.168.143:443
Source: global trafficTCP traffic: 192.168.2.7:49721 -> 96.6.168.143:443
Source: global trafficTCP traffic: 96.6.168.143:443 -> 192.168.2.7:49721
Source: global trafficTCP traffic: 96.6.168.143:443 -> 192.168.2.7:49721
Source: global trafficTCP traffic: 192.168.2.7:49721 -> 96.6.168.143:443
Source: global trafficTCP traffic: 96.6.168.143:443 -> 192.168.2.7:49721
Source: global trafficTCP traffic: 96.6.168.143:443 -> 192.168.2.7:49721
Source: global trafficTCP traffic: 192.168.2.7:49721 -> 96.6.168.143:443
Source: global trafficTCP traffic: 192.168.2.7:49721 -> 96.6.168.143:443
Source: global trafficTCP traffic: 96.6.168.143:443 -> 192.168.2.7:49721
Source: global trafficTCP traffic: 192.168.2.7:49721 -> 96.6.168.143:443
Source: global trafficTCP traffic: 96.6.168.143:443 -> 192.168.2.7:49721
Source: global trafficTCP traffic: 192.168.2.7:49721 -> 96.6.168.143:443
Source: global trafficTCP traffic: 96.6.168.143:443 -> 192.168.2.7:49721
Source: global trafficTCP traffic: 192.168.2.7:49721 -> 96.6.168.143:443
Source: global trafficTCP traffic: 96.6.168.143:443 -> 192.168.2.7:49721
Source: global trafficTCP traffic: 96.6.168.143:443 -> 192.168.2.7:49721
Source: global trafficTCP traffic: 192.168.2.7:49721 -> 96.6.168.143:443
Source: global trafficTCP traffic: 192.168.2.7:49721 -> 96.6.168.143:443
Source: global trafficTCP traffic: 96.6.168.143:443 -> 192.168.2.7:49721
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.168.143
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.168.143
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.168.143
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.168.143
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.168.143
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.168.143
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.168.143
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.168.143
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.168.143
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.168.143
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.168.143
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: Summary.pdfString found in binary or memory: https://support.docusign.com/guides/signer-guide-signing-system-requirements)
Source: ReaderMessages.0.drString found in binary or memory: https://www.adobe.co
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: classification engineClassification label: clean2.winPDF@14/49@1/1
Source: Summary.pdfInitial sample: https://support.docusign.com/guides/signer-guide-signing-system-requirements
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7548Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-28 10-07-20-820.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Summary.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2040 --field-trial-handle=1636,i,16405949658811608484,8588834111336071474,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2040 --field-trial-handle=1636,i,16405949658811608484,8588834111336071474,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Summary.pdfInitial sample: PDF keyword /JS count = 0
Source: Summary.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: A9l8ak7n_1637gp_5to.tmp.0.drInitial sample: PDF keyword /JS count = 0
Source: A9l8ak7n_1637gp_5to.tmp.0.drInitial sample: PDF keyword /JavaScript count = 0
Source: Summary.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: Summary.pdfInitial sample: PDF keyword obj count = 50
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Spearphishing Link		3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe
https://www.adobe.co0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
217.20.57.35
truefalse
    		unknown
    x1.i.lencr.org
    		unknown
    		unknownfalse
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
      • URL Reputation: safe
      		unknown
      https://www.adobe.coReaderMessages.0.drfalse
      • URL Reputation: safe
      		unknown
      https://support.docusign.com/guides/signer-guide-signing-system-requirements)Summary.pdffalse
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        96.6.168.143
        		unknownUnited States
        		16625AKAMAI-ASUSfalse

        General Information

        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1543856
        Start date and time:2024-10-28 15:06:08 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 4m 22s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowspdfcookbook.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:14
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:Summary.pdf
        Detection:CLEAN
        Classification:clean2.winPDF@14/49@1/1
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        Cookbook Comments:
        • Found application associated with file extension: .pdf
        • Found PDF document
        • Close Viewer

        Warnings

        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 184.28.88.176, 162.159.61.3, 172.64.41.3, 18.207.85.246, 34.193.227.236, 107.22.247.231, 54.144.73.197, 2.23.197.184, 217.20.57.35, 2.19.126.143, 2.19.126.149
        • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
        • Not all processes where analyzed, report is missing behavior information
        • VT rate limit hit for: Summary.pdf

        Simulations

        Behavior and APIs

        TimeTypeDescription
        10:07:28API Interceptor2x Sleep call for process: AcroCEF.exe modified

        LLM Input / Output

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comhttps://bitly.cx/NXacYGet hashmaliciousGRQ ScamBrowse
        • 217.20.57.19
        https://link.edgepilot.com/s/e9b35021/KNsrNVGwOUukNjaKm_560w?u=https://publicidadnicaragua.com/Get hashmaliciousUnknownBrowse
        • 217.20.57.34
        lBYtUYrlFO.exeGet hashmaliciousStealcBrowse
        • 217.20.57.34
        file.exeGet hashmaliciousUnknownBrowse
        • 217.20.57.18
        http://fleurifleuri.com/Get hashmaliciousUnknownBrowse
        • 217.20.57.18
        https://deborahmeagher.com.de/kfOoB/Get hashmaliciousHTMLPhisherBrowse
        • 217.20.57.18
        http://ERICADLERCLOTHING.comGet hashmaliciousUnknownBrowse
        • 84.201.210.21
        __5A1AACAD-4F60-4DC8-94AA-4866010B7794_.batGet hashmaliciousUnknownBrowse
        • 217.20.57.34
        tue.batGet hashmaliciousUnknownBrowse
        • 217.20.57.18
        3coxOaV92n.exeGet hashmaliciousScreenConnect ToolBrowse
        • 84.201.210.18

        ASNs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        AKAMAI-ASUSW9f3Fx6sL4.exeGet hashmaliciousStealc, VidarBrowse
        • 23.47.50.164
        https://onedrive.live.com/view.aspx?resid=8656653D19C3C7C0!s553e3fe901654d86bcc4ed44c7c05dd3&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy84NjU2NjUzZDE5YzNjN2MwL0V1a19QbFZsQVlaTnZNVHRSTWZBWGRNQmtvbDQ2b1NlN1o5MGFiazNzS3lGSlE_ZT1UMnQ4S3Y&wd=target%28Sezione%20senza%20titolo.one%7C8d7e5173-6006-4648-a69d-e39e66e7041a%2FAblehnung%20Rechnung%20R15946098273-KU30_WE02%20Vom%2028%5C%2F%7Cd77916b9-b471-429a-a13e-74764563e56b%2F%29&wdorigin=NavigationUrlGet hashmaliciousHTMLPhisherBrowse
        • 23.38.98.101
        file.exeGet hashmaliciousStealc, VidarBrowse
        • 23.47.50.150
        la.bot.m68k.elfGet hashmaliciousUnknownBrowse
        • 95.100.54.149
        nabarm5.elfGet hashmaliciousUnknownBrowse
        • 184.30.186.248
        nklm68k.elfGet hashmaliciousUnknownBrowse
        • 23.204.223.248
        nabsh4.elfGet hashmaliciousUnknownBrowse
        • 104.79.63.199
        nklarm7.elfGet hashmaliciousUnknownBrowse
        • 184.50.112.81
        jklmips.elfGet hashmaliciousUnknownBrowse
        • 173.222.172.188
        la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
        • 23.77.7.134

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):300
        Entropy (8bit):5.1913480739243765
        Encrypted:false
        SSDEEP:6:ybV1egEq2PcNwi2nKuAl9OmbnIFUt8hbV1eRZZmw+hbV1eRzkwOcNwi2nKuAl9Oe:e1UvLZHAahFUt8b1gZ/+b1gz54ZHAaSJ
        MD5:B2C054D9B9ABEC0E19A1EA7A952CE34E
        SHA1:3322000A4F508802C3F42F8967163F8622DC08E4
        SHA-256:10890563A7C740B5525EE7F5FBA9EA7C0A6B7E2F12C656337DF4506A420016ED
        SHA-512:C4E027FAD736B6F21146050FD72E5B56B9D859F8857D639899AF3A172A2552AF5E6034B7626A48622840A5EC804A143AED325A19DECECB8F4FC46B1CCDB01B03
        Malicious:false
        Reputation:low
        Preview:2024/10/28-10:07:18.550 1e80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/28-10:07:18.553 1e80 Recovering log #3.2024/10/28-10:07:18.553 1e80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):300
        Entropy (8bit):5.1913480739243765
        Encrypted:false
        SSDEEP:6:ybV1egEq2PcNwi2nKuAl9OmbnIFUt8hbV1eRZZmw+hbV1eRzkwOcNwi2nKuAl9Oe:e1UvLZHAahFUt8b1gZ/+b1gz54ZHAaSJ
        MD5:B2C054D9B9ABEC0E19A1EA7A952CE34E
        SHA1:3322000A4F508802C3F42F8967163F8622DC08E4
        SHA-256:10890563A7C740B5525EE7F5FBA9EA7C0A6B7E2F12C656337DF4506A420016ED
        SHA-512:C4E027FAD736B6F21146050FD72E5B56B9D859F8857D639899AF3A172A2552AF5E6034B7626A48622840A5EC804A143AED325A19DECECB8F4FC46B1CCDB01B03
        Malicious:false
        Reputation:low
        Preview:2024/10/28-10:07:18.550 1e80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/28-10:07:18.553 1e80 Recovering log #3.2024/10/28-10:07:18.553 1e80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):344
        Entropy (8bit):5.186436236067265
        Encrypted:false
        SSDEEP:6:ybV1SAo4q2PcNwi2nKuAl9Ombzo2jMGIFUt8hbV1SbJZmw+hbV1SBDlDkwOcNwiV:e1/XvLZHAa8uFUt8b1G/+b16N54ZHAaU
        MD5:3F21FD9706583014134E7935581D69B1
        SHA1:455F8E94680C05C451C426010CF2BB7604F30097
        SHA-256:1B430ABE68E09753666EBC649486AA70D13B563557B089554B8D5311A5619522
        SHA-512:B544D189B169AC35AA5599DBBD80B7143108473B644CF3F23FB3A2E689EFC175EB421980D17449E4488B18A3947B84BDBE121B39443E346A67A4C3D6073344B8
        Malicious:false
        Reputation:low
        Preview:2024/10/28-10:07:18.976 1f00 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/28-10:07:18.983 1f00 Recovering log #3.2024/10/28-10:07:18.987 1f00 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):344
        Entropy (8bit):5.186436236067265
        Encrypted:false
        SSDEEP:6:ybV1SAo4q2PcNwi2nKuAl9Ombzo2jMGIFUt8hbV1SbJZmw+hbV1SBDlDkwOcNwiV:e1/XvLZHAa8uFUt8b1G/+b16N54ZHAaU
        MD5:3F21FD9706583014134E7935581D69B1
        SHA1:455F8E94680C05C451C426010CF2BB7604F30097
        SHA-256:1B430ABE68E09753666EBC649486AA70D13B563557B089554B8D5311A5619522
        SHA-512:B544D189B169AC35AA5599DBBD80B7143108473B644CF3F23FB3A2E689EFC175EB421980D17449E4488B18A3947B84BDBE121B39443E346A67A4C3D6073344B8
        Malicious:false
        Reputation:low
        Preview:2024/10/28-10:07:18.976 1f00 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/28-10:07:18.983 1f00 Recovering log #3.2024/10/28-10:07:18.987 1f00 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\82b2649a-57c7-4f76-98c9-e608d39a3aa9.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):475
        Entropy (8bit):4.969814904260269
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
        MD5:7BE9C8316EB1B7252CB363207744A145
        SHA1:57861355BE6541501AED40F896891579DCF473BF
        SHA-256:B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
        SHA-512:2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
        Malicious:false
        Reputation:moderate, very likely benign file
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):475
        Entropy (8bit):4.969814904260269
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
        MD5:7BE9C8316EB1B7252CB363207744A145
        SHA1:57861355BE6541501AED40F896891579DCF473BF
        SHA-256:B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
        SHA-512:2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
        Malicious:false
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF6ac485.TMP (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):475
        Entropy (8bit):4.969814904260269
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
        MD5:7BE9C8316EB1B7252CB363207744A145
        SHA1:57861355BE6541501AED40F896891579DCF473BF
        SHA-256:B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
        SHA-512:2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
        Malicious:false
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f6d02bcb-acd3-403c-b480-301da542ce90.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:modified
        Size (bytes):475
        Entropy (8bit):4.97196132533112
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqsFhsBdOg2HpBAcaq3QYiubSpDyP7E4T3y:Y2sRdsjydMHpBr3QYhbSpDa7nby
        MD5:9933765721FC22D60538A34720B80C75
        SHA1:DF1A57B656703EA26DD39C81502A6B958F74072D
        SHA-256:36DCBB191D2EA3E0EB81B8DFD8712F9D5D2DA862DC227AB58E216EB4C8FCA61F
        SHA-512:1BCC81052A5ED137268E95422E30C0BEA62311527F2B1DA426009D3D62C68C92FF3F3AFE1929E7743ED23B37243CB5672D343BA3FCC5B31C4A0FDA07325270EC
        Malicious:false
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374684450504246","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":232689},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):4509
        Entropy (8bit):5.231969636406993
        Encrypted:false
        SSDEEP:96:CwNwpDGHqPySfkcr2smSX8I2OQCDh28wDtPmaTkXJ0X0aZ:CwNw1GHqPySfkcigoO3h28ytPlTy4DZ
        MD5:3A94ED8580420D6D6058A9E939428498
        SHA1:B438BB639D078F45415DA2354DBDEC20E5FC9F3A
        SHA-256:9742A26CED5AE0155C458793FEB27AA13240E6198FC29143D904D2D9C1E6CB5B
        SHA-512:336EC32515722029F4EF4DBEE7AB49ECC3A8C94FADBC2B8E19BADB0FD63D1E5C0008487C6352B86AA5647FEC07A9426420C7C965E3AB84A28920B57A57E37AFF
        Malicious:false
        Preview:*...#................version.1..namespace-.aw.o................next-map-id.1.Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.0I.$.r................next-map-id.2.Snamespace-9a9aa6d6_c307_4dda_b6c0_dc91084c8e68-https://rna-v2-resource.acrobat.com/.1!...r................next-map-id.3.Snamespace-1fbd9dc5_70a3_4975_91b4_966e0915c27a-https://rna-v2-resource.acrobat.com/.2..N.o................next-map-id.4.Pnamespace-0e0aed8d_6d6f_4be0_b28f_8e02158bc792-https://rna-resource.acrobat.com/.3*.z.o................next-map-id.5.Pnamespace-52652c26_09c2_43f2_adf7_da56a1f00d32-https://rna-resource.acrobat.com/.4.{.^...............Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.C..r................next-map-id.6.Snamespace-3a89c6b0_72b9_411a_9e44_fa247f34ac91-https://rna-v2-resource.acrobat.com/.5.q._r................next-map-id.7.Snamespace-02b23955_9103_42e0_ba64_3f8683969652-https://rna-v2-resource.acrobat.com/.6..d.o..............

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):332
        Entropy (8bit):5.213159345189542
        Encrypted:false
        SSDEEP:6:ybV1cN4q2PcNwi2nKuAl9OmbzNMxIFUt8hbV1cLbNJZmw+hbV1cvDkwOcNwi2nKA:e17vLZHAa8jFUt8b16X/+b1454ZHAa8E
        MD5:70B50EE95CB75C86E99F281085561090
        SHA1:12071613A61BD436F36F29BD62C3E0B92030AE53
        SHA-256:F9EBF28BD3A85A8763B787E3B628D97BDB02D70C2838B98FD7B1E8D9F394026A
        SHA-512:E777FB891B7811B7CB6C6ED318F5E2F3E61C67AED837D4B7C56A2899F2DFA48295F8BAEFD8C8835B44B2B53CE8EF2456FCA03CEA992B7E2219F2C366A52C7D8E
        Malicious:false
        Preview:2024/10/28-10:07:19.573 1f00 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/28-10:07:19.586 1f00 Recovering log #3.2024/10/28-10:07:19.597 1f00 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):332
        Entropy (8bit):5.213159345189542
        Encrypted:false
        SSDEEP:6:ybV1cN4q2PcNwi2nKuAl9OmbzNMxIFUt8hbV1cLbNJZmw+hbV1cvDkwOcNwi2nKA:e17vLZHAa8jFUt8b16X/+b1454ZHAa8E
        MD5:70B50EE95CB75C86E99F281085561090
        SHA1:12071613A61BD436F36F29BD62C3E0B92030AE53
        SHA-256:F9EBF28BD3A85A8763B787E3B628D97BDB02D70C2838B98FD7B1E8D9F394026A
        SHA-512:E777FB891B7811B7CB6C6ED318F5E2F3E61C67AED837D4B7C56A2899F2DFA48295F8BAEFD8C8835B44B2B53CE8EF2456FCA03CEA992B7E2219F2C366A52C7D8E
        Malicious:false
        Preview:2024/10/28-10:07:19.573 1f00 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/28-10:07:19.586 1f00 Recovering log #3.2024/10/28-10:07:19.597 1f00 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241028140723Z-198.bmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
        Category:dropped
        Size (bytes):71190
        Entropy (8bit):1.929375845878917
        Encrypted:false
        SSDEEP:192:vdjxjSJCU8kar9nwynhJnzCA8rK7Js1yNooBp8XLuktLdZ:vdjxjpU2Nlvzh7uQLG
        MD5:59A4EA587F48433F1AB7927F24E1C8EC
        SHA1:DC6F41DA89854B1BAFA59EB8954688306A1646B9
        SHA-256:CC8BDD12C7F5BD0A214EA84B845389FE2CF000C8D4A5396384211B0ABAAA52C3
        SHA-512:1DD95D0D40B39D8B8B03FB6B1315E4BF85C8E0A49C40740BD14F36FEA59583AC50801C8D11B480C7AC6A23FC10621D79685EA23B30C1054B993ED4CCA80DC3ED
        Malicious:false
        Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
        Category:dropped
        Size (bytes):86016
        Entropy (8bit):4.438733321968482
        Encrypted:false
        SSDEEP:384:yeaci5GMiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:1gurVgazUpUTTGt
        MD5:8342D4D1DCF3024BE39A074F6F201A08
        SHA1:6BA8FF2FC91A91D5F1EFFC3A6C166E58D77F91CA
        SHA-256:110BE94180E18EA9BE57101F56CC6621B8B17D8ED7F185F7BFFF1A1C3E87875D
        SHA-512:80BE0F2B8C5FEB359DEEA1FB4A3D432AE06963F40B7FFE6ABE965A0A7C35F88F63267A0E90EA058C5E8799DCB80F064AF5EB7B14BB3442E963E0728362E21F04
        Malicious:false
        Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):3.777287739268947
        Encrypted:false
        SSDEEP:48:7MVp/E2ioyV7ioy3DoWoy1CABoy13KOioy1noy1AYoy1Wioy1hioybioy3oy1no6:7apju70iAhXKQi8b9IVXEBodRBkQ
        MD5:BB629AE3FDB081DB9215BF8352A984D0
        SHA1:97A4481249E511A4443AD0326E0E522F7E74620A
        SHA-256:A7A0A87A329BF55B816FEA50508C1AD4973CBE3E1278FFD0EC5D08E9577B678C
        SHA-512:7BB50C599B71B7BF505952966072AF47A8C6E3BA785CE97992F063B37415E9DEF92B85BD59DAAB6D03400C509A00D636AC37FD431A6864C1F90BB8820A4BACEB
        Malicious:false
        Preview:.... .c.......%...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Certificate, Version=3
        Category:dropped
        Size (bytes):1391
        Entropy (8bit):7.705940075877404
        Encrypted:false
        SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
        MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
        SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
        SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
        SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
        Malicious:false
        Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
        Category:dropped
        Size (bytes):71954
        Entropy (8bit):7.996617769952133
        Encrypted:true
        SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
        MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
        SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
        SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
        SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
        Malicious:false
        Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):192
        Entropy (8bit):2.756901573172974
        Encrypted:false
        SSDEEP:3:kkFkl7Nn3/tfllXlE/HT8kzhlZNNX8RolJuRdxLlGB9lQRYwpDdt:kK23/eT86hpNMa8RdWBwRd
        MD5:2CB192AAE83D4208D66C29B7AC352788
        SHA1:C64A93122ECD204E13EFA3BD5732E40A8EE88817
        SHA-256:9ADC04325824C7CBD8F07234B1B72DE9E2D4CEADB633E4C43ECB8D35BBE8DA09
        SHA-512:363BD75C4E42F18A7D0178E466B37E6FACF8F07CD0D2FC572E6056C3DEFD0A1426D8CCF339171665E344DC4C540CF25694145CE2EBCFA7ACDD522F5D8237E86C
        Malicious:false
        Preview:p...... .........1.B)..(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:modified
        Size (bytes):328
        Entropy (8bit):3.1379890379152853
        Encrypted:false
        SSDEEP:6:kKoPL9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:APiDnLNkPlE99SNxAhUe/3
        MD5:F93236BE7CC84AC0D52A3AB5D4A1E6DC
        SHA1:E09375EEE4E315A9526DFAEE8A40D390FC0BEDAD
        SHA-256:C19FD3AE9AF231DE3F844BCE2E57C6265563F701A54A5ACEB2D384A81DD4F17A
        SHA-512:37450AA072A847ADCB80D2E54EB4007A3886433F2B70540024B13B54988D495341B59E4258FF108AA9D04A3E11CCA095241AB90A7075F2ABACD876514B40F8BC
        Malicious:false
        Preview:p...... ........(v..B)..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7548

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):185099
        Entropy (8bit):5.182478651346149
        Encrypted:false
        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
        MD5:94185C5850C26B3C6FC24ABC385CDA58
        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):185099
        Entropy (8bit):5.182478651346149
        Encrypted:false
        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
        MD5:94185C5850C26B3C6FC24ABC385CDA58
        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):295
        Entropy (8bit):5.378420910328621
        Encrypted:false
        SSDEEP:6:YEQXJ2HXgQ/WWsGiIPEeOF0YYTOoAvJM3g98kUwPeUkwRe9:YvXKXguRsdTeO4xGMbLUkee9
        MD5:69F81AD328AACA8E15A105320638D480
        SHA1:C49E95EE88F16DE03EF555765281998DB90EB1A9
        SHA-256:089D0D1849519CAE42669A28056AE3BF53B00233F1CFEB06FB80B9A20E6F0650
        SHA-512:C3DEE4859CA23EDAFCA9451F232E04A01F51579571F9C46F72F898DF30AA6E73EC176EE92FF72A33D71CACD38364788F3B77A9C645749E5554FC231A1B4835B0
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"b8423425-887b-41c7-ac84-386ab8f502e2","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1730299153691,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.315656504942551
        Encrypted:false
        SSDEEP:6:YEQXJ2HXgQ/WWsGiIPEeOF0YYTOoAvJfBoTfXpnrPeUkwRe9:YvXKXguRsdTeO4xGWTfXcUkee9
        MD5:6FE935EF8C79A47E51D6311D17FE3C52
        SHA1:87B4F76861EE64AD1C56AF506C1BF150DE3D642A
        SHA-256:E326C45500E2A3A29C072308C85BCB419F35700B64319A62461745C628AF5406
        SHA-512:3696366E18384E0CCEBA3ED4A4C6F1CC617B18AE042D5606FCAD51D9D17F2D20A9A832AF917A41E7F153AA81DE796C74B532EEFA0E0EFD6F90075E4DA6B0996C
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"b8423425-887b-41c7-ac84-386ab8f502e2","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1730299153691,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.293916000300357
        Encrypted:false
        SSDEEP:6:YEQXJ2HXgQ/WWsGiIPEeOF0YYTOoAvJfBD2G6UpnrPeUkwRe9:YvXKXguRsdTeO4xGR22cUkee9
        MD5:BA7C33BE413DA3AF31E89F134B2DDA24
        SHA1:BB4B755D4D7271CF3BB0A9C882DF8E1DB465348A
        SHA-256:0318DB0F4CA0AC68928346A502268F334CCEB6A42C4BAAA13475B120DA9C1C99
        SHA-512:F82A199BB52A79BDBE3643B24F3F60D7F7D7C8EE52DDBF0264C0BFA88797E99CF32BD8ECE4A210629F68725A579BA1CA3B9CFCAC047DE881271F28D508B301F3
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"b8423425-887b-41c7-ac84-386ab8f502e2","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1730299153691,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):285
        Entropy (8bit):5.365827547659275
        Encrypted:false
        SSDEEP:6:YEQXJ2HXgQ/WWsGiIPEeOF0YYTOoAvJfPmwrPeUkwRe9:YvXKXguRsdTeO4xGH56Ukee9
        MD5:3D5681F4B791C709E0F2DD1B7A6D2439
        SHA1:C813DA46902251878F004A9E2D61ED08178F98DF
        SHA-256:09141FC7A90938F15127CD1B129772E7A0576A2322E1C4181ACCBB75FD9B085E
        SHA-512:F2E5CF57E5EDDF0D98FE07A57BE0DEEB3466A393A22710E39D436B66D24643F0606F8C2B4F31140017E24A46B54D68353FFB4DA55AA65758B9D75777F3DA9917
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"b8423425-887b-41c7-ac84-386ab8f502e2","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1730299153691,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1055
        Entropy (8bit):5.663804882195635
        Encrypted:false
        SSDEEP:24:Yv6XbmeORpLgEscLf7nnl0RCmK8czOCCSO:YvjeehgGzaAh8cv/O
        MD5:F42A2C3467F1561B83416AD0C81E08AE
        SHA1:D4A23D9201738651CAF765054AB70D3ABBA26C52
        SHA-256:B2C2940120F6CDD86BCB408A6613F7F28BF75413370B745E09B9C12FFC6B1333
        SHA-512:5BFDA1A27FB7FE6EF624DD6686C1E79A6FF71996CF94C2C3BE25D585C149C2F555C2AC1D85E6566B9B621AAE49D07272FE7515459E295F54430227EE7D3BD397
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"b8423425-887b-41c7-ac84-386ab8f502e2","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1730299153691,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_1","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"eb1a4bce-8215-46f1-b44c-154b21a85d60","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingScheme":tr

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1050
        Entropy (8bit):5.657629060988638
        Encrypted:false
        SSDEEP:24:Yv6XbmeONVLgEF0c7sbnl0RCmK8czOCYHflEpwiV7:YvjeIFg6sGAh8cvYHWpwO
        MD5:0E6197CDD4315CB93534A9AADC69ABBE
        SHA1:475150A6373BE3C0A59EC3D06B752BEC29B6B636
        SHA-256:4830AD732E0637E1472623B86C48FDE41575DF4188551D37B5A58F34D68DC9BE
        SHA-512:62233A154044CFEAEB3A74A812C13670B6AB534E8CE9B68224E6816E9B013D300E9CAD334175997FA9C833344F9BD955177455497DA52D9E94197252DBF12CDB
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"b8423425-887b-41c7-ac84-386ab8f502e2","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1730299153691,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.309276826422293
        Encrypted:false
        SSDEEP:6:YEQXJ2HXgQ/WWsGiIPEeOF0YYTOoAvJfQ1rPeUkwRe9:YvXKXguRsdTeO4xGY16Ukee9
        MD5:2FCBD1085C233AD1A9DB7389232B3669
        SHA1:694425C10C729A54C69B773851AB08DCACDE74A6
        SHA-256:75678E2A42EEB4B84AF4F85D2BB790C4605D386DDA08F54D0BCCF8DD2879FAB5
        SHA-512:63BCFB500AA5C5750FEE29A0A025746475037F08E6DA4A907F8E2BA1957D7D6910A3A384CD093DBE92CC66CA3178FD28CA513321524CFCAE75DCB997375FFB3F
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"b8423425-887b-41c7-ac84-386ab8f502e2","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1730299153691,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1038
        Entropy (8bit):5.6568060434263
        Encrypted:false
        SSDEEP:24:Yv6XbmeOM2LgEF7cciAXs0nl0RCmK8czOCAPtciB7:YvjeNogc8hAh8cvAt
        MD5:BC1026C765F86E3E42984064C417FA4E
        SHA1:CA964A0CD7B9BBAF76DB75725C5541CAD6029E0F
        SHA-256:A1C1CAB22DE40EFA5A0522EFA242C60622E54259C4AEBA2949CA6676CF046A17
        SHA-512:3FB683D8DA086118E961866FB504ABE18B47BE9143CFDF679B828A847AB7DCA3F020B3328B4747D8594A56085808C58CA0D497312DA4F1B8E8CD9897288AA061
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"b8423425-887b-41c7-ac84-386ab8f502e2","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1730299153691,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1164
        Entropy (8bit):5.70347149429401
        Encrypted:false
        SSDEEP:24:Yv6XbmeOMKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK57:YvjelEgqprtrS5OZjSlwTmAfSKp
        MD5:CE3C8213CBEF810F408D0B357A417271
        SHA1:18E24B8713D1B7011B549F87439EA3CAB73C0BA3
        SHA-256:5106A81A271C53C0854F64B2A6601FE379B361D65B23D55E9FFEC6E399598AD8
        SHA-512:01E094BBDFD1BF38D8507E6E387AC5AF4602B44956D30B8D7487A660F3CB311C2EAF57BA1FBAE5820B70A496B7C70A3DD6A9F9E3FC0DE86EC81EDD801763EF9A
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"b8423425-887b-41c7-ac84-386ab8f502e2","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1730299153691,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.312348318176249
        Encrypted:false
        SSDEEP:6:YEQXJ2HXgQ/WWsGiIPEeOF0YYTOoAvJfYdPeUkwRe9:YvXKXguRsdTeO4xGg8Ukee9
        MD5:E5C6FCC6919BE0BAB5BAC5039A00FF86
        SHA1:EF29EAA7F55A5A34229BC870ACA7AA78BCC4B90D
        SHA-256:CD1C73D500A9292DF40E84B350C9587AD4E95A792A5009094867C8E104010323
        SHA-512:A5615E22B484E306CB6BD0FD1407A4B4D9C986084ADDC97823BBD3232A1EDE34C1EB0964C2EA9279AF101DF68A9A14732729C9947131653E9239D852C0001F86
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"b8423425-887b-41c7-ac84-386ab8f502e2","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1730299153691,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1395
        Entropy (8bit):5.778758081519151
        Encrypted:false
        SSDEEP:24:Yv6XbmeODrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNz:YvjeYHgDv3W2aYQfgB5OUupHrQ9FJp
        MD5:B4E8CFB461BB63E9EC406589D1B8B823
        SHA1:D67ECE37C1E05512AE636C97F0440B0A4F551F28
        SHA-256:0806B13694E4893394F0CF4FC97BBE944DC6E38CAEC4AE7C0725AC583992EC97
        SHA-512:07A373C438E0C2DA37B5242ACFC99B19371329A1EAE0AEA76F175B6C74B48A51DAF5AD6D1C037D8D06270C33D14BF2B2357A69CA23AE8EA8CC3DAA1941B273AD
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"b8423425-887b-41c7-ac84-386ab8f502e2","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1730299153691,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):291
        Entropy (8bit):5.295810547683952
        Encrypted:false
        SSDEEP:6:YEQXJ2HXgQ/WWsGiIPEeOF0YYTOoAvJfbPtdPeUkwRe9:YvXKXguRsdTeO4xGDV8Ukee9
        MD5:5C58680B34B24C9E445F04BC4DF8953F
        SHA1:88F826F221F4AB15322FF20423AD3C1171469CA1
        SHA-256:ADAC19CC0F016B9D44E2E722422A77D298BB40FC3685697A9137C50206309547
        SHA-512:FA6A39BA9048DC13F6BE722C7835492BAFE2B74827FBA89EF852A8F77D5D3AD0AF3643F8F2482BACC100FEDB3A1B4C9E8A59F8D8398A9A463488CF1FC44D6E9F
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"b8423425-887b-41c7-ac84-386ab8f502e2","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1730299153691,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):287
        Entropy (8bit):5.300632919484081
        Encrypted:false
        SSDEEP:6:YEQXJ2HXgQ/WWsGiIPEeOF0YYTOoAvJf21rPeUkwRe9:YvXKXguRsdTeO4xG+16Ukee9
        MD5:72EA6F574F0167FCB1ECA7EB579DB085
        SHA1:A16D52ECCC8580EB2139F6FCF04629CBADF0140F
        SHA-256:B58172940C133B20C2A7583754546234B657DA3A6CD0B89F0EE4834DEBA2599A
        SHA-512:9E398DA6A0F272FC71E807A5AE1161F678AE02ED68C711AB39472E90B4AAC38D7E77F2080CF50F986608C81393AE41868DD13D5F64D043ADF11137FA880F7A94
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"b8423425-887b-41c7-ac84-386ab8f502e2","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1730299153691,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1026
        Entropy (8bit):5.634906565087118
        Encrypted:false
        SSDEEP:24:Yv6XbmeOxamXayLgE7cMCBNaqnl0RCmK8czOC/BSO:YvjecBgACBOAh8cvMO
        MD5:B3E20972086AE0E6A7886A5DAFEC985F
        SHA1:3301BEE0EB1A7375CED62CF5A78DA4D32AAF578E
        SHA-256:7492C5B4307D015A1D10579693529AD84B47B61A872B460350713651D38FB6B1
        SHA-512:A954BDD8F30CEA68F12B38E79FAAD575984F9A050A26C15D15ABFD0DB6E615AFA2A37F3D2524508DC7D4D4A3B666734CF7C2278F1A2C800BC5398B125E292844
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"b8423425-887b-41c7-ac84-386ab8f502e2","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1730299153691,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_0","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"6291f52b-6cb0-4d31-bc46-37ce85e9eb25","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1751323379000,"s

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):286
        Entropy (8bit):5.278311129023269
        Encrypted:false
        SSDEEP:6:YEQXJ2HXgQ/WWsGiIPEeOF0YYTOoAvJfshHHrPeUkwRe9:YvXKXguRsdTeO4xGUUUkee9
        MD5:139ACD0D8F5970E9EB632467039274E9
        SHA1:74808F24532877BDA911DC231C86D4B8AD734BA7
        SHA-256:2189603D4303E0B1842B29588BDCF46923AE03B5C7444559ADBA6D78D3480CA3
        SHA-512:5F80C48B1703E009C4150A0A01F2434F809BF7C4E2F290B08496FD03CAD679E21D732292EDE5580137BCB50473FB958B95F05999D946069BF9B51479C42C00A7
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"b8423425-887b-41c7-ac84-386ab8f502e2","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1730299153691,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):782
        Entropy (8bit):5.37921513243599
        Encrypted:false
        SSDEEP:12:YvXKXguRsdTeO4xGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWxJ:Yv6XbmeOa168CgEXX5kcIfANhO
        MD5:EB7AD73357F2ED5F47A6395AB9E812FB
        SHA1:0002B168E1BC6F4D16AF7E73BD1810A569D536B5
        SHA-256:146E784941F658EA2A027F65E7EA2A60412FC601D82FE92852CE4F93F071778E
        SHA-512:85DC19047018423357C49933FF6D2F9D0B0B995B00F5408841AA548872ED0BAF948E42FC021CB6EA42A2A701E9483455239AB901341DE05D69091735D9C4463B
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"b8423425-887b-41c7-ac84-386ab8f502e2","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1730299153691,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1730124448723}}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):4
        Entropy (8bit):0.8112781244591328
        Encrypted:false
        SSDEEP:3:e:e
        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
        Malicious:false
        Preview:....

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):2818
        Entropy (8bit):5.135096128291014
        Encrypted:false
        SSDEEP:24:Y6CALiqwnaeayprDJJ70GaMChNqAHqiqUne6AJH97FocjDj0SKSgGPWxYkCJ/2cg:Y6AB6AWNOUne64PCGMYkCx5YzMOs9p8
        MD5:D87D60759FA4C71BE81AAD1F975F96AF
        SHA1:7EF17431150D00F7B20698D37B5A773F8E6AAA2D
        SHA-256:06EE2FF68CC4BAF3715E3589DD5C8400F3C89B32768E54B0CFF201DA7E733EAA
        SHA-512:4E7E51AA0A37A0954F570F708C20E9D6C8FD114832B45D51A4A41C5156C11164D6BDA76460B9942B343A33FA05F4231A4E79C1D62B655008541EFA523E59095E
        Malicious:false
        Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"401fc82ee00e23c437f991663db89f98","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1730124448000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"b90429ac662fdffb5915797d55c68a9e","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1730124448000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"263cbc05a5d930ac38d1ebe0a801ff72","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1026,"ts":1730124448000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"473c74db07211a5f6befbd66fac9fade","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1055,"ts":1730124448000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"89f1337926412a88d75291fa54ba3878","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1730124448000},{"id":"Edit_InApp_Aug2020","info":{"dg":"7278f5dbc316180fa6decbac53fc0359","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
        Category:dropped
        Size (bytes):12288
        Entropy (8bit):1.452502135210741
        Encrypted:false
        SSDEEP:48:TGufl2GL7msCvrBd6dHtbGIbPe0K3+fDy2dsslQ:lNVmsw3SHtbDbPe0K3+fDZdw
        MD5:43BE99FEFA5C4982CD09F1409F4D958F
        SHA1:18935A2A08C4DE6AF99377DB751B8FA66BD8D97C
        SHA-256:40E3601FF7CD2C2C81FAD90A03457763F11B9585CF5E19CD9BB14E957A003022
        SHA-512:EB462DA8D2ABCA6B38A6D7BD6D4ADF488D5A61E0F2CB3281CCDF20F2760125593796A80EE06531E139EFEB93E2806E4503B5734FEE41B67219E5FFBF66ED0E6D
        Malicious:false
        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):1.9577114003666725
        Encrypted:false
        SSDEEP:48:7MWrvrBd6dHtbGIbPe0K3+fDy2dspSqFl2GL7msC:7v3SHtbDbPe0K3+fDZdhKVmsC
        MD5:76C76BFA5613799B1346AEC8CF5FDC38
        SHA1:A38FC8FFD04CEA3663E53541F5320762515C087D
        SHA-256:69C677C5B9FED4C3E3B799CCE89652AFE889E5F58F0D7D4347B7083CA1E526F5
        SHA-512:F4134EA0E3A18B68748509813DE5EA57D280919CD9B825A2FDD474BB9BDFB85E1496F05A27B8F9B69AA94FC1016E0D128F4B1E1B897F9A05008D1449E9E045B8
        Malicious:false
        Preview:.... .c.....2........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\MSIa85c6.LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
        Category:dropped
        Size (bytes):246
        Entropy (8bit):3.511206980872271
        Encrypted:false
        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K88qdNql2le:Qw946cPbiOxDlbYnuRKnlT
        MD5:EAA7E7AD1B8F1AFA62E52341F997FC59
        SHA1:90A571380B15CE64B62B50BCAB36F9621DD8C8BE
        SHA-256:61D6A51277C47C7C8CFCF3C38DC3A419540BFBD5B929C07F98BDE24D15F23DFA
        SHA-512:40BF34453A6D251A2D16E6B25406CB2637DBA04DF7C9A05920AA6B4070D45C1A7EB73120AE8ED1C22EA6A8C6451207C478BAABCACC629A19B6FA76178C4C5B9F
        Malicious:false
        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.8./.1.0./.2.0.2.4. . .1.0.:.0.7.:.2.6. .=.=.=.....

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9l8ak7n_1637gp_5to.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PDF document, version 1.6, 0 pages
        Category:dropped
        Size (bytes):358
        Entropy (8bit):5.015594839009266
        Encrypted:false
        SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOx/YT6/Y+aCSyAAO:IngVMre9T0HQIDmy9g06JXB/V/LalX
        MD5:23C6AF8630E3E6EBE792812BCFEA8AD8
        SHA1:C5D5062063602023E0AFD60D948342B336DE30A7
        SHA-256:49BFABEE7288542EFF2416A3BE61366B687F1DD5A03222138639D483952C6E75
        SHA-512:A3A65A17BC52B13C50ECF59C7CB6796E4CAD59DFBC154C9E8F337E8F41DADE38917D59B0EE4FDA8658E5ED2AEE6BA9D29856E7AF965BAAED284BD22014376D89
        Malicious:false
        Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<3188EEE6CA23EA41AF21888100C282B5><3188EEE6CA23EA41AF21888100C282B5>]>>..startxref..127..%%EOF..

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-28 10-07-20-820.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393)
        Category:dropped
        Size (bytes):16525
        Entropy (8bit):5.386483451061953
        Encrypted:false
        SSDEEP:384:A2+jkjVj8jujXj+jPjghjKj0jLjmF/FRFO7t75NsXNsbNsgNssNsNNsaNsliNsTY:AXg5IqTS7Mh+oXChrYhFiQHXiz1W60ID
        MD5:F49CA270724D610D1589E217EA78D6D1
        SHA1:22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3
        SHA-256:D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D
        SHA-512:181B42465DE41E298329CBEB80181CBAB77CFD1701DBA31E61B2180B483BC35E2EFAFFA14C98F1ED0EDDE67F997EE4219C5318CE846BB0116A908FB2EAB61D29
        Malicious:false
        Preview:SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:808+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig:

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393), with CRLF line terminators
        Category:dropped
        Size (bytes):15114
        Entropy (8bit):5.336193497293604
        Encrypted:false
        SSDEEP:384:S3jK7/mi+CRpI91Sb5Lj78PyX0C7ktZKobb/thNUzJgN/GtNFqf+PAPm3Fvttatd:JKs0vP3hh
        MD5:E2F892AC2C8AF42DB07DF1EB939C758A
        SHA1:7B3CCD60A93FBCB73AA621D38C51CD881F6B6705
        SHA-256:A5EBED1B85348A097EE319BB4377471893A5EF10FF8CE64491C37E44D9273D28
        SHA-512:7E3A5E0F8F00716CFF8D886DFCBBBB57FE08485D657C23E763ADB40C8CF6C77BE60CBB0B141951B6F152B1A454A394176481850717A4A05A215547DC58D1025D
        Malicious:false
        Preview:SessionID=3197086a-5658-4bd3-af62-508233cd0601.1730124440830 Timestamp=2024-10-28T10:07:20:830-0400 ThreadID=7624 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=3197086a-5658-4bd3-af62-508233cd0601.1730124440830 Timestamp=2024-10-28T10:07:20:831-0400 ThreadID=7624 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=3197086a-5658-4bd3-af62-508233cd0601.1730124440830 Timestamp=2024-10-28T10:07:20:831-0400 ThreadID=7624 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=3197086a-5658-4bd3-af62-508233cd0601.1730124440830 Timestamp=2024-10-28T10:07:20:831-0400 ThreadID=7624 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=3197086a-5658-4bd3-af62-508233cd0601.1730124440830 Timestamp=2024-10-28T10:07:20:831-0400 ThreadID=7624 Component=ngl-lib_NglAppLib Description="SetConf

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):35721
        Entropy (8bit):5.4073535108756925
        Encrypted:false
        SSDEEP:768:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRldy0+AyxkHBDgRh9gRA:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRu
        MD5:59ED86306E6C59B86E6121F59789EEA9
        SHA1:EEEDCF09240D81FEF6C50E8CD433A915B94971D9
        SHA-256:A6385B905166F006A4DFED9700B3C64CDE7CC8F976A7D7369BE5492D9F9F674D
        SHA-512:33EFE84AA776C1B06D63C7CFBF5E977B43ACE5AD8721AD3E306295FC4493791F9E7DB613EC076A2D33947C9C76B8FB967CFFD408319A9C97AC653AE019F7AF67
        Malicious:false
        Preview:05-10-2023 08:41:17:.---2---..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:41:17:.Closing File..05-10-

        C:\Users\user\AppData\Local\Temp\acrocef_low\133a0210-81b3-494d-ba39-4b3eba6ccae3.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
        Category:dropped
        Size (bytes):1407294
        Entropy (8bit):7.97605879016224
        Encrypted:false
        SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
        MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
        SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
        SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
        SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

        C:\Users\user\AppData\Local\Temp\acrocef_low\3c62372b-6bf5-4625-b0f7-cc6313329a47.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
        Category:dropped
        Size (bytes):386528
        Entropy (8bit):7.9736851559892425
        Encrypted:false
        SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
        MD5:5C48B0AD2FEF800949466AE872E1F1E2
        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
        Malicious:false
        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

        C:\Users\user\AppData\Local\Temp\acrocef_low\74c08ed1-b7f8-4215-8ed7-02f43cf49801.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
        Category:dropped
        Size (bytes):758601
        Entropy (8bit):7.98639316555857
        Encrypted:false
        SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
        MD5:3A49135134665364308390AC398006F1
        SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
        SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
        SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
        Malicious:false
        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

        C:\Users\user\AppData\Local\Temp\acrocef_low\ae815b1a-cdc6-47ee-9ae9-0747ddc436dc.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
        Category:dropped
        Size (bytes):1419751
        Entropy (8bit):7.976496077007677
        Encrypted:false
        SSDEEP:24576:/M7ouWLYZwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLYZwZGuGZn3mlind9i4ufFXpAXkru
        MD5:EC8D4FAB55F24C0E344D263724846C4A
        SHA1:5444D90F86D68A23AF7FB5434DEAE740D57D0312
        SHA-256:E489C11D38BFF8F1F51351BAEBEE9F723A5C036DA0B0CB9C82306251017054EE
        SHA-512:21018FD299944987654C202779C8E0185815868DE7179B814F145573EE8D45ACC33CA7E008CB23774C473DD7939E9D7D7C2E5A14E31D5EC62F7BFFDBBAB41F9A
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

        Static File Info

        General

        File type:PDF document, version 1.5, 4 pages
        Entropy (8bit):7.944922036177854
        TrID:
        • Adobe Portable Document Format (5005/1) 100.00%
        File name:Summary.pdf
        File size:169'693 bytes
        MD5:2828be795a4940ac1f0dfdca2defd5f2
        SHA1:4248cbff8bf936fa8958ecb0687fb3500cbd4595
        SHA256:6528651a41307cad2ec1b88ea458f673cbf435ea239232b829f32b89f302d1f5
        SHA512:99cf5876ec49796cc6dda257cacfaa41e3188d89a4939869f67e205ee3b0e6b248e280a71fdec25536ac41cbffdad1f29fe920937d4cd1809907e5ca5306031d
        SSDEEP:3072:jIhe3ywNsE1a5mwQPH2UWpLRkQum4pkFNODKJCSWIF8PkRq4kqPn+kfWLmwdtN/l:jke3ySa5mwQPWUWdZ4pkbODxSH8PyPfI
        TLSH:41F30232AE48B59CE481C36867703E9A8A4EB2F748C17DD3789C4DC2CBD5536DA73192
        File Content Preview:%PDF-1.5.%.....%Writing objects....4 0 obj.<<./Type /Page./Resources 6 0 R./MediaBox [0.00000 0.00000 612.00000 792.00000 ]./Contents [5 0 R ]./Parent 3 0 R.>>.endobj.5 0 obj.<<./Length 14.>>.stream.. q /X0 Do. Q .endstream.endobj.6 0 obj.<<./XObject <<./

        File Icon

        Icon Hash:62cc8caeb29e8ae0

        Static PDF Info

        General

        Header:%PDF-1.5
        Total Entropy:7.944922
        Total Bytes:169693
        Stream Entropy:7.975028
        Stream Bytes:159960
        Entropy outside Streams:5.151086
        Bytes outside Streams:9733
        Number of EOF found:1
        Bytes after EOF:

        Keywords Statistics

        NameCount
        obj50
        endobj50
        stream17
        endstream17
        xref1
        trailer1
        startxref1
        /Page4
        /Encrypt0
        /ObjStm0
        /URI4
        /JS0
        /JavaScript0
        /AA0
        /OpenAction0
        /AcroForm0
        /JBIG2Decode0
        /RichMedia0
        /Launch0
        /EmbeddedFile0

        Image Streams

        IDDHASHMD5Preview
        8c6c719276b8d85013cfc75d3cfe90484d697e2b9f6ced034

        Network Behavior

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        Oct 28, 2024 15:07:31.658060074 CET49721443192.168.2.796.6.168.143
        Oct 28, 2024 15:07:31.658111095 CET4434972196.6.168.143192.168.2.7
        Oct 28, 2024 15:07:31.658183098 CET49721443192.168.2.796.6.168.143
        Oct 28, 2024 15:07:31.658508062 CET49721443192.168.2.796.6.168.143
        Oct 28, 2024 15:07:31.658523083 CET4434972196.6.168.143192.168.2.7
        Oct 28, 2024 15:07:32.386310101 CET4434972196.6.168.143192.168.2.7
        Oct 28, 2024 15:07:32.386991024 CET49721443192.168.2.796.6.168.143
        Oct 28, 2024 15:07:32.387036085 CET4434972196.6.168.143192.168.2.7
        Oct 28, 2024 15:07:32.388955116 CET4434972196.6.168.143192.168.2.7
        Oct 28, 2024 15:07:32.389024973 CET49721443192.168.2.796.6.168.143
        Oct 28, 2024 15:07:32.458116055 CET49721443192.168.2.796.6.168.143
        Oct 28, 2024 15:07:32.458281040 CET4434972196.6.168.143192.168.2.7
        Oct 28, 2024 15:07:32.458298922 CET49721443192.168.2.796.6.168.143
        Oct 28, 2024 15:07:32.503326893 CET4434972196.6.168.143192.168.2.7
        Oct 28, 2024 15:07:32.511547089 CET49721443192.168.2.796.6.168.143
        Oct 28, 2024 15:07:32.511554956 CET4434972196.6.168.143192.168.2.7
        Oct 28, 2024 15:07:32.558406115 CET49721443192.168.2.796.6.168.143
        Oct 28, 2024 15:07:32.616693974 CET4434972196.6.168.143192.168.2.7
        Oct 28, 2024 15:07:32.616794109 CET4434972196.6.168.143192.168.2.7
        Oct 28, 2024 15:07:32.616844893 CET49721443192.168.2.796.6.168.143
        Oct 28, 2024 15:07:32.617330074 CET49721443192.168.2.796.6.168.143
        Oct 28, 2024 15:07:32.617360115 CET4434972196.6.168.143192.168.2.7

        UDP Packets

        TimestampSource PortDest PortSource IPDest IP
        Oct 28, 2024 15:07:27.533559084 CET6156453192.168.2.71.1.1.1

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Oct 28, 2024 15:07:27.533559084 CET192.168.2.71.1.1.10x827bStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Oct 28, 2024 15:07:27.541551113 CET1.1.1.1192.168.2.70x827bNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
        Oct 28, 2024 15:07:28.437650919 CET1.1.1.1192.168.2.70x36eNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCNAME (Canonical name)IN (0x0001)false
        Oct 28, 2024 15:07:28.437650919 CET1.1.1.1192.168.2.70x36eNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.35A (IP address)IN (0x0001)false
        Oct 28, 2024 15:07:28.437650919 CET1.1.1.1192.168.2.70x36eNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.18A (IP address)IN (0x0001)false
        Oct 28, 2024 15:07:28.437650919 CET1.1.1.1192.168.2.70x36eNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.34A (IP address)IN (0x0001)false
        Oct 28, 2024 15:07:28.437650919 CET1.1.1.1192.168.2.70x36eNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.19A (IP address)IN (0x0001)false

        HTTP Request Dependency Graph

        • armmf.adobe.com

        HTTPS Proxied Packets

        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        0192.168.2.74972196.6.168.1434437820C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        TimestampBytes transferredDirectionData
        2024-10-28 14:07:32 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
        Host: armmf.adobe.com
        Connection: keep-alive
        Accept-Language: en-US,en;q=0.9
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
        Sec-Fetch-Site: same-origin
        Sec-Fetch-Mode: no-cors
        Sec-Fetch-Dest: empty
        Accept-Encoding: gzip, deflate, br
        If-None-Match: "78-5faa31cce96da"
        If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
        2024-10-28 14:07:32 UTC198INHTTP/1.1 304 Not Modified
        Content-Type: text/plain; charset=UTF-8
        Last-Modified: Mon, 01 May 2023 15:02:33 GMT
        ETag: "78-5faa31cce96da"
        Date: Mon, 28 Oct 2024 14:07:32 GMT
        Connection: close


        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        High Level Behavior Distribution

        Click to dive into process behavior distribution

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:10:07:17
        Start date:28/10/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Summary.pdf"
        Imagebase:0x7ff702560000
        File size:5'641'176 bytes
        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        General

        Target ID:2
        Start time:10:07:18
        Start date:28/10/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
        Imagebase:0x7ff6c3ff0000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        General

        Target ID:4
        Start time:10:07:18
        Start date:28/10/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2040 --field-trial-handle=1636,i,16405949658811608484,8588834111336071474,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        Imagebase:0x7ff6c3ff0000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        Disassembly

        No disassembly