Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
E09VCIAPRWC9ATV6.pdf

Overview

General Information

Sample name:E09VCIAPRWC9ATV6.pdf
Analysis ID:1419156
MD5:b2d1080beed9ef9b39290e12d87114fe
SHA1:b77015962e5feced7c0327aac5d392e2e20980a1
SHA256:3bd56d06d88a736f85312de61c47d839b3f43880d24e4f0a90e386f37a919886
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7608 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\E09VCIAPRWC9ATV6.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7776 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7968 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1784 --field-trial-handle=1712,i,6492237784614893330,17018531157738003972,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 23.196.176.131:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 23.196.176.131:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 23.196.176.131:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 23.196.176.131:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 23.196.176.131:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 23.196.176.131:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 23.196.176.131:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 23.196.176.131:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 23.196.176.131:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 23.196.176.131:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.196.176.131:443
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: classification engineClassification label: clean1.winPDF@14/43@0/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7660Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-03 07-31-44-181.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\E09VCIAPRWC9ATV6.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1784 --field-trial-handle=1712,i,6492237784614893330,17018531157738003972,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1784 --field-trial-handle=1712,i,6492237784614893330,17018531157738003972,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: E09VCIAPRWC9ATV6.pdfInitial sample: PDF keyword /JS count = 0
Source: E09VCIAPRWC9ATV6.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: E09VCIAPRWC9ATV6.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive12
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1419156 Sample: E09VCIAPRWC9ATV6.pdf Startdate: 03/04/2024 Architecture: WINDOWS Score: 1 6 Acrobat.exe 18 72 2->6         started        process3 8 AcroCEF.exe 105 6->8         started        process4 10 AcroCEF.exe 2 8->10         started        dnsIp5 13 23.196.176.131, 443, 49740 AKAMAI-ASUS United States 10->13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
E09VCIAPRWC9ATV6.pdf0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
23.196.176.131
unknownUnited States
16625AKAMAI-ASUSfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1419156
Start date and time:2024-04-03 07:30:55 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 50s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:10
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:E09VCIAPRWC9ATV6.pdf
Detection:CLEAN
Classification:clean1.winPDF@14/43@0/1
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 23.193.120.142, 52.22.41.97, 52.6.155.20, 3.219.243.226, 3.233.129.217, 23.219.155.173, 23.219.155.144, 23.219.155.159, 23.219.155.165, 23.219.155.137, 172.64.41.3, 162.159.61.3, 23.219.155.148
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
23.196.176.131DEC-2023-12(20)-REXFPDF.urlGet hashmaliciousUnknownBrowse
    SimpleROOSg.exeGet hashmaliciousUnknownBrowse
      ge3W2hLPfF.exeGet hashmaliciousHavocBrowse
        Annual_Workers' Compensation Insurance Coverage, Wage Adjustment, For mmerryman _Fri Dec,2023.emlGet hashmaliciousUnknownBrowse

          Domains

          No context

          ASNs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          AKAMAI-ASUShttps://castorndpollux.com/R9283762154.zipGet hashmaliciousXWormBrowse
          • 23.202.106.101
          file.exeGet hashmaliciousVidarBrowse
          • 23.61.62.148
          https://www.aihr.com/blog/execution-excellence-impact/Get hashmaliciousUnknownBrowse
          • 23.39.130.103
          https://flow.page/sync1systems.com&d=DwMGaQGet hashmaliciousUnknownBrowse
          • 23.221.212.203
          file.exeGet hashmaliciousVidarBrowse
          • 23.194.234.100
          https://microsoftonlineservice.com.general-meel.xyz/w?cms=mr.been@uk.comGet hashmaliciousHTMLPhisherBrowse
          • 184.26.74.213
          SecuriteInfo.com.Win32.PWSX-gen.28191.20359.exeGet hashmaliciousVidarBrowse
          • 23.194.234.100
          https://dbdhdhd.weeblysite.com/Get hashmaliciousUnknownBrowse
          • 23.215.0.171
          https://mailsupport884747474.weeblysite.com/Get hashmaliciousUnknownBrowse
          • 23.40.179.76
          file.exeGet hashmaliciousVidarBrowse
          • 104.105.90.131

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):292
          Entropy (8bit):5.1948489877166795
          Encrypted:false
          SSDEEP:6:U8fQ+q2Pwkn2nKuAl9OmbnIFUt8d8fgZmw+d8fQVkwOwkn2nKuAl9OmbjLJ:5fQ+vYfHAahFUt8Sfg/+SfQV5JfHAaSJ
          MD5:A64A4F4D4568397FF535CAC34BB73030
          SHA1:FE546E75C0CC07F155ED0B509B7E9C1D9D6A2F56
          SHA-256:8EE8836161B830D5B6FA600885AA0FA9533F8D670104ED8AC958FC86D8187713
          SHA-512:FE28D718E81850F0BBAFE321D0506C15959CC3D90CFE1FA4888B69D21AC3A31C0C03BF0D6F0DB4DB7F510071F80E3D46D11C9AEB0AB4A36A9AA8E82362B320CD
          Malicious:false
          Reputation:low
          Preview:2024/04/03-07:31:41.935 1e7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/03-07:31:41.935 1e7c Recovering log #3.2024/04/03-07:31:41.935 1e7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):292
          Entropy (8bit):5.1948489877166795
          Encrypted:false
          SSDEEP:6:U8fQ+q2Pwkn2nKuAl9OmbnIFUt8d8fgZmw+d8fQVkwOwkn2nKuAl9OmbjLJ:5fQ+vYfHAahFUt8Sfg/+SfQV5JfHAaSJ
          MD5:A64A4F4D4568397FF535CAC34BB73030
          SHA1:FE546E75C0CC07F155ED0B509B7E9C1D9D6A2F56
          SHA-256:8EE8836161B830D5B6FA600885AA0FA9533F8D670104ED8AC958FC86D8187713
          SHA-512:FE28D718E81850F0BBAFE321D0506C15959CC3D90CFE1FA4888B69D21AC3A31C0C03BF0D6F0DB4DB7F510071F80E3D46D11C9AEB0AB4A36A9AA8E82362B320CD
          Malicious:false
          Reputation:low
          Preview:2024/04/03-07:31:41.935 1e7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/03-07:31:41.935 1e7c Recovering log #3.2024/04/03-07:31:41.935 1e7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):336
          Entropy (8bit):5.179721145331564
          Encrypted:false
          SSDEEP:6:UZ86N+q2Pwkn2nKuAl9Ombzo2jMGIFUt8dZ6zmWZmw+dZSDT3VkwOwkn2nKuAl97:Yt+vYfHAa8uFUt8/6zmW/+/c3V5JfHAv
          MD5:9D70AD0B913E5A34B6F9E78D432DD4B2
          SHA1:7C29985D1CE8693B27C226703BC13E61B7321606
          SHA-256:335C563E45715A080AD093E89272A06FDC8EF320BDB73FF7BE0157E95827E9F4
          SHA-512:B3FDF0CA24D5B6371C77A6B6CECA8CD79F11EC9F9F37B1D9887B872AA0CF5F5ECA057E84B187B07B55B97476F815920F33A4143EB2491BEF4DE403F24CD79527
          Malicious:false
          Reputation:low
          Preview:2024/04/03-07:31:42.034 1f5c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/03-07:31:42.059 1f5c Recovering log #3.2024/04/03-07:31:42.060 1f5c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):336
          Entropy (8bit):5.179721145331564
          Encrypted:false
          SSDEEP:6:UZ86N+q2Pwkn2nKuAl9Ombzo2jMGIFUt8dZ6zmWZmw+dZSDT3VkwOwkn2nKuAl97:Yt+vYfHAa8uFUt8/6zmW/+/c3V5JfHAv
          MD5:9D70AD0B913E5A34B6F9E78D432DD4B2
          SHA1:7C29985D1CE8693B27C226703BC13E61B7321606
          SHA-256:335C563E45715A080AD093E89272A06FDC8EF320BDB73FF7BE0157E95827E9F4
          SHA-512:B3FDF0CA24D5B6371C77A6B6CECA8CD79F11EC9F9F37B1D9887B872AA0CF5F5ECA057E84B187B07B55B97476F815920F33A4143EB2491BEF4DE403F24CD79527
          Malicious:false
          Reputation:low
          Preview:2024/04/03-07:31:42.034 1f5c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/03-07:31:42.059 1f5c Recovering log #3.2024/04/03-07:31:42.060 1f5c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):475
          Entropy (8bit):4.956796897039125
          Encrypted:false
          SSDEEP:12:YH/um3RA8sqZdAsBdOg2Hacaq3QYiubInP7E4T3y:Y2sRdsCVdMHV3QYhbG7nby
          MD5:7294F3CD2B53FB40232EB4D307445E02
          SHA1:23D1F6ADEB860094B60BF174FB50FFACA82A44C0
          SHA-256:3CBBFE3887A6C0514665955A33559519495351C47CEBC033E5A038C7338453E7
          SHA-512:D240E88EFC44D75FDDF870AED309AF2E869829AEA31B9BAC53C2E9C56F9105D0F9A282243B0FD4AD6B219949D18F8B843C0C90010CB288E3604C891006535DEE
          Malicious:false
          Reputation:low
          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13356682313944145","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":126023},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\ade65e3b-8b10-4974-8afb-17125fda149f.tmp

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:JSON data
          Category:modified
          Size (bytes):475
          Entropy (8bit):4.956796897039125
          Encrypted:false
          SSDEEP:12:YH/um3RA8sqZdAsBdOg2Hacaq3QYiubInP7E4T3y:Y2sRdsCVdMHV3QYhbG7nby
          MD5:7294F3CD2B53FB40232EB4D307445E02
          SHA1:23D1F6ADEB860094B60BF174FB50FFACA82A44C0
          SHA-256:3CBBFE3887A6C0514665955A33559519495351C47CEBC033E5A038C7338453E7
          SHA-512:D240E88EFC44D75FDDF870AED309AF2E869829AEA31B9BAC53C2E9C56F9105D0F9A282243B0FD4AD6B219949D18F8B843C0C90010CB288E3604C891006535DEE
          Malicious:false
          Reputation:low
          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13356682313944145","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":126023},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):4730
          Entropy (8bit):5.262845386415642
          Encrypted:false
          SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7+jADFZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goH
          MD5:9D37E54C33C31A2DDD619DDD20F57CAC
          SHA1:BA0E8CA662A23449AA0CAF7C71B7E52862FF19BA
          SHA-256:7555566FEB6B28294A58603E5191987592694374D87DC29CFCF93656BFE891CF
          SHA-512:06B39CC24308270F79BB85CD04C16EFF97C209AEDEFE0E3ED7632772D179DC44E3521C5E9028A9AC4BC1506A08B638F03AB56BF014F08E07ADF5E4800351F477
          Malicious:false
          Reputation:low
          Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):324
          Entropy (8bit):5.189415207781895
          Encrypted:false
          SSDEEP:6:UZYi+q2Pwkn2nKuAl9OmbzNMxIFUt8dZ2C7WZmw+dZ2dMDVkwOwkn2nKuAl9Ombg:YL+vYfHAa8jFUt8/2QW/+/2+V5JfHAab
          MD5:BE12DA4A13CFE5D20FDA015BE2313D21
          SHA1:BFB250940735E1DD6A2FD4AB5F0C00EDFC390CDF
          SHA-256:924C513DFDFC802BCCC5722B02BE981ADDD3EA51057B5D0C4F6ECAB5AD6CE476
          SHA-512:1180147044F3006A4B78A2721890364C605158B7A6C50180D55639506D565C3769E1AB907F72CECF4F4DE47014A2979AC9B3BC8090D06D166E92F62FE1500EA0
          Malicious:false
          Reputation:low
          Preview:2024/04/03-07:31:42.447 1f5c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/03-07:31:42.453 1f5c Recovering log #3.2024/04/03-07:31:42.458 1f5c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):324
          Entropy (8bit):5.189415207781895
          Encrypted:false
          SSDEEP:6:UZYi+q2Pwkn2nKuAl9OmbzNMxIFUt8dZ2C7WZmw+dZ2dMDVkwOwkn2nKuAl9Ombg:YL+vYfHAa8jFUt8/2QW/+/2+V5JfHAab
          MD5:BE12DA4A13CFE5D20FDA015BE2313D21
          SHA1:BFB250940735E1DD6A2FD4AB5F0C00EDFC390CDF
          SHA-256:924C513DFDFC802BCCC5722B02BE981ADDD3EA51057B5D0C4F6ECAB5AD6CE476
          SHA-512:1180147044F3006A4B78A2721890364C605158B7A6C50180D55639506D565C3769E1AB907F72CECF4F4DE47014A2979AC9B3BC8090D06D166E92F62FE1500EA0
          Malicious:false
          Reputation:low
          Preview:2024/04/03-07:31:42.447 1f5c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/03-07:31:42.453 1f5c Recovering log #3.2024/04/03-07:31:42.458 1f5c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240403053146Z-151.bmp

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:PC bitmap, Windows 3.x format, 164 x -145 x 32, cbSize 95174, bits offset 54
          Category:dropped
          Size (bytes):95174
          Entropy (8bit):2.0582939693607596
          Encrypted:false
          SSDEEP:384:PfTIP+Qt1ec+R9YtubRFn+5WQxDf2Jg3qOy4:nT6t1X+R8utFKGgs4
          MD5:164D7476B6163E8510C6D14B021A57FF
          SHA1:E1FEF8F2855BE64207CADBFAA06DDAAE6062A8A0
          SHA-256:26385A370039F39DA0D3CDB5213FCF5B4A04A34A3479137064872A2FEDEF5899
          SHA-512:6B807D79E2EB1462DF4C8B35018EAB6DDB2321BE149FA96A0DCCFA5C39AB4E46E380B20D706854ADED57F28EE90B28C21918F98E85A2A53E6ABFC5BEDCFD808F
          Malicious:false
          Reputation:low
          Preview:BM.s......6...(.......o..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
          Category:dropped
          Size (bytes):86016
          Entropy (8bit):4.445082040552655
          Encrypted:false
          SSDEEP:384:yezci5toiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rPs3OazzU89UTTgUL
          MD5:50367C0EE49C6A9CEE80CC720D6E6114
          SHA1:D9A21ED86318C412A5038792CBD2AB66E6843797
          SHA-256:4AE933E5E1CA05C673FB456F696F9D7D649FE5F75CFBA6874726A5A425A3DEC7
          SHA-512:1A920C975081016E6AA737BB3D231D971782665D67AC98E9D43D87F8C14D0358FEC4F24E1D96F1EC86C1FF43A4ED71F7176A62F20FFE5220F327F0663FB91D35
          Malicious:false
          Reputation:low
          Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:SQLite Rollback Journal
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):3.771593998216518
          Encrypted:false
          SSDEEP:48:7Mxcp/E2ioyVGioy9oWoy1Cwoy1uKOioy1noy1AYoy1Wioy1hioybioy8oy1noyn:7IcpjuGFlXKQhNb9IVXEBodRBkv
          MD5:EF2E6F904576A7965288B353D6AFFBCF
          SHA1:1785EF0710E57FD37CD74DF64D052D04B023D46C
          SHA-256:9F2F266EB236FF91C2C2540C225D46A8F2F8044C101A490C5FBAA7426E83255A
          SHA-512:FB02084B7E16FA3803022134C7A2115D3C117576E7433F35C6D8BEAD463B6E5916E8B8B6BB093F6A86F660F18DC51916902D53C0D9B71AA4699E1E1BDEBE2F3C
          Malicious:false
          Reputation:low
          Preview:.... .c.....n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7660

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:PostScript document text
          Category:dropped
          Size (bytes):185099
          Entropy (8bit):5.182478651346149
          Encrypted:false
          SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
          MD5:94185C5850C26B3C6FC24ABC385CDA58
          SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
          SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
          SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
          Malicious:false
          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:PostScript document text
          Category:dropped
          Size (bytes):185099
          Entropy (8bit):5.182478651346149
          Encrypted:false
          SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
          MD5:94185C5850C26B3C6FC24ABC385CDA58
          SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
          SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
          SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
          Malicious:false
          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:data
          Category:dropped
          Size (bytes):244540
          Entropy (8bit):3.3415042960460593
          Encrypted:false
          SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwggErRo+RQn:yPClJ/3AYvYwgrFo+RQn
          MD5:758B42992DDFC41CB5E57069C621B54A
          SHA1:D0C28AF6CF1BD2208DA97DEDE57F6C78CEC98DCD
          SHA-256:55DF75758DD6CA825ED2DC9380EDC8469351191308C34CACFC44205197ABD25D
          SHA-512:437918372167A402005A728DCBBEF7B3A9580B794AD6A948A435C9D57C1672ACC1B7376E2A09113B66600EF5049D23625174256565BC639125A2F2BD07928926
          Malicious:false
          Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):295
          Entropy (8bit):5.362139249737611
          Encrypted:false
          SSDEEP:6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJM3g98kUwPeUkwRe9:YvXKXiK2Zc0v3+GMbLUkee9
          MD5:6502CFDA4E288E771E8B5D4C90E98D2E
          SHA1:22E2D809B33CFDB7014BB1C18D77C51480BD5144
          SHA-256:A1E83C3C786847402CCF435FEF4B3A04914AB2EAE44F14EB17B91DF289B03F4A
          SHA-512:315E968411126AB9409B4C0D8D3F50F61754649BDF5D6F888E1949DAB19BD18ADEAB3317CC223442A057DE25AF51FD020F58D392DFF0C6D941D0827E32EDA579
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"ffbffdf2-ecc8-4a9a-9838-f590b6df7085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1712300402490,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):294
          Entropy (8bit):5.308911051764833
          Encrypted:false
          SSDEEP:6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJfBoTfXpnrPeUkwRe9:YvXKXiK2Zc0v3+GWTfXcUkee9
          MD5:7F6B8B4D77FA14C393D8C14B77C8A614
          SHA1:B2AB2EFAAD285FEC65A2126C318ACD2438C6CB83
          SHA-256:C684213638ACD4C3C11851A98778E54F0E68889D6C1D1F7BEF792ECEE1615300
          SHA-512:12F6BAD5338FDA717C9F1EAA18EFE09DBDF6E1BF16D5E2ABA3EA33B3097BDAEB9E68FE2EBAF4F22FABA4692AFA83CAEF4FA48A3181A4C55667E844F0303B6B38
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"ffbffdf2-ecc8-4a9a-9838-f590b6df7085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1712300402490,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):294
          Entropy (8bit):5.28717054712264
          Encrypted:false
          SSDEEP:6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJfBD2G6UpnrPeUkwRe9:YvXKXiK2Zc0v3+GR22cUkee9
          MD5:5ED4A0DA31071A9465851865FD026693
          SHA1:975DDE5D81EB9099ADF35378719B5E7C07D55649
          SHA-256:DCFBB81B03B826C01435C7CFC8DA6347D84A9979DC1F8A2D04A800AD193A27EC
          SHA-512:390CF8D394DD6D690EF4545ABED1CD3A441990071241423412E2C1FC200185EFE4A33C1D09DB447DD21772CDD15DCFBCB46C14CAFBF59CDB5C2FA66CC18DC6A8
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"ffbffdf2-ecc8-4a9a-9838-f590b6df7085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1712300402490,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):285
          Entropy (8bit):5.3491068037720835
          Encrypted:false
          SSDEEP:6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJfPmwrPeUkwRe9:YvXKXiK2Zc0v3+GH56Ukee9
          MD5:ED2D100146F3FDF5240753422DFD0AC8
          SHA1:52D7091A497B5613BC393278C80667D4A033FA86
          SHA-256:2903B97B9115C63952A395906A439FE724B52DE5660B0F1598BA4AB15FF393BD
          SHA-512:FF817B9B0D91B60105FAE0296BDC6721E22E38A7EB3C742673AB56B1672EAFE60A18862C42166E64FA73DE97EB8AB930EF17DE427B0C709DA8FEB23608F2500F
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"ffbffdf2-ecc8-4a9a-9838-f590b6df7085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1712300402490,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):292
          Entropy (8bit):5.3092886240992865
          Encrypted:false
          SSDEEP:6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJfJWCtMdPeUkwRe9:YvXKXiK2Zc0v3+GBS8Ukee9
          MD5:8BB3A889C32AE83F85A48ED2E16E57CC
          SHA1:FC87ADC0CF75EDF685556BA453AC69BE3137DE04
          SHA-256:7F97624B1DC0CB79CA791C0D1A53D471E4B25366F6E5FF5AB4A8F3BDE3A9C9BD
          SHA-512:CF7AD13099CE770DD706893AAA91B42C563B81233B55D4192EA442D9065E8F65105AFE0133E072FF50E2252C3F0F20F417767B449282F26D7E24F4356671929F
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"ffbffdf2-ecc8-4a9a-9838-f590b6df7085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1712300402490,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):289
          Entropy (8bit):5.295873845793351
          Encrypted:false
          SSDEEP:6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJf8dPeUkwRe9:YvXKXiK2Zc0v3+GU8Ukee9
          MD5:5AD40E1C812A33D02464FA81EED0C8E7
          SHA1:1B36E7FC1F4460FDDC8DA70C3FD0BBDF11A865D4
          SHA-256:F69A89E5EB88C90838393479E57438904A3F8A8E56609B0F7D1C7270792FE289
          SHA-512:9F55E9D8467C17AD0B6E2352DD2959AEB25943F6AAD4A8702C77F31BFBCA95799948E645DB46F00D4E2C99B384F818E74A305176F5EDFC26B0DD0D7E743CD78F
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"ffbffdf2-ecc8-4a9a-9838-f590b6df7085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1712300402490,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):292
          Entropy (8bit):5.300107672808338
          Encrypted:false
          SSDEEP:6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJfQ1rPeUkwRe9:YvXKXiK2Zc0v3+GY16Ukee9
          MD5:E90AA7BB1E9C968F3A2EF87AA3E867D8
          SHA1:E701B1991414D9780F367B6C586A928CE17DF390
          SHA-256:1786C44CE31CAADBF5A0EDD0D286C2741F3C1ADDE51D24BB22577BDD7BB381DF
          SHA-512:5729CA6F6E8CB52857D39EE8176812142A36ABD343DCCB347C253842C78E092EB69E25441BE8774AE1E9DEE6F93BCFBF90D8C5ED02EDA76AD218A5A13F3EC698
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"ffbffdf2-ecc8-4a9a-9838-f590b6df7085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1712300402490,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):289
          Entropy (8bit):5.305176929850762
          Encrypted:false
          SSDEEP:6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJfFldPeUkwRe9:YvXKXiK2Zc0v3+Gz8Ukee9
          MD5:158D8AAFD2EB199D7D062DDA27CD10ED
          SHA1:AF4EAF763D5AC2B1B87E7EEA760A7E4EFA003E4C
          SHA-256:A17A68B87FDB8D6D1E224DD34E9FDD911F7328B1415CD69F4185B59BA74FFA39
          SHA-512:6066C4BCAD196089E04EBB8205DFD8200086AEE9CE667D47F898505E394AC37478696C88616B56F548A532FFF88CBEAC61A4BCF18EFB463FD60433009C3087C9
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"ffbffdf2-ecc8-4a9a-9838-f590b6df7085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1712300402490,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):295
          Entropy (8bit):5.321764751505739
          Encrypted:false
          SSDEEP:6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJfzdPeUkwRe9:YvXKXiK2Zc0v3+Gb8Ukee9
          MD5:26DE3AD3E7771562D9421DEBA5890537
          SHA1:9907F2F4AD26C64D1D411A38E038DA840AD95BA1
          SHA-256:9E2D5A26D1E6BD9C154FF6016208577C7831B21AC9E46894D47B0C5E5A531405
          SHA-512:73FF362361D433EFC2F605D762212C6DD809E039D86BF04DD38409094CF8C2495B428092830C6C353AA6C7122FE1843B1FAD9A6D5A0E4AAB398E61EDC55084AD
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"ffbffdf2-ecc8-4a9a-9838-f590b6df7085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1712300402490,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):289
          Entropy (8bit):5.302458344741443
          Encrypted:false
          SSDEEP:6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJfYdPeUkwRe9:YvXKXiK2Zc0v3+Gg8Ukee9
          MD5:A163A7DAAE6E068549328FFFBBCB52D1
          SHA1:F6228C45D2F2E6E428B9D6234C3E90F514EFF62D
          SHA-256:4BC1297E30974C7C55CC00912433C2D2F1C52AF136915D475053B0AB84E2AB08
          SHA-512:5A82162DFE633A9980CB8DF8CA19E9F675E43492CA6AD9E5DD8E977B202C72EBBC5D9D9E57671D5954965C6D79276D45192EF4D5C959C5F2B9AA2857E4BFF70A
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"ffbffdf2-ecc8-4a9a-9838-f590b6df7085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1712300402490,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):1395
          Entropy (8bit):5.776466739731272
          Encrypted:false
          SSDEEP:24:Yv6Xuzv3prLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNyx1:YvVxHgDv3W2aYQfgB5OUupHrQ9FJK1
          MD5:7D1EC4D7CD11CE578F90CB5CACC7C482
          SHA1:6C05D0E572A42103FBB0DDE59328675A863ED824
          SHA-256:DD7A7B9A214C6CB1CC28BAB83F08B08F1DA7BF4EBBA35CA0C17C36C28C9A8AF0
          SHA-512:EEE8C302608DAA5E34CA83E68E2CDCEDBCD478509973351E2578019EAF4DB40FB18F1F63F27011D25BD20940DE9C3AB647058281CCD6125AF3A95F1E2E286DEE
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"ffbffdf2-ecc8-4a9a-9838-f590b6df7085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1712300402490,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):291
          Entropy (8bit):5.28598854657516
          Encrypted:false
          SSDEEP:6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJfbPtdPeUkwRe9:YvXKXiK2Zc0v3+GDV8Ukee9
          MD5:A2308E170765A7BBB7F6E5C555466421
          SHA1:6C36A9737A25B56675A8B384534A782979C2D44F
          SHA-256:862FECB849609D8E7BF46772AE7825FAEDB29D4C8C9AC00A5475FE4A55E3466D
          SHA-512:E3667157663B6BD597D6DBA4A6D89F47998AD274E68A21A456C4D5E1C6BF829F498317BF84B81D43540721222D780E00E31758C4D10A09AC880E1623401950A1
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"ffbffdf2-ecc8-4a9a-9838-f590b6df7085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1712300402490,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):287
          Entropy (8bit):5.290674026373771
          Encrypted:false
          SSDEEP:6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJf21rPeUkwRe9:YvXKXiK2Zc0v3+G+16Ukee9
          MD5:5A831A38386D4093688F63BA24E0456A
          SHA1:1718343BE91F0A7C7DA6A19E40FD1D3C2388AB44
          SHA-256:96187F6027E2896028A8B40FC839A230BD7B8F2DB07874E6930349A5938217B7
          SHA-512:26A2561A65A0873A1754BC9341AB1E4E6E797453DAF0647A4758D65F500564EE4BBDF12C5F307C108A315B63EAC4A6F1339555361098540D84840CE59C33D1B0
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"ffbffdf2-ecc8-4a9a-9838-f590b6df7085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1712300402490,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):289
          Entropy (8bit):5.308999655425369
          Encrypted:false
          SSDEEP:6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJfbpatdPeUkwRe9:YvXKXiK2Zc0v3+GVat8Ukee9
          MD5:802872522EB83115BBEFEC97E0CAE432
          SHA1:398100B50AF7B38C2D1A93B187398C96977A0ECB
          SHA-256:C41CEBCAA5BB7613C9BFCC62C5D0E8D9D0E1C3A982A8743F57BB486DD97CD2C3
          SHA-512:F7662CA6DC31F7E3AC4A7C5F658B072C5382000C7C3B3AADD164FE951DA910B3F7AB19A27084CE09FEBE908969BB387F73C54776DC37F3C0ACF2FBD5B489683D
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"ffbffdf2-ecc8-4a9a-9838-f590b6df7085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1712300402490,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):286
          Entropy (8bit):5.266027127783016
          Encrypted:false
          SSDEEP:6:YEQXJ2HXPKRobUKtHVoZcg1vRcR0YoMKoAvJfshHHrPeUkwRe9:YvXKXiK2Zc0v3+GUUUkee9
          MD5:953593E69017857C7DE2BF2C20489929
          SHA1:B0C9DE7FD6785B34E3F99F208DD87EFB2BF8A92B
          SHA-256:5A817D9936286B2715A01D2602B7D78F1371DEB8616FC937A81778FAF416C9FD
          SHA-512:835323CFA91F412B2C7E9C66ACFB6AEE4A1A07ED90472426E721E7F415C80B1D063D692F4EB727B84069EB7A8B33C0B3EA08951290880F68A0A3AB9BD02F287B
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"ffbffdf2-ecc8-4a9a-9838-f590b6df7085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1712300402490,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):782
          Entropy (8bit):5.369507974546643
          Encrypted:false
          SSDEEP:12:YvXKXiK2Zc0v3+GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW2x1:Yv6Xuzv3I168CgEXX5kcIfANhfx1
          MD5:4016AD60CD59AC01E115E4B1C54C1C36
          SHA1:36991DF2B25A4F566AEADAA738797A19EF6502E0
          SHA-256:825F59BA65D5A86BCF3762C3E799EEF864C4B1CD592214E2A90A71579C22E9FC
          SHA-512:1542124E3A24071E4C4EDE7142A12B54F440B5C14AF8EFA4D06F6218BF9107EE3F9533117D37C93BD5239D9373D359564698ACF99634E94C0D8D4AD666462153
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"ffbffdf2-ecc8-4a9a-9838-f590b6df7085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1712300402490,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1712122307522}}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:data
          Category:dropped
          Size (bytes):4
          Entropy (8bit):0.8112781244591328
          Encrypted:false
          SSDEEP:3:e:e
          MD5:DC84B0D741E5BEAE8070013ADDCC8C28
          SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
          SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
          SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
          Malicious:false
          Preview:....

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):2813
          Entropy (8bit):5.113862520863091
          Encrypted:false
          SSDEEP:48:YBfBQ9c3Nt0RAuzBx9xSx+VgPWAtptQ9e:Ou9mNt0RAu9x9sxXuAwe
          MD5:A5CE7953A2F681EC5DB583773DEE6C81
          SHA1:11A4D431E14D6E03E87228F2B28B5FC1B30BF987
          SHA-256:39E56685F2904B4F4C398B01D8F354EAE231290133B6B5F484F7CFFB8BCC2B8E
          SHA-512:57962F96A58148A1DAC209223258AB855028FC35C4B3BA0E3DD278F7B10A24EF5330B2B539BA0AB68C0F1377438258FAB35C57E2D130879DA919CBC2A6757701
          Malicious:false
          Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"9ba000558a7dc4737c7667279eecd32d","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1712122306000},{"id":"Edit_InApp_Aug2020","info":{"dg":"a4afe13c6d0b43588acc297cf42e5b8e","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1712122306000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"fb08ea25e0342a8d37d70a3fcb10edbe","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1712122306000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"3bf48ea57c4dd3bbd611e7ff6097a179","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1712122306000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"da59fd9749d23413fc228858ee4461da","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1712122306000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"3542fac8d14eb2ac17883ed6542c52fc","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1712122306000},{

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
          Category:dropped
          Size (bytes):12288
          Entropy (8bit):1.1871108757732023
          Encrypted:false
          SSDEEP:48:TGufl2GL7msEHUUUUUUUU6SvR9H9vxFGiDIAEkGVvpI:lNVmswUUUUUUUU6+FGSIt8
          MD5:C72480ED10A8F40E7DBC8441B5E31952
          SHA1:EE15CE9C008D3D06D3FFA0B06F4F22FE9AE5D87A
          SHA-256:328B84144B96AC622B2862C6AC1D0E95F576DCBAC2650E8D04C5064722FAA26C
          SHA-512:5B250BC51ACF101F17B9B2A9DA30E941DF30D988F613E8561262AE0986AA0287920A8E2505A65FF2927ED560146ED439145203AEC82AB35A51A84E446FC4CCF1
          Malicious:false
          Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:SQLite Rollback Journal
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):1.6078435123725936
          Encrypted:false
          SSDEEP:48:7MHKUUUUUUUUUU4vR9H9vxFGiDIAEkGVvzWqFl2GL7msj:7FUUUUUUUUUUwFGSIt1WKVmsj
          MD5:3CA9A1FA7833361EA8E3BE6FB5487CFB
          SHA1:079D9672941D629FC4BBB20CA6219504430FA67D
          SHA-256:9E227F8E0BC6151ADEA4E7E0316DF586525F49DB56CA4E646645A057EC1BEEEE
          SHA-512:8E7B20F8AE4ABAB90E30722BEA3937C27E481378CF54C12781EBBC04879314C3E8FB756A838EBF5FABEC04004D4981B3A55DB7F8EA11FA7E7FED45D6D2B89A97
          Malicious:false
          Preview:.... .c.....<..R......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSIcc544.LOG

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
          Category:dropped
          Size (bytes):246
          Entropy (8bit):3.5248044522866877
          Encrypted:false
          SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K82bkw9:Qw946cPbiOxDlbYnuRKX4O
          MD5:68A6636600D888A9FE990D400F1B865D
          SHA1:13911171920BBF506F9DC2B99F1BCBB07B31344B
          SHA-256:05A06C7BBDC85719D85273404E1B264F7E53D439BE15B9181F9372E85DC65B3C
          SHA-512:C6437C675F363047137D497CDB0ECE98B0978E846DDA1F380D3896080C5167AE6B350EE70F5FE6C5BE01A337A5053E59927FE135F3BB4C1929B556222511744E
          Malicious:false
          Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.3./.0.4./.2.0.2.4. . .0.7.:.3.1.:.4.9. .=.=.=.....

          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-03 07-31-44-181.log

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:ASCII text, with very long lines (393)
          Category:dropped
          Size (bytes):16525
          Entropy (8bit):5.345946398610936
          Encrypted:false
          SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
          MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
          SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
          SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
          SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
          Malicious:false
          Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:ASCII text, with very long lines (393), with CRLF line terminators
          Category:dropped
          Size (bytes):16603
          Entropy (8bit):5.327028141494266
          Encrypted:false
          SSDEEP:384:Wce5GAvQ61uYbtJyAkshsds3s+/LMVTRk47exS2T3jpokOndb8OO5J3AXN0RPBW2:Y/R
          MD5:395373BF402A61872C8C00F038D5CCBA
          SHA1:2893F760B8F3A9BF2FD5897186133B3A915D4CB6
          SHA-256:2B506DEC36F0D8772C03ED84C560F916FD53BED262845A57C50B53F44B853D30
          SHA-512:48554E48F06282D55013095E9480BC34740A1B15EC8E5EF7B795C405DF97BC91B61839A4EAED85FE9C4666D5D62DBDC3109CFC9B6EA1FBC56AB6FDF321583C7B
          Malicious:false
          Preview:SessionID=2724dc2b-3b50-4668-a04f-eacfc9a6420c.1712122304205 Timestamp=2024-04-03T07:31:44:205+0200 ThreadID=7904 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=2724dc2b-3b50-4668-a04f-eacfc9a6420c.1712122304205 Timestamp=2024-04-03T07:31:44:206+0200 ThreadID=7904 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=2724dc2b-3b50-4668-a04f-eacfc9a6420c.1712122304205 Timestamp=2024-04-03T07:31:44:206+0200 ThreadID=7904 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=2724dc2b-3b50-4668-a04f-eacfc9a6420c.1712122304205 Timestamp=2024-04-03T07:31:44:206+0200 ThreadID=7904 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=2724dc2b-3b50-4668-a04f-eacfc9a6420c.1712122304205 Timestamp=2024-04-03T07:31:44:206+0200 ThreadID=7904 Component=ngl-lib_NglAppLib Description="SetConf

          C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):29845
          Entropy (8bit):5.385474524136605
          Encrypted:false
          SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rr:f
          MD5:D2E77F5EF7BA03611F4183A3C9C652C9
          SHA1:F1D17EDF5649D24D6DCF57F47399EC6409AB1034
          SHA-256:1BF3538BDADE29B96E77F759DD1FFF5185E5C312E77E06C8AD3123F561F84CED
          SHA-512:1ED620683F84DC2BA28F134D237F8C7A2A0F08DF02473F197F1EA0BF55816CC25EC283DC1A54D68F7CCAD5FE7CC2CC7ECB5AF257F7BEAA74FE07D6EE54D49E9A
          Malicious:false
          Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

          C:\Users\user\AppData\Local\Temp\acrocef_low\3b21cbe7-b463-46fe-bb89-266f36d7010e.tmp

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
          Category:dropped
          Size (bytes):758601
          Entropy (8bit):7.98639316555857
          Encrypted:false
          SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
          MD5:3A49135134665364308390AC398006F1
          SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
          SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
          SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
          Malicious:false
          Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

          C:\Users\user\AppData\Local\Temp\acrocef_low\432588d0-229c-4b68-b201-195f878c279f.tmp

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
          Category:dropped
          Size (bytes):1419751
          Entropy (8bit):7.976496077007677
          Encrypted:false
          SSDEEP:24576:/M7ouWLaGZjZwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLaGZjZwZGk3mlind9i4ufFXpAXkru
          MD5:AE1E8A5D3E7B2198980A0CA16DE5F3D3
          SHA1:A1DB2C58AFC81E6A114A8EB47BE0243956F79460
          SHA-256:8C2E1B13F6658714D51737D6745FE065B87497923945AB3028706A4171C8328F
          SHA-512:5B36CF0982C5AFED5CCEA4B30A0B31A2B5312FBF5438623D53153E076B59F1B4BEF8C08695EA74E086BCA4EF7221889DB977B5DCFF4C684BA0683FDDECDE2EC4
          Malicious:false
          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

          C:\Users\user\AppData\Local\Temp\acrocef_low\7d0058b2-c992-4e19-be27-a2c1f6995b74.tmp

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
          Category:dropped
          Size (bytes):386528
          Entropy (8bit):7.9736851559892425
          Encrypted:false
          SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
          MD5:5C48B0AD2FEF800949466AE872E1F1E2
          SHA1:337D617AE142815EDDACB48484628C1F16692A2F
          SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
          SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
          Malicious:false
          Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

          C:\Users\user\AppData\Local\Temp\acrocef_low\9f7b7808-e2b2-4465-bcce-880770f469b6.tmp

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
          Category:dropped
          Size (bytes):1407294
          Entropy (8bit):7.97605879016224
          Encrypted:false
          SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
          MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
          SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
          SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
          SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
          Malicious:false
          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

          Static File Info

          General

          File type:PDF document, version 1.4, 1 pages
          Entropy (8bit):7.770842467948956
          TrID:
          • Adobe Portable Document Format (5005/1) 100.00%
          File name:E09VCIAPRWC9ATV6.pdf
          File size:35'307 bytes
          MD5:b2d1080beed9ef9b39290e12d87114fe
          SHA1:b77015962e5feced7c0327aac5d392e2e20980a1
          SHA256:3bd56d06d88a736f85312de61c47d839b3f43880d24e4f0a90e386f37a919886
          SHA512:2ac3d3da2bdec67964df256340c6c625b14ebcbd4ef3f36f86d6331e77484d995d423e476b8ec259c631dbc968384efa1a48a0522341dd33f5b02a29f7c3f4c7
          SSDEEP:768:sEnzK+NryZdM2uR6Fx5csYa9C8lXs3f88f8nCDX9LSom:lzKerB2Vz5csvQv80Bm
          TLSH:6BF2E014C92FF06ECC5609BF1EEEF49EA7F4F970A8CC227F7D5A53A4565000B502684A
          File Content Preview:%PDF-1.4.%.....2 0 obj.<</Type/XObject/Subtype/Image/Width 1024/Height 884/Length 34076/ColorSpace/DeviceRGB/BitsPerComponent 8/Filter/FlateDecode>>stream.x.....$.]..;.5@.....^.&..t....%.<..Cz!..N...8`....,..1..l...`.$[..6.....n.6....6.4ZmY...H.....K-....

          File Icon

          Icon Hash:62cc8caeb29e8ae0

          Static PDF Info

          General

          Header:%PDF-1.4
          Total Entropy:7.770842
          Total Bytes:35307
          Stream Entropy:7.759797
          Stream Bytes:34181
          Entropy outside Streams:5.311396
          Bytes outside Streams:1126
          Number of EOF found:1
          Bytes after EOF:

          Keywords Statistics

          NameCount
          obj7
          endobj7
          stream3
          endstream3
          xref1
          trailer1
          startxref1
          /Page1
          /Encrypt0
          /ObjStm0
          /URI0
          /JS0
          /JavaScript0
          /AA0
          /OpenAction0
          /AcroForm0
          /JBIG2Decode0
          /RichMedia0
          /Launch0
          /EmbeddedFile0

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Apr 3, 2024 07:31:54.901312113 CEST49740443192.168.2.423.196.176.131
          Apr 3, 2024 07:31:54.901339054 CEST4434974023.196.176.131192.168.2.4
          Apr 3, 2024 07:31:54.901412964 CEST49740443192.168.2.423.196.176.131
          Apr 3, 2024 07:31:54.901582956 CEST49740443192.168.2.423.196.176.131
          Apr 3, 2024 07:31:54.901597023 CEST4434974023.196.176.131192.168.2.4
          Apr 3, 2024 07:31:55.299734116 CEST4434974023.196.176.131192.168.2.4
          Apr 3, 2024 07:31:55.300086975 CEST49740443192.168.2.423.196.176.131
          Apr 3, 2024 07:31:55.300106049 CEST4434974023.196.176.131192.168.2.4
          Apr 3, 2024 07:31:55.301235914 CEST4434974023.196.176.131192.168.2.4
          Apr 3, 2024 07:31:55.301315069 CEST49740443192.168.2.423.196.176.131
          Apr 3, 2024 07:31:55.308335066 CEST49740443192.168.2.423.196.176.131
          Apr 3, 2024 07:31:55.308398962 CEST4434974023.196.176.131192.168.2.4
          Apr 3, 2024 07:31:55.308518887 CEST49740443192.168.2.423.196.176.131
          Apr 3, 2024 07:31:55.308527946 CEST4434974023.196.176.131192.168.2.4
          Apr 3, 2024 07:31:55.362086058 CEST49740443192.168.2.423.196.176.131
          Apr 3, 2024 07:31:55.480076075 CEST4434974023.196.176.131192.168.2.4
          Apr 3, 2024 07:31:55.480315924 CEST4434974023.196.176.131192.168.2.4
          Apr 3, 2024 07:31:55.480407953 CEST49740443192.168.2.423.196.176.131
          Apr 3, 2024 07:31:55.480804920 CEST49740443192.168.2.423.196.176.131
          Apr 3, 2024 07:31:55.480829000 CEST4434974023.196.176.131192.168.2.4
          Apr 3, 2024 07:31:55.480839968 CEST49740443192.168.2.423.196.176.131
          Apr 3, 2024 07:31:55.480870962 CEST49740443192.168.2.423.196.176.131

          HTTP Request Dependency Graph

          • armmf.adobe.com

          HTTPS Proxied Packets

          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          0192.168.2.44974023.196.176.1314437968C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          TimestampBytes transferredDirectionData
          2024-04-03 05:31:55 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
          Host: armmf.adobe.com
          Connection: keep-alive
          Accept-Language: en-US,en;q=0.9
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
          Sec-Fetch-Site: same-origin
          Sec-Fetch-Mode: no-cors
          Sec-Fetch-Dest: empty
          Accept-Encoding: gzip, deflate, br
          If-None-Match: "78-5faa31cce96da"
          If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
          2024-04-03 05:31:55 UTC198INHTTP/1.1 304 Not Modified
          Content-Type: text/plain; charset=UTF-8
          Last-Modified: Mon, 01 May 2023 15:02:33 GMT
          ETag: "78-5faa31cce96da"
          Date: Wed, 03 Apr 2024 05:31:55 GMT
          Connection: close


          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          High Level Behavior Distribution

          Click to dive into process behavior distribution

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:07:31:41
          Start date:03/04/2024
          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\E09VCIAPRWC9ATV6.pdf"
          Imagebase:0x7ff6bc1b0000
          File size:5'641'176 bytes
          MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:moderate
          Has exited:true

          General

          Target ID:1
          Start time:07:31:41
          Start date:03/04/2024
          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
          Imagebase:0x7ff74bb60000
          File size:3'581'912 bytes
          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:moderate
          Has exited:true

          General

          Target ID:3
          Start time:07:31:41
          Start date:03/04/2024
          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1784 --field-trial-handle=1712,i,6492237784614893330,17018531157738003972,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
          Imagebase:0x7ff74bb60000
          File size:3'581'912 bytes
          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:moderate
          Has exited:true

          Disassembly

          No disassembly