Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2025 Ecommerce Supply Chain 2025 - Concept note.pdf

Overview

General Information

Sample name:2025 Ecommerce Supply Chain 2025 - Concept note.pdf
Analysis ID:1571428
MD5:a0e9481f276979baf75614a5787e6851
SHA1:7e49efc87e86d97f90388e5ee19902c756951028
SHA256:396fae2c1ac09ab0be0a297b7a91ca5ab26da37d794d6162bbfbd9fb2776b2d8
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 2804 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\2025 Ecommerce Supply Chain 2025 - Concept note.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 1272 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 2876 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1572,i,17689240199072959443,17993278990504629327,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49721
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49721
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49721
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49721
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49721
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49721
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49721
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49721
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49721
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49721 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49721
Source: Joe Sandbox ViewIP Address: 23.47.168.24 23.47.168.24
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: classification engineClassification label: clean2.winPDF@14/46@2/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-09 05-12-00-185.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\2025 Ecommerce Supply Chain 2025 - Concept note.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1572,i,17689240199072959443,17993278990504629327,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1572,i,17689240199072959443,17993278990504629327,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 2025 Ecommerce Supply Chain 2025 - Concept note.pdfInitial sample: PDF keyword /JS count = 0
Source: 2025 Ecommerce Supply Chain 2025 - Concept note.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: 2025 Ecommerce Supply Chain 2025 - Concept note.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: 2025 Ecommerce Supply Chain 2025 - Concept note.pdfInitial sample: PDF keyword obj count = 51
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1571428 Sample: 2025 Ecommerce Supply Chain... Startdate: 09/12/2024 Architecture: WINDOWS Score: 2 14 x1.i.lencr.org 2->14 7 Acrobat.exe 17 60 2->7         started        process3 process4 9 AcroCEF.exe 106 7->9         started        process5 11 AcroCEF.exe 4 9->11         started        dnsIp6 16 23.47.168.24, 443, 49721 AKAMAI-ASUS United States 11->16

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    x1.i.lencr.org
    		unknown
    		unknownfalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
        		high

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        23.47.168.24
        		unknownUnited States
        		16625AKAMAI-ASUSfalse

        General Information

        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1571428
        Start date and time:2024-12-09 11:11:00 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 4m 10s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowspdfcookbook.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:9
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:2025 Ecommerce Supply Chain 2025 - Concept note.pdf
        Detection:CLEAN
        Classification:clean2.winPDF@14/46@2/1
        Cookbook Comments:
        • Found application associated with file extension: .pdf
        • Found PDF document
        • Close Viewer

        Warnings

        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 23.218.208.137, 54.224.241.105, 18.213.11.84, 34.237.241.83, 50.16.47.176, 162.159.61.3, 172.64.41.3, 199.232.210.172, 23.195.39.65, 23.32.239.49, 23.32.239.65, 2.19.198.10, 23.32.239.74, 2.19.198.16, 2.19.198.27
        • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
        • Report size exceeded maximum capacity and may have missing behavior information.
        • VT rate limit hit for: 2025 Ecommerce Supply Chain 2025 - Concept note.pdf

        Simulations

        Behavior and APIs

        TimeTypeDescription
        05:12:12API Interceptor2x Sleep call for process: AcroCEF.exe modified

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        23.47.168.24Msig Insurance Europe.pdfGet hashmaliciousUnknownBrowse
          zZeXr4mg0S.exeGet hashmaliciousLokibotBrowse
            BACS190027-01.pdfGet hashmaliciousUnknownBrowse
              letter_olivia.law_mercerhole.co.uk.pdfGet hashmaliciousHTMLPhisherBrowse
                Contract Proposal Documents.pdfGet hashmaliciousUnknownBrowse
                  invoice-6483728493.pdfGet hashmaliciousUnknownBrowse
                    Scan_6090402.pdfGet hashmaliciousUnknownBrowse
                      Company Booklet.lnk.download.lnkGet hashmaliciousDucktailBrowse
                        FACTURE NON PAYEE.pdfGet hashmaliciousUnknownBrowse
                          Scan_6090402.pdfGet hashmaliciousUnknownBrowse

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            bg.microsoft.map.fastly.netf5ATZ1i5CU.exeGet hashmaliciousRedLine, XWormBrowse
                            • 199.232.214.172
                            https://www.drvhub.netGet hashmaliciousUnknownBrowse
                            • 199.232.210.172
                            NhoqAfkhHL.batGet hashmaliciousUnknownBrowse
                            • 199.232.214.172
                            TRANSFERENCIA COMPROBANTES.lnkGet hashmaliciousXenoRATBrowse
                            • 199.232.210.172
                            file.exeGet hashmaliciousLummaC StealerBrowse
                            • 199.232.210.172
                            file.exeGet hashmaliciousQuasarBrowse
                            • 199.232.210.172
                            file.exeGet hashmaliciousQuasarBrowse
                            • 199.232.210.172
                            file.exeGet hashmaliciousAveMaria, StormKitty, VenomRATBrowse
                            • 199.232.210.172
                            Q6OOwHYZzH.exeGet hashmaliciousDCRatBrowse
                            • 199.232.210.172
                            List of required items pdf.vbsGet hashmaliciousGuLoaderBrowse
                            • 199.232.214.172

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            AKAMAI-ASUSOwari.ppc.elfGet hashmaliciousUnknownBrowse
                            • 104.82.208.161
                            Owari.arm7.elfGet hashmaliciousMiraiBrowse
                            • 72.247.212.137
                            contents.exeGet hashmaliciousUnknownBrowse
                            • 88.221.168.226
                            Msig Insurance Europe.pdfGet hashmaliciousUnknownBrowse
                            • 23.47.168.24
                            cllmxIZWcQ.lnkGet hashmaliciousUnknownBrowse
                            • 104.126.112.182
                            Y5kEUsYDFr.exeGet hashmaliciousUnknownBrowse
                            • 69.192.108.223
                            sora.ppc.elfGet hashmaliciousMiraiBrowse
                            • 84.53.135.142
                            sora.mips.elfGet hashmaliciousMiraiBrowse
                            • 104.84.160.234
                            zZeXr4mg0S.exeGet hashmaliciousLokibotBrowse
                            • 23.47.168.24
                            meerkat.mpsl.elfGet hashmaliciousMiraiBrowse
                            • 104.116.11.255

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):291
                            Entropy (8bit):5.143357293132808
                            Encrypted:false
                            SSDEEP:6:L+q2P92nKuAl9OmbnIFUt8s0WZmw+sDVkwO92nKuAl9OmbjLJ:L+v4HAahFUt8s0W/+sDV5LHAaSJ
                            MD5:F3D46A5984C8102C023A3A4E60974C05
                            SHA1:1C3A5A4725D88B68BB897F88C95EE8530C41B836
                            SHA-256:18B69D5930DC7111BE5B022C3A171FC376A757D81DFBEF58BCC605A418875781
                            SHA-512:A2B822659B261CA05C9F1E6C8584563B422FBA9679DCF060BCB87B68A6D1D9B11DE75E6FC3C4F283C79340B39D1C4CBD5860AE06453D89C3356A8D8419CC5CBD
                            Malicious:false
                            Reputation:low
                            Preview:2024/12/09-05:11:58.000 15c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/09-05:11:58.002 15c Recovering log #3.2024/12/09-05:11:58.002 15c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):291
                            Entropy (8bit):5.143357293132808
                            Encrypted:false
                            SSDEEP:6:L+q2P92nKuAl9OmbnIFUt8s0WZmw+sDVkwO92nKuAl9OmbjLJ:L+v4HAahFUt8s0W/+sDV5LHAaSJ
                            MD5:F3D46A5984C8102C023A3A4E60974C05
                            SHA1:1C3A5A4725D88B68BB897F88C95EE8530C41B836
                            SHA-256:18B69D5930DC7111BE5B022C3A171FC376A757D81DFBEF58BCC605A418875781
                            SHA-512:A2B822659B261CA05C9F1E6C8584563B422FBA9679DCF060BCB87B68A6D1D9B11DE75E6FC3C4F283C79340B39D1C4CBD5860AE06453D89C3356A8D8419CC5CBD
                            Malicious:false
                            Reputation:low
                            Preview:2024/12/09-05:11:58.000 15c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/09-05:11:58.002 15c Recovering log #3.2024/12/09-05:11:58.002 15c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):338
                            Entropy (8bit):5.150424576250821
                            Encrypted:false
                            SSDEEP:6:/qvIq2P92nKuAl9Ombzo2jMGIFUt848ZZmw+48zkwO92nKuAl9Ombzo2jMmLJ:SIv4HAa8uFUt8tZ/+tz5LHAa8RJ
                            MD5:4A3D36BB8799DDF668C515A82E86F184
                            SHA1:6E12F9974A46A64EBCF331F034870905742E4D9F
                            SHA-256:0B2AA07615872290978A6E5523EEEE58987BE57DBB3E829BC2AA95F1E24F1A61
                            SHA-512:EBDF47D6F249B3C0B3E55C1579E4CBE86582878AE04045B81BF4046535DC82B570D7C9B3EFDC7B1D4706A4E70D5F45B127EA61FE6D82F728CF1B00BA80FE311C
                            Malicious:false
                            Reputation:low
                            Preview:2024/12/09-05:11:58.054 1a10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/09-05:11:58.056 1a10 Recovering log #3.2024/12/09-05:11:58.056 1a10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):338
                            Entropy (8bit):5.150424576250821
                            Encrypted:false
                            SSDEEP:6:/qvIq2P92nKuAl9Ombzo2jMGIFUt848ZZmw+48zkwO92nKuAl9Ombzo2jMmLJ:SIv4HAa8uFUt8tZ/+tz5LHAa8RJ
                            MD5:4A3D36BB8799DDF668C515A82E86F184
                            SHA1:6E12F9974A46A64EBCF331F034870905742E4D9F
                            SHA-256:0B2AA07615872290978A6E5523EEEE58987BE57DBB3E829BC2AA95F1E24F1A61
                            SHA-512:EBDF47D6F249B3C0B3E55C1579E4CBE86582878AE04045B81BF4046535DC82B570D7C9B3EFDC7B1D4706A4E70D5F45B127EA61FE6D82F728CF1B00BA80FE311C
                            Malicious:false
                            Reputation:low
                            Preview:2024/12/09-05:11:58.054 1a10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/09-05:11:58.056 1a10 Recovering log #3.2024/12/09-05:11:58.056 1a10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\11b8a05c-60cf-4e7b-970a-08ba68e346ef.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):508
                            Entropy (8bit):5.047195090775108
                            Encrypted:false
                            SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
                            MD5:70321A46A77A3C2465E2F031754B3E06
                            SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
                            SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
                            SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
                            Malicious:false
                            Reputation:moderate, very likely benign file
                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):508
                            Entropy (8bit):5.047195090775108
                            Encrypted:false
                            SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
                            MD5:70321A46A77A3C2465E2F031754B3E06
                            SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
                            SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
                            SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
                            Malicious:false
                            Reputation:moderate, very likely benign file
                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5f95ba.TMP (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):508
                            Entropy (8bit):5.047195090775108
                            Encrypted:false
                            SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
                            MD5:70321A46A77A3C2465E2F031754B3E06
                            SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
                            SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
                            SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
                            Malicious:false
                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\cd787cb4-fe70-4490-8cda-65ef79a6c514.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:JSON data
                            Category:modified
                            Size (bytes):508
                            Entropy (8bit):5.057469265871315
                            Encrypted:false
                            SSDEEP:12:YH/um3RA8sqMhZsBdOg2Hccaq3QYiubxnP7E4TfF+:Y2sRdsVKdMHf3QYhbxP7np+
                            MD5:26B2585BA97BA2F6E1C611F298772FAA
                            SHA1:301A445EBF882F654230EA8C912FB38DD23224D2
                            SHA-256:69E1E10C2E7560146EDBD0F7E605CE0C8F1342721B73ED75F24BEB2CB3B9597B
                            SHA-512:70036E25071FEFF2853D0634F4462EA6C03DDD7AABEC140D8F48D477D4F2DEC27DDEEC027A97FD5BA7EAD8CF0C80548C02EC9D3FD40C4228C566D956BE5EF86B
                            Malicious:false
                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378299130452371","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":629814},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):4509
                            Entropy (8bit):5.239966266473889
                            Encrypted:false
                            SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLU2pgMhmD37Z:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLy
                            MD5:E9C26FBD0146DFBCB7623F9AC1794664
                            SHA1:879CA1958B39BD8A16CC5D4A537301727CDD6A9F
                            SHA-256:11181D2E63DE43416A9EA51A96F88D71B42BDDC6EE3CD8ACA9BEB406DDD0A815
                            SHA-512:9E0EC543DBAA023D44A1DA7C175E28BF8A7EE7BFB895938D4D111358FADBC6E8EACADFE5FEBBC5B0BED2BF29D2D6FE46DDE7167096628AC0FF04DA0C9B4B712F
                            Malicious:false
                            Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):326
                            Entropy (8bit):5.1482321413004675
                            Encrypted:false
                            SSDEEP:6:n3Oq2P92nKuAl9OmbzNMxIFUt8CZmw+xkwO92nKuAl9OmbzNMFLJ:+v4HAa8jFUt8C/+x5LHAa84J
                            MD5:716C58CC153D477CF1237A1C88DA9ADE
                            SHA1:CE8D56B43668647387B8BC97711F77875BA41725
                            SHA-256:9F2E79E33F1BE05249BD506A4EC16DEB51AF80618CE11EB0DB0703096E3B4D0D
                            SHA-512:BE128336DC9048BF88A1A55D38886D7E69605F76408213C6B1504E516B334F8597C3286C85FD831D12CFA56B90F744939B6E3C8B0F1333FA99696719DECE7F7F
                            Malicious:false
                            Preview:2024/12/09-05:11:58.505 1a10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/09-05:11:58.507 1a10 Recovering log #3.2024/12/09-05:11:58.508 1a10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):326
                            Entropy (8bit):5.1482321413004675
                            Encrypted:false
                            SSDEEP:6:n3Oq2P92nKuAl9OmbzNMxIFUt8CZmw+xkwO92nKuAl9OmbzNMFLJ:+v4HAa8jFUt8C/+x5LHAa84J
                            MD5:716C58CC153D477CF1237A1C88DA9ADE
                            SHA1:CE8D56B43668647387B8BC97711F77875BA41725
                            SHA-256:9F2E79E33F1BE05249BD506A4EC16DEB51AF80618CE11EB0DB0703096E3B4D0D
                            SHA-512:BE128336DC9048BF88A1A55D38886D7E69605F76408213C6B1504E516B334F8597C3286C85FD831D12CFA56B90F744939B6E3C8B0F1333FA99696719DECE7F7F
                            Malicious:false
                            Preview:2024/12/09-05:11:58.505 1a10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/09-05:11:58.507 1a10 Recovering log #3.2024/12/09-05:11:58.508 1a10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241209101202Z-166.bmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                            Category:dropped
                            Size (bytes):71190
                            Entropy (8bit):2.0838582318567203
                            Encrypted:false
                            SSDEEP:96:EH/0TrNMX8Ie6ElMM9h1sNqMMrmmMMDXtLrn9MVMsMDvMMhMMAM91CCK5BlMMeMf:EcNMsIfRz/pZUFxx+5RNDIdIibiPGri
                            MD5:CC6CADB76DD543C1316625D316CECF55
                            SHA1:84542BE1EDD0BA3EC2C3BBEB26470A69167DBACD
                            SHA-256:700B4BCA4D05A53CD9DCD72DC3BEA4086FA2FD45F2D50A453C945720341365DD
                            SHA-512:C5AD5955A45331EA3BE18838B8EA65D71F073BBEFDFB2447274953762AD9E94E8FE0F314C8E47D294D147428251C187382E71851563961949B49D5A9D714A6BA
                            Malicious:false
                            Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:Certificate, Version=3
                            Category:dropped
                            Size (bytes):1391
                            Entropy (8bit):7.705940075877404
                            Encrypted:false
                            SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                            MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                            SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                            SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                            SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                            Malicious:false
                            Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                            Category:dropped
                            Size (bytes):71954
                            Entropy (8bit):7.996617769952133
                            Encrypted:true
                            SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                            MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                            SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                            SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                            SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                            Malicious:false
                            Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):192
                            Entropy (8bit):2.7529698674325394
                            Encrypted:false
                            SSDEEP:3:kkFklh2HvpttfllXlE/HT8ko9l/tNNX8RolJuRdxLlGB9lQRYwpDdt:kKfPpteT8Ll7NMa8RdWBwRd
                            MD5:1F5FE12059A7A5F246F028D8019BBBA3
                            SHA1:B19F105B7F7311CABFA6DD2AAFE35A500B390BE3
                            SHA-256:D8BF5E57B6E4D56FADA9D2DE8142A3800CD6BEE31329768D94A7D7EAA96C4F58
                            SHA-512:1045C442F7D873DC91C3543FD1FF2DF2E46EF998FC0E62207321349783A86D74BFF7F750AFC80F2037D71BAB1645EDC18D2DAA649BAE2A1FD5C34D6152D7BF12
                            Malicious:false
                            Preview:p...... ............"J..(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:data
                            Category:modified
                            Size (bytes):328
                            Entropy (8bit):3.2455963809668185
                            Encrypted:false
                            SSDEEP:6:kKuL9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:bDImsLNkPlE99SNxAhUe/3
                            MD5:DAFE03702DD894A759B887D90DE5F2F0
                            SHA1:C436929B9CE5C4B0C6390259662D3A5E0F14B543
                            SHA-256:AB4285CE3221247A648181F1712094EB919AA9867A2373472B545B5BD652EBF5
                            SHA-512:54FAA1DC7C770ABB5BD9B37FD32C5864C04CA126923182E1F979534C05807227D86E15831A0C42694381E95BF24BF81DDB3AE3FB05FCC2199BB70E502A41668E
                            Malicious:false
                            Preview:p...... ..........y."J..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):227002
                            Entropy (8bit):3.392780893644728
                            Encrypted:false
                            SSDEEP:1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
                            MD5:87EDBEE38F56C20298F25D5D3D4D1B5C
                            SHA1:7F904E9615AC3186A87472EF366DD8202855B0B7
                            SHA-256:A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
                            SHA-512:BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
                            Malicious:false
                            Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):295
                            Entropy (8bit):5.339927578282013
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HXPwCfC3eix+FIbRI6XVW7+0YsOZeoAvJM3g98kUwPeUkwRe9:YvXKXYCq3eiUYpW7lSVGMbLUkee9
                            MD5:DA0BB680C470F6C8B8A91CD8C8D40E5E
                            SHA1:4B403967B99CCB11C3237AC8E066AB5A72C5D192
                            SHA-256:88EE103846EADF6387245407E6302A2FC55B3DD938A256AE4EE122D1BB0BC24B
                            SHA-512:3801DA94671A390C76427FE778C4D7BAEA9AAC44FD59E9335B121546175F4E88FB0D587D4BA285D159F436EE23EC05149FCD4B39A595E4EBF5EDECB5AE829493
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"8b5c096d-80a3-4ead-a26d-57a88cb136cf","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1733918122510,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):294
                            Entropy (8bit):5.278782999594599
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HXPwCfC3eix+FIbRI6XVW7+0YsOZeoAvJfBoTfXpnrPeUkwRe9:YvXKXYCq3eiUYpW7lSVGWTfXcUkee9
                            MD5:03DD7DA43046071AFB695005DD82BCDA
                            SHA1:D8E729222BEE639A78FD4D4F867AC9D3A5DAA83D
                            SHA-256:7213D7F0B2317EE27C0BA139685CF2C7AAD79855F0BD4AB4DAADF41B354CCE16
                            SHA-512:B074E2274FA195A195ED0A7984756AFF63724D926A7DE061B069647BEC65C7738330B1FD2F5A22DD7C2F0F7B5301BCCE2D334247FE4538365F8AE1DF187471DF
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"8b5c096d-80a3-4ead-a26d-57a88cb136cf","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1733918122510,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):294
                            Entropy (8bit):5.2566330931716685
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HXPwCfC3eix+FIbRI6XVW7+0YsOZeoAvJfBD2G6UpnrPeUkwRe9:YvXKXYCq3eiUYpW7lSVGR22cUkee9
                            MD5:191BF8C6DFFAC03B128609A722C9C894
                            SHA1:83AD24788E41D8E8D2C8CE8A71A59A33BCB9BCC4
                            SHA-256:2C86F244DD401627FD2C974BCEBA0E2D5AD964675CFDFF28EC5019F510B4A969
                            SHA-512:27C79FE569DBD4D2AC5A35F47B2E26FAFDB3DFE71C4534545FFCC87713188ED7EBFBA2260D1CF514452D462F336705067C2C35FFF7218A9A0960F24027725EB3
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"8b5c096d-80a3-4ead-a26d-57a88cb136cf","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1733918122510,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):285
                            Entropy (8bit):5.317998146882083
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HXPwCfC3eix+FIbRI6XVW7+0YsOZeoAvJfPmwrPeUkwRe9:YvXKXYCq3eiUYpW7lSVGH56Ukee9
                            MD5:826196EE69A308168E784257E970F8B9
                            SHA1:1D3AEFE9CD453B5B7D1FADF77940F2CD1E177845
                            SHA-256:CAAF581D4F9CB768FBF3D427C943DCC190930D747EBA461E550C32A5B0B3F715
                            SHA-512:3B5D2F50A513B0E56A874A29CF3A137E1A5D95CD4FF4D9170B9230550326EC7777C85C29633754E8A4460D0641AFBE17E7A350E1CA66C01718E93D7C1B5486EA
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"8b5c096d-80a3-4ead-a26d-57a88cb136cf","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1733918122510,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1123
                            Entropy (8bit):5.685518043635629
                            Encrypted:false
                            SSDEEP:24:Yv6XBqeiFilrpLgE9cQx8LennAvzBvkn0RCmK8czOCCSi:YvdexJhgy6SAFv5Ah8cv/i
                            MD5:8096FB9A3EA9A7AF44CF649588CAEAA0
                            SHA1:D8BDCDDC2AC43959B7BB8F5558C0AA4BA5E473BD
                            SHA-256:9B8673E1E8E98B67FCD8142C1BE5D1D330C30D04C5EE1774184C748E7F3212A1
                            SHA-512:A0B21D1BF02B43443EC9621BD1778844758C2D98928FE06F45D25BA4748F6F3126E38002BD3E3EA2E92E72C8E6CE37F0EE7B4C7D66D8C44B15D4AD2A8444A7FC
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"8b5c096d-80a3-4ead-a26d-57a88cb136cf","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1733918122510,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1122
                            Entropy (8bit):5.673838425520451
                            Encrypted:false
                            SSDEEP:24:Yv6XBqeiFilHVLgEwcp06ybnAvz7xHn0RCmK8czOCYHfl8zdBD:YvdexlFgSNycJUAh8cvYHk
                            MD5:B14076DFA101FD0AFE46BB6D21148B57
                            SHA1:02E56F9BDD69D3EE3B61347C5949A7827DBA26BF
                            SHA-256:FDC9604EEDE7DECA8A0DE0C955B2576D2B50C13B1043AF5773D2B7588EC855CC
                            SHA-512:4C7CA130A2D80551606D1CB7DED7C5474516F82867E14D474B44729D8DFD4F096029A9C1FE413060413515C0BFCA6C0ECDE89E1219785C4C0FF09A867041F0E6
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"8b5c096d-80a3-4ead-a26d-57a88cb136cf","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1733918122510,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_0","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"1aad653c-ef44-43f7-be1c-3a2ba2cf2cfc","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuIFBERiBmb3JtcyAmIGFncmVlbWVudHMuIn0sInRjY

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):292
                            Entropy (8bit):5.262919593747579
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HXPwCfC3eix+FIbRI6XVW7+0YsOZeoAvJfQ1rPeUkwRe9:YvXKXYCq3eiUYpW7lSVGY16Ukee9
                            MD5:85D726CA6386E732317503E03A0C83CC
                            SHA1:5FFDEBC75A58E74F6A5B81D410B446F8F2D1104C
                            SHA-256:E53ACD2F325D13CA8F097F2CA187EAD822643EA5B8F2E00952C6F0ABA02534E4
                            SHA-512:6B44089C1412BF78E27DEC7FB4BB60D98C812A394B578064F787E44EECA02E737B3D649F72C420C1DD0752E6B8C720B7855CEDB35944FA5296C6C7F12360463D
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"8b5c096d-80a3-4ead-a26d-57a88cb136cf","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1733918122510,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1102
                            Entropy (8bit):5.666341117047008
                            Encrypted:false
                            SSDEEP:24:Yv6XBqeiFil22LgErcXWl7y0nAvzIBcSJCBViVD:YvdexEogH47yfkB5kVi
                            MD5:71C5172B385152D9C365EC7A276B0591
                            SHA1:93748FF2AD0541D609616A5BAE3A8CC0391610FD
                            SHA-256:43ACCE9A90AD049D34046C85AA54F67DE032A7819E0354A6C9162ECA510C7295
                            SHA-512:33470FA94E1CD4824C43989F2CDC1B31ACE1D678E0BA3308A12A9AADC4E2EA1E754ED0F55A664DB4D555B16AF7BF49A33D287053619285DDD9FF70319033C47A
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"8b5c096d-80a3-4ead-a26d-57a88cb136cf","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1733918122510,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_1","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"533ab5eb-b236-4889-89a5-ac002261d71e","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkVkaXRQREZSZHJBcHBGdWxsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTRweCIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTJweCIsImZvbnRfc3R5bGUiOiItMSJ9LCJ0aXRsZSI6bnVsbCwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiJ9LCJ0Y2F0SWQiOm51bGx9","da

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1164
                            Entropy (8bit):5.693169542487468
                            Encrypted:false
                            SSDEEP:24:Yv6XBqeiFilaKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5D:YvdexUEgqprtrS5OZjSlwTmAfSK9
                            MD5:63A29ED39A2C93999DC4544A72C404C5
                            SHA1:6B1FB6D1D1F78C7961218600266C6B3D83F69473
                            SHA-256:788CC6462B207BA2066AF20D3A402B3E42FE84CABE863AF4B6DD0B2B4E7D21BF
                            SHA-512:50F2C926E3F6D48A2947BE4C4FAF26500D356FF49EA489B116236150BB8523985B21DC7AC3E969FE34C3A07C6FD1B4C17CC5916E382BB02713949646CA657850
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"8b5c096d-80a3-4ead-a26d-57a88cb136cf","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1733918122510,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):289
                            Entropy (8bit):5.269406497393233
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HXPwCfC3eix+FIbRI6XVW7+0YsOZeoAvJfYdPeUkwRe9:YvXKXYCq3eiUYpW7lSVGg8Ukee9
                            MD5:76FC1598AC9CAD9F8A92B46762DC9096
                            SHA1:92E97C299FED2877B09D56D77D280D687F8AF477
                            SHA-256:9C491AD6EF4DFF704216906878817BE49EA06C6C738777C2B85E312B68E9E433
                            SHA-512:B17116C37EEF8E19798B97731C2562D80E85786D74BEB60EA92E0FE3704D787780C940A27F771BA7712C0DA3BAD09405EE3969B95AA0586CC342A6E6457CE4B7
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"8b5c096d-80a3-4ead-a26d-57a88cb136cf","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1733918122510,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):284
                            Entropy (8bit):5.254918252212468
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HXPwCfC3eix+FIbRI6XVW7+0YsOZeoAvJf+dPeUkwRe9:YvXKXYCq3eiUYpW7lSVG28Ukee9
                            MD5:0F2423F2FAECEB16A281CC797DE53A92
                            SHA1:951EEC15BB32AC5FA4CA0080B5F4A91F0BAC4287
                            SHA-256:A239EA36714C30A9FD0E0393108E3A236A72EBC64D2A8DE1BC482B42A52B2235
                            SHA-512:763556CA6FFFE760692B370451936F2BCD53CE31E634542754C9AE4778771F4F724AF1B056B488633ABD1F0011F1CF8CE50B416109A7EE04FAD2B4594666576A
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"8b5c096d-80a3-4ead-a26d-57a88cb136cf","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1733918122510,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):291
                            Entropy (8bit):5.253163859689825
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HXPwCfC3eix+FIbRI6XVW7+0YsOZeoAvJfbPtdPeUkwRe9:YvXKXYCq3eiUYpW7lSVGDV8Ukee9
                            MD5:8A283FE90D9216511DCC0ED4E90C46E0
                            SHA1:B3D62CED10CD861057FADA681FE2517DE46CB5A4
                            SHA-256:9F249539D289EF6EA5146FE3257E6D3AC4A181F59688C1D0750776C9F54B9F3A
                            SHA-512:83F889193760243E659123E5E00A3CB5192587D6AC8DE5C42BB579616EA1FF1536789566757B50B72C5E82579E377D9611DCDEF9BA370B1ED73A718E3DFF0824
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"8b5c096d-80a3-4ead-a26d-57a88cb136cf","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1733918122510,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):287
                            Entropy (8bit):5.254988895963685
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HXPwCfC3eix+FIbRI6XVW7+0YsOZeoAvJf21rPeUkwRe9:YvXKXYCq3eiUYpW7lSVG+16Ukee9
                            MD5:2652B76160CABD4363C5C8A43D22A4A3
                            SHA1:61E2C195D8FB324FB9C38D75047C44E73BE49568
                            SHA-256:6769E9803B943C860C4443F86A286BFD1E02DDAF3924B47AB9B3A9FBDC42A9EA
                            SHA-512:579793426F791DC4A6A77455A0263BECC22D78A0D8BA7D846B63ADAD84A9FA5DDFAFFFBB581E0AB068B6A6E906AE5913605159C655F3162FF55512C05D9E86C6
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"8b5c096d-80a3-4ead-a26d-57a88cb136cf","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1733918122510,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1090
                            Entropy (8bit):5.657138775522188
                            Encrypted:false
                            SSDEEP:24:Yv6XBqeiFilLamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSi:YvdexFBgkDMUJUAh8cvMi
                            MD5:4124FAA677BC1061D41E07F837881C84
                            SHA1:D2E0B9407A5D9A9337476EC782E38DC61205BD8E
                            SHA-256:9B65FA86F2B08BD6F1B050AEAD70E6C05FD7DC95C702A14C6878DB895C7AFC02
                            SHA-512:7D261D10D0BCF0D312FA58D619E315E21794969DF63C3CE2C54B802E42C133B5C40DEFAC0D46CEA68B20810F10CEF7826AC70193D011E8C957C94CCB24E0CCCF
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"8b5c096d-80a3-4ead-a26d-57a88cb136cf","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1733918122510,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):286
                            Entropy (8bit):5.227779554945445
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HXPwCfC3eix+FIbRI6XVW7+0YsOZeoAvJfshHHrPeUkwRe9:YvXKXYCq3eiUYpW7lSVGUUUkee9
                            MD5:139129780D4FFBF52FEB4CFF1E086849
                            SHA1:111AEF00C6DE047FF30248B6F8B571061882CECA
                            SHA-256:291D1C6A013E1F39735C2BFC524537C37D723A2A3A35FFFC8C2B409349914A06
                            SHA-512:7DCCD2A627134CEBF0C03DB7598BC01022A82D9E72C23B06F7ED911A6DAD34E332E6B1F93B8522992B23A418917158573A0DF4FA6B3A5B786EE946A0256E70F3
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"8b5c096d-80a3-4ead-a26d-57a88cb136cf","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1733918122510,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):282
                            Entropy (8bit):5.240213897772097
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HXPwCfC3eix+FIbRI6XVW7+0YsOZeoAvJTqgFCrPeUkwRe9:YvXKXYCq3eiUYpW7lSVGTq16Ukee9
                            MD5:30CF0BE7428D8A0BBF5105A9628EC10A
                            SHA1:A6CCD36C586BA747390A01CFEBEA0484D4F23250
                            SHA-256:850217A7D4574D314A1FFACC42D05A17C15A975E069EB0DDFA00F34B3933C0B3
                            SHA-512:0EDD02B3E3C8716935F698C2BD95D7A8370A222FC99353000E8EFE3BFD67F81BD12FA20515E06B5DECCCCACADBFB7C4CEC11BA824B3AEA748EA01D126EFAB1C3
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"8b5c096d-80a3-4ead-a26d-57a88cb136cf","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1733918122510,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):4
                            Entropy (8bit):0.8112781244591328
                            Encrypted:false
                            SSDEEP:3:e:e
                            MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                            SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                            SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                            SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                            Malicious:false
                            Preview:....

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):2817
                            Entropy (8bit):5.129554249461945
                            Encrypted:false
                            SSDEEP:48:Y/1e0ibqORE5pNzFOoRlV0WZpEENvT9rY:q1e0ibqORE5pjV0WZeErrY
                            MD5:2780276A1F2999EA99AE5932CA40F6F8
                            SHA1:663DCC963B29FEEC2DE01E834213C3CF9DC87DD7
                            SHA-256:847E584DE7D98ED6F2B53CC2C3C903272AF9436CCE3638C2B7CF559A92AE732A
                            SHA-512:A12521DE3BAF069BE4B2F20BBDF481C3A55C59DE5948373D6A5EF73C68B5BF4ABCB67CC0CE92100341824129240A35BFE0A8585CC78C386A59A55C1F0710DF69
                            Malicious:false
                            Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"9bc412f5eb0ac0bc4d87beb36559306d","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1122,"ts":1733739127000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"9b96c93a31946f8e7ada690011a9b595","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1733739127000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"2e9ea23eb58f3b8469ccee6afcc42f79","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1733739127000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"816c499cb60777f7caa7c30f5a1a41fa","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1733739127000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"a1657454dbb6af67f995e8a0ee570ea6","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1102,"ts":1733739127000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"925a76aa8867dc27d39ff1841e844200","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                            Category:dropped
                            Size (bytes):12288
                            Entropy (8bit):0.9842062016031661
                            Encrypted:false
                            SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpU04zJwtNBwtNbRZ6bRZ4R0F:TVl2GL7ms6ggOVpUfzutYtp6PC4
                            MD5:7D3DAE31B8ED6443F95F96B5844BE381
                            SHA1:730B323FD8D63EBF5450AF476FE34EF666125C33
                            SHA-256:D7CAB1CF384C54A329964BA02514E1337C208744540C2AF3DE24D6218A9D1DCA
                            SHA-512:82234234C8DC14023E4BED634D86FA099755754B778095F5BC6397395121BB207D3BB1EE6021EA1B67B9CC533F11DD3F80E6FBDF99A5969F47A0F556B7A35ECE
                            Malicious:false
                            Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:SQLite Rollback Journal
                            Category:dropped
                            Size (bytes):8720
                            Entropy (8bit):1.3376560669238062
                            Encrypted:false
                            SSDEEP:24:7+t0AD1RZKHs/Ds/SpU0PzJwtNBwtNbRZ6bRZWf1RZKPqLBx/XYKQvGJF7ursd:7M0GgOVpUozutYtp6PMGqll2GL7msd
                            MD5:0D8A028BD4AC78A994403B7F21CA2DF6
                            SHA1:B2D266E4D0AA4016DE5D3E0046A31858CD101F7F
                            SHA-256:7564DF36193CF229DF3AD4B12C1F18DB3485920975C207E66F0E69254773BC69
                            SHA-512:94CE309F07790E8EC7AD13CE0F7FE969FD362C85FD4AFC6E2EA90B1C01BA71AF8FF6EB58CDF9933A24AF8186559E3238CF7ED8F65E8C0F9B80349A931481943D
                            Malicious:false
                            Preview:.... .c......*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):66726
                            Entropy (8bit):5.392739213842091
                            Encrypted:false
                            SSDEEP:768:RNOpblrU6TBH44ADKZEgaJ/Tjk50xOa5eMZ7WeoUxa7Yyu:6a6TZ44ADEaJbw5iOa5fyK
                            MD5:94B73F78BDCB7CA32DA1E9744A6ED37A
                            SHA1:1E153A09C6F772899B1ABF1FD6F867D021D82253
                            SHA-256:81A86D315D560431FC9A49EA02DDF640B6FC9496762DC0B298951D8148256886
                            SHA-512:4D698FF475D8E8D07CB80DC5381A3671BFD30ACC504E6711DD6F44844187DCAA9BACE8A05AF8CE06F2395332BAAF7B82FD60CD530817CB720E73DAFA183D51D2
                            Malicious:false
                            Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                            C:\Users\user\AppData\Local\Temp\MSIf590e.LOG

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):246
                            Entropy (8bit):3.511206980872271
                            Encrypted:false
                            SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K88hlAmfU6lf9:Qw946cPbiOxDlbYnuRKrLJ
                            MD5:C9547890327011E78F8503E9E32D0E9B
                            SHA1:5D90789945EEE2681EFA2E7076B8C73ED41A7CCE
                            SHA-256:BB7B644757755291E9F7C25A645CDF004FAC59320D41E4318DB3EC05EE7FD02F
                            SHA-512:ADEA305725A525C689F47D653DE6DBBFCF605149299D886BD8A1A10CF12B935A9BEB428F584BA5E1BD2B4BBE0C664F6402DF14171991A7F7B3C1A516A1C3F30B
                            Malicious:false
                            Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.9./.1.2./.2.0.2.4. . .0.5.:.1.2.:.0.5. .=.=.=.....

                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-09 05-12-00-185.log

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:ASCII text, with very long lines (393)
                            Category:dropped
                            Size (bytes):16525
                            Entropy (8bit):5.376360055978702
                            Encrypted:false
                            SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
                            MD5:1336667A75083BF81E2632FABAA88B67
                            SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
                            SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
                            SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
                            Malicious:false
                            Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:ASCII text, with very long lines (393), with CRLF line terminators
                            Category:dropped
                            Size (bytes):16603
                            Entropy (8bit):5.316114075776476
                            Encrypted:false
                            SSDEEP:384:NBvAX9azC9ge21yNwTH+6t5EYLW3xB14F+j1Xzl3QBdlBDUyoJM+YkZAFFrVmBBf:FfVwZn
                            MD5:FF5D0BD03366CA2711A3671389C06334
                            SHA1:0B9198C9D78D3C75C593777A638BE20D26936AB4
                            SHA-256:9AD0083D9A58E454BCBCBE8ABD08DD88632F72767CD49AC99765FF8FFD2342BA
                            SHA-512:D807EECE03691D8435B6A4CDC585808C34CEABECD347357D9D37FC621C2292576D1C4AA3AB2AC40D8E517E2D3C9320F6A9DFD3172E210A299BC4C73AFDE31997
                            Malicious:false
                            Preview:SessionID=a7eea5fd-2f10-4049-8a40-c4676043217a.1733739120194 Timestamp=2024-12-09T05:12:00:194-0500 ThreadID=7056 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=a7eea5fd-2f10-4049-8a40-c4676043217a.1733739120194 Timestamp=2024-12-09T05:12:00:195-0500 ThreadID=7056 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=a7eea5fd-2f10-4049-8a40-c4676043217a.1733739120194 Timestamp=2024-12-09T05:12:00:195-0500 ThreadID=7056 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=a7eea5fd-2f10-4049-8a40-c4676043217a.1733739120194 Timestamp=2024-12-09T05:12:00:195-0500 ThreadID=7056 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=a7eea5fd-2f10-4049-8a40-c4676043217a.1733739120194 Timestamp=2024-12-09T05:12:00:195-0500 ThreadID=7056 Component=ngl-lib_NglAppLib Description="SetConf

                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):29752
                            Entropy (8bit):5.39302164835032
                            Encrypted:false
                            SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbf:r
                            MD5:8C948FEFF21F348FAB75361B1C69DE86
                            SHA1:91ED8FE6C8EF115DB804103582290B4E1CF8DC8C
                            SHA-256:9E6B99E5136B7442E6A26A484079FED697FAAC9E215097917E9FB7AD239CC598
                            SHA-512:1943A5672F4BEE35E6BC0DB084DA726B5623D148734AA917B9E9E167D2FF4EBEEE372F5180E28E30CE9D937A8863EA80EFE6DF4A28C4C25B527869399058EDE4
                            Malicious:false
                            Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

                            C:\Users\user\AppData\Local\Temp\acrocef_low\78fca442-fcf1-4c29-a12f-8d4c9be19368.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                            Category:dropped
                            Size (bytes):386528
                            Entropy (8bit):7.9736851559892425
                            Encrypted:false
                            SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                            MD5:5C48B0AD2FEF800949466AE872E1F1E2
                            SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                            SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                            SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                            Malicious:false
                            Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                            C:\Users\user\AppData\Local\Temp\acrocef_low\a29f65b9-9e15-40d5-8a0b-94166b1ee186.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                            Category:dropped
                            Size (bytes):1419751
                            Entropy (8bit):7.976496077007677
                            Encrypted:false
                            SSDEEP:24576:/rwYIGNP4mOWL07oBGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:TwZG6bWLxBGZN3mlind9i4ufFXpAXkru
                            MD5:95F182500FC92778102336D2D5AADCC8
                            SHA1:BEC510B6B3D595833AF46B04C5843B95D2A0A6C9
                            SHA-256:9F9C041D7EE1DA404E53022D475B9E6D5924A17C08D5FDEC58C0A1DCDCC4D4C9
                            SHA-512:D7C022459486D124CC6CDACEAD8D46E16EDC472F4780A27C29D98B35AD01A9BA95F62155433264CC12C32BFF384C7ECAFCE0AC45853326CBC622AE65EE0D90BA
                            Malicious:false
                            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                            C:\Users\user\AppData\Local\Temp\acrocef_low\be28f173-179c-4f6a-9eb6-9bd5952b3071.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                            Category:dropped
                            Size (bytes):758601
                            Entropy (8bit):7.98639316555857
                            Encrypted:false
                            SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                            MD5:3A49135134665364308390AC398006F1
                            SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                            SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                            SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                            Malicious:false
                            Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                            C:\Users\user\AppData\Local\Temp\acrocef_low\d8c13294-bee2-4bb2-8305-12a47da87673.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                            Category:dropped
                            Size (bytes):1407294
                            Entropy (8bit):7.97605879016224
                            Encrypted:false
                            SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLcGZtwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLcGZa
                            MD5:22B260CB8C51C0D68C6550E4B061E25A
                            SHA1:DF9A5999C58A8D5ADBB3F8D1111EAB9E4778637E
                            SHA-256:DAB1231CC22DAB591EBB91C853E3EE41C10D3DA85D2EFAB67E9A52CCB3A3A5A0
                            SHA-512:503218D83C511A7F7CEA8BC171921D1435664B964F01A8C77DC0F4D0196DD2815D9444DA98278E1369552D004E9B091DD9B89663209F0C52ACB97FCE6AFFE7A9
                            Malicious:false
                            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                            Static File Info

                            General

                            File type:PDF document, version 1.7, 2 pages
                            Entropy (8bit):7.930351356203657
                            TrID:
                            • Adobe Portable Document Format (5005/1) 100.00%
                            File name:2025 Ecommerce Supply Chain 2025 - Concept note.pdf
                            File size:142'502 bytes
                            MD5:a0e9481f276979baf75614a5787e6851
                            SHA1:7e49efc87e86d97f90388e5ee19902c756951028
                            SHA256:396fae2c1ac09ab0be0a297b7a91ca5ab26da37d794d6162bbfbd9fb2776b2d8
                            SHA512:a00749c8d70b741d22a6758b1ad9e04ce279dd2c21e6347f89c6a0c394443b37956d0537387597654d1c9e22927fc77a6b1b6bacd7802d9ce5bbebaba2a2a6f9
                            SSDEEP:3072:zqSR5ldvJpaF87wuECrem59C9ifHkEOr73cJahFrx0:zxDJJs87wuKm57xOrbni
                            TLSH:92D3E1039D0869CEE2A697D57F0B3D0C7B1DB614E6C525E6313DDF86AB90E0A4C6A10A
                            File Content Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 32 0 R/MarkInfo<</Marked true>>/Metadata 131 0 R/ViewerPreferences 132 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 2/Kids[ 3 0 R 29 0 R] >>..endobj..3 0 obj..<</Type/Page/Paren

                            File Icon

                            Icon Hash:62cc8caeb29e8ae0

                            Static PDF Info

                            General

                            Header:%PDF-1.7
                            Total Entropy:7.930351
                            Total Bytes:142502
                            Stream Entropy:7.968668
                            Stream Bytes:132554
                            Entropy outside Streams:5.107473
                            Bytes outside Streams:9948
                            Number of EOF found:2
                            Bytes after EOF:

                            Keywords Statistics

                            NameCount
                            obj51
                            endobj51
                            stream13
                            endstream13
                            xref2
                            trailer2
                            startxref2
                            /Page2
                            /Encrypt0
                            /ObjStm1
                            /URI0
                            /JS0
                            /JavaScript0
                            /AA0
                            /OpenAction0
                            /AcroForm0
                            /JBIG2Decode0
                            /RichMedia0
                            /Launch0
                            /EmbeddedFile0

                            Image Streams

                            IDDHASHMD5Preview
                            980a085e565696900b78d687d03966c0be490be0c660e7090

                            Network Behavior

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Dec 9, 2024 11:12:11.214436054 CET49721443192.168.2.523.47.168.24
                            Dec 9, 2024 11:12:11.214461088 CET4434972123.47.168.24192.168.2.5
                            Dec 9, 2024 11:12:11.214907885 CET49721443192.168.2.523.47.168.24
                            Dec 9, 2024 11:12:11.215049982 CET49721443192.168.2.523.47.168.24
                            Dec 9, 2024 11:12:11.215063095 CET4434972123.47.168.24192.168.2.5
                            Dec 9, 2024 11:12:12.425107002 CET4434972123.47.168.24192.168.2.5
                            Dec 9, 2024 11:12:12.425479889 CET49721443192.168.2.523.47.168.24
                            Dec 9, 2024 11:12:12.425509930 CET4434972123.47.168.24192.168.2.5
                            Dec 9, 2024 11:12:12.426507950 CET4434972123.47.168.24192.168.2.5
                            Dec 9, 2024 11:12:12.426569939 CET49721443192.168.2.523.47.168.24
                            Dec 9, 2024 11:12:12.460690022 CET49721443192.168.2.523.47.168.24
                            Dec 9, 2024 11:12:12.460772991 CET4434972123.47.168.24192.168.2.5
                            Dec 9, 2024 11:12:12.460915089 CET49721443192.168.2.523.47.168.24
                            Dec 9, 2024 11:12:12.460928917 CET4434972123.47.168.24192.168.2.5
                            Dec 9, 2024 11:12:12.506813049 CET49721443192.168.2.523.47.168.24
                            Dec 9, 2024 11:12:13.046331882 CET4434972123.47.168.24192.168.2.5
                            Dec 9, 2024 11:12:13.046407938 CET4434972123.47.168.24192.168.2.5
                            Dec 9, 2024 11:12:13.046463013 CET49721443192.168.2.523.47.168.24
                            Dec 9, 2024 11:12:13.047019005 CET49721443192.168.2.523.47.168.24
                            Dec 9, 2024 11:12:13.047034025 CET4434972123.47.168.24192.168.2.5

                            UDP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Dec 9, 2024 11:12:11.589107037 CET6010753192.168.2.51.1.1.1
                            Dec 9, 2024 11:12:25.080883980 CET5283053192.168.2.51.1.1.1

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Dec 9, 2024 11:12:11.589107037 CET192.168.2.51.1.1.10x736cStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                            Dec 9, 2024 11:12:25.080883980 CET192.168.2.51.1.1.10x17cdStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Dec 9, 2024 11:12:08.980541945 CET1.1.1.1192.168.2.50x72f1No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                            Dec 9, 2024 11:12:08.980541945 CET1.1.1.1192.168.2.50x72f1No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                            Dec 9, 2024 11:12:11.919087887 CET1.1.1.1192.168.2.50x736cNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                            Dec 9, 2024 11:12:25.218698025 CET1.1.1.1192.168.2.50x17cdNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

                            HTTP Request Dependency Graph

                            • armmf.adobe.com

                            HTTPS Proxied Packets

                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.54972123.47.168.244432876C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            TimestampBytes transferredDirectionData
                            2024-12-09 10:12:12 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                            Host: armmf.adobe.com
                            Connection: keep-alive
                            Accept-Language: en-US,en;q=0.9
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                            Sec-Fetch-Site: same-origin
                            Sec-Fetch-Mode: no-cors
                            Sec-Fetch-Dest: empty
                            Accept-Encoding: gzip, deflate, br
                            If-None-Match: "78-5faa31cce96da"
                            If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                            2024-12-09 10:12:13 UTC198INHTTP/1.1 304 Not Modified
                            Content-Type: text/plain; charset=UTF-8
                            Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                            ETag: "78-5faa31cce96da"
                            Date: Mon, 09 Dec 2024 10:12:12 GMT
                            Connection: close


                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:05:11:56
                            Start date:09/12/2024
                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\2025 Ecommerce Supply Chain 2025 - Concept note.pdf"
                            Imagebase:0x7ff686a00000
                            File size:5'641'176 bytes
                            MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:2
                            Start time:05:11:57
                            Start date:09/12/2024
                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                            Imagebase:0x7ff6413e0000
                            File size:3'581'912 bytes
                            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:4
                            Start time:05:11:58
                            Start date:09/12/2024
                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1572,i,17689240199072959443,17993278990504629327,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                            Imagebase:0x7ff6413e0000
                            File size:3'581'912 bytes
                            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            Disassembly

                            No disassembly