Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Purchase Order 150184.PDF

Overview

General Information

Sample name:Purchase Order 150184.PDF
Analysis ID:1428743
MD5:2c1a5340c52c01aa8171271222241992
SHA1:8abcc360efb61fff9c10bb2df3d64fd19cda56da
SHA256:4c6f8c145799f0b4d1a0d0c7d4130f613da3c664f46cb4f7246a0eaab9c553d1
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6860 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Purchase Order 150184.PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7256 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7448 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1632,i,14395213634663841905,6941489701800868828,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: Joe Sandbox ViewIP Address: 184.25.164.138 184.25.164.138
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: classification engineClassification label: clean2.winPDF@14/43@0/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5020Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-19 14-46-58-573.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Purchase Order 150184.PDF"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1632,i,14395213634663841905,6941489701800868828,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1632,i,14395213634663841905,6941489701800868828,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Purchase Order 150184.PDFInitial sample: PDF keyword /JS count = 0
Source: Purchase Order 150184.PDFInitial sample: PDF keyword /JavaScript count = 0
Source: Purchase Order 150184.PDFInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive12
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1428743 Sample: Purchase Order 150184.PDF Startdate: 19/04/2024 Architecture: WINDOWS Score: 2 6 Acrobat.exe 20 72 2->6         started        process3 8 AcroCEF.exe 105 6->8         started        process4 10 AcroCEF.exe 2 8->10         started        dnsIp5 13 184.25.164.138, 443, 49740 BBIL-APBHARTIAirtelLtdIN United States 10->13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
184.25.164.138
unknownUnited States
9498BBIL-APBHARTIAirtelLtdINfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1428743
Start date and time:2024-04-19 14:46:07 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 56s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:10
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:Purchase Order 150184.PDF
Detection:CLEAN
Classification:clean2.winPDF@14/43@0/1
Cookbook Comments:
  • Found application associated with file extension: .PDF
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 23.63.204.182, 34.193.227.236, 18.207.85.246, 54.144.73.197, 107.22.247.231, 23.6.117.26, 23.6.117.24, 172.64.41.3, 162.159.61.3, 23.34.82.7, 23.34.82.6
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
  • Not all processes where analyzed, report is missing behavior information
  • VT rate limit hit for: Purchase Order 150184.PDF

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
184.25.164.138Proposal Invitation_ Proposal is Due by the EOB May 15.emlGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
    file.pdf.download.lnkGet hashmaliciousUnknownBrowse
      Factura_SA161.pdf.lnkGet hashmaliciousRHADAMANTHYSBrowse
        Re_ Medina County Kitchen.emlGet hashmaliciousUnknownBrowse
          oiDDogdK9A.exeGet hashmaliciousLokibot, PureLog Stealer, zgRATBrowse
            New_Order.xlsGet hashmaliciousUnknownBrowse
              https://enfoldindia.org/wp-content/uploads/2019/06/Restorative-Circle-Handbook-for-CCI.pdfGet hashmaliciousUnknownBrowse
                TaxForm.lnkGet hashmaliciousDarkGate, MailPassViewBrowse
                  https://ntnusa0-my.sharepoint.com/:f:/g/personal/ajaronik_ntnusa_com/EjzRads0Sf5Ivon47-zBKVABS1TZOI64W6Uv34YFqNQjmQ?e=NuZrjrGet hashmaliciousHTMLPhisher, ReCaptcha PhishBrowse
                    SOA.xlsGet hashmaliciousUnknownBrowse

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      BBIL-APBHARTIAirtelLtdINhttps://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:24e81d17-b801-4fad-ae25-120d655923c5Get hashmaliciousRemcosBrowse
                      • 23.209.188.17
                      Proposal Invitation_ Proposal is Due by the EOB May 15.emlGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                      • 184.25.164.138
                      file.pdf.download.lnkGet hashmaliciousUnknownBrowse
                      • 184.25.164.138
                      Factura_SA161.pdf.lnkGet hashmaliciousRHADAMANTHYSBrowse
                      • 184.25.164.138
                      Ud310iQZnO.elfGet hashmaliciousMiraiBrowse
                      • 182.74.25.30
                      tWpGuzQQoW.elfGet hashmaliciousMiraiBrowse
                      • 122.185.203.209
                      kGbjOmkleq.elfGet hashmaliciousMiraiBrowse
                      • 125.23.195.204
                      iH18gdEj8Y.elfGet hashmaliciousMiraiBrowse
                      • 125.19.93.33
                      xmncOD7BwX.elfGet hashmaliciousMiraiBrowse
                      • 122.184.236.50
                      SFTNQEBmOA.elfGet hashmaliciousUnknownBrowse
                      • 182.79.2.232

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.261343357285377
                      Encrypted:false
                      SSDEEP:6:XpzL+q2Pwkn2nKuAl9OmbnIFUt8YhG11Zmw+YhGjLVkwOwkn2nKuAl9OmbjLJ:XhL+vYfHAahFUt8YQX/+YQjLV5JfHAae
                      MD5:8EB941FD502EB35665B2E3548CC90D06
                      SHA1:2A63D5F7D6450DB87C28B875CA6EC23901F87290
                      SHA-256:2A6CAD86141BE015B08D47B46A350C1CF47606B1AC317E7EE9C903ABA40496FA
                      SHA-512:0E12DD41AE712F06E45B0BFC683E6F829AAE685ED0D2ECC5C1BD833ACB7ACB27D9481555EC88D42371169C7413576B219DD9853B530EA7124CD9D13D985F94EB
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/19-14:46:56.375 1c7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/19-14:46:56.376 1c7c Recovering log #3.2024/04/19-14:46:56.376 1c7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.261343357285377
                      Encrypted:false
                      SSDEEP:6:XpzL+q2Pwkn2nKuAl9OmbnIFUt8YhG11Zmw+YhGjLVkwOwkn2nKuAl9OmbjLJ:XhL+vYfHAahFUt8YQX/+YQjLV5JfHAae
                      MD5:8EB941FD502EB35665B2E3548CC90D06
                      SHA1:2A63D5F7D6450DB87C28B875CA6EC23901F87290
                      SHA-256:2A6CAD86141BE015B08D47B46A350C1CF47606B1AC317E7EE9C903ABA40496FA
                      SHA-512:0E12DD41AE712F06E45B0BFC683E6F829AAE685ED0D2ECC5C1BD833ACB7ACB27D9481555EC88D42371169C7413576B219DD9853B530EA7124CD9D13D985F94EB
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/19-14:46:56.375 1c7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/19-14:46:56.376 1c7c Recovering log #3.2024/04/19-14:46:56.376 1c7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):336
                      Entropy (8bit):5.212069950886267
                      Encrypted:false
                      SSDEEP:6:XWgM+q2Pwkn2nKuAl9Ombzo2jMGIFUt8YWeFZZmw+YWeFMMVkwOwkn2nKuAl9OmT:XNM+vYfHAa8uFUt8Y3Z/+Y3MMV5JfHAv
                      MD5:4D5F0B290E8EF59DECC36E228DCE6F20
                      SHA1:3B3096436C3A189F1D172EC385379A811A42D8F4
                      SHA-256:EC337B26935B4FFEF78909D8C28FB6A2EAD5712305B7C80F8CE7AC0A7111BCE7
                      SHA-512:E89CB4A25232952D19FAB8AA395E1CE00C4AA274E8C1C00F0684918694D955B37B74AFA18C001710521391ADAE5B4CEBEDD7DCF41CD8140EF7B14DE05D94AD0A
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/19-14:46:56.428 1d6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/19-14:46:56.429 1d6c Recovering log #3.2024/04/19-14:46:56.429 1d6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):336
                      Entropy (8bit):5.212069950886267
                      Encrypted:false
                      SSDEEP:6:XWgM+q2Pwkn2nKuAl9Ombzo2jMGIFUt8YWeFZZmw+YWeFMMVkwOwkn2nKuAl9OmT:XNM+vYfHAa8uFUt8Y3Z/+Y3MMV5JfHAv
                      MD5:4D5F0B290E8EF59DECC36E228DCE6F20
                      SHA1:3B3096436C3A189F1D172EC385379A811A42D8F4
                      SHA-256:EC337B26935B4FFEF78909D8C28FB6A2EAD5712305B7C80F8CE7AC0A7111BCE7
                      SHA-512:E89CB4A25232952D19FAB8AA395E1CE00C4AA274E8C1C00F0684918694D955B37B74AFA18C001710521391ADAE5B4CEBEDD7DCF41CD8140EF7B14DE05D94AD0A
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/19-14:46:56.428 1d6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/19-14:46:56.429 1d6c Recovering log #3.2024/04/19-14:46:56.429 1d6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\375b6dbf-7940-4695-b46d-5e6fa50d2229.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:modified
                      Size (bytes):475
                      Entropy (8bit):4.970283995895056
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqZYOxsBdOg2Hncaq3QYiubInP7E4T3y:Y2sRdslOidMHG3QYhbG7nby
                      MD5:220D8AFD2DBDAEAC57F0C936D8D63C59
                      SHA1:45EAE4F9719DDE514108BBDCC466CBC06BAD1F16
                      SHA-256:8FA0554CC9A6D26DE3A8863542DFCDB370D2E63B5E2EA9A9443BAF0C0D6A878C
                      SHA-512:AE0D97065EF378A6A7F624EADCDD0BE2A1AD5DA97A74297E60187C5CECF6019648FEB50ADCD123426C37A2A8FAA2DA26F6F7C719C7838C2D5949F785E35BBB09
                      Malicious:false
                      Reputation:low
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358090828271008","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":106806},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):475
                      Entropy (8bit):4.970283995895056
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqZYOxsBdOg2Hncaq3QYiubInP7E4T3y:Y2sRdslOidMHG3QYhbG7nby
                      MD5:220D8AFD2DBDAEAC57F0C936D8D63C59
                      SHA1:45EAE4F9719DDE514108BBDCC466CBC06BAD1F16
                      SHA-256:8FA0554CC9A6D26DE3A8863542DFCDB370D2E63B5E2EA9A9443BAF0C0D6A878C
                      SHA-512:AE0D97065EF378A6A7F624EADCDD0BE2A1AD5DA97A74297E60187C5CECF6019648FEB50ADCD123426C37A2A8FAA2DA26F6F7C719C7838C2D5949F785E35BBB09
                      Malicious:false
                      Reputation:low
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358090828271008","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":106806},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4730
                      Entropy (8bit):5.251853137729964
                      Encrypted:false
                      SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7f4A9hG1H9Z:etJCV4FiN/jTN/2r8Mta02fEhgO73go2
                      MD5:5C3E562FD445B59E17805B1A5F6F7FF7
                      SHA1:33FA2B252AE7289602AB746E5A590B555376FAE2
                      SHA-256:13393D8207E8A923D47550931B6B5DE43D6B1E252BC489A20FFB0443CE8AA5E5
                      SHA-512:2DBB3298B9C214D0753B106825C5C73526BA847D18B8466EF96F8175B0414753EEF777EFCDFFF50AE559DE96EA915DFAF39A520CF86309D5C44FD76FEFDE0C8E
                      Malicious:false
                      Reputation:low
                      Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):324
                      Entropy (8bit):5.23797690478254
                      Encrypted:false
                      SSDEEP:6:XxM+q2Pwkn2nKuAl9OmbzNMxIFUt8YDBeZZmw+YrpMVkwOwkn2nKuAl9OmbzNMFd:XxM+vYfHAa8jFUt8YD0Z/+YrpMV5JfHP
                      MD5:AFAC594BAAC8881B88279FCD35E1D6E6
                      SHA1:FD63D53963EECDBC52A3B5619E5453880DA0B668
                      SHA-256:566CBC0D3F654F6861294507064691E5431926D21B97934807EC29EAEE59F0CE
                      SHA-512:D3E961A550F9C292296404A56988AFDBD28BB2D33A24E00BD1D383E46E68C3EB80F8E3355D8064731009B0656C6059BF6A469AD8860B9C6A141A41EF223D5E35
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/19-14:46:56.767 1d6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/19-14:46:56.769 1d6c Recovering log #3.2024/04/19-14:46:56.770 1d6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):324
                      Entropy (8bit):5.23797690478254
                      Encrypted:false
                      SSDEEP:6:XxM+q2Pwkn2nKuAl9OmbzNMxIFUt8YDBeZZmw+YrpMVkwOwkn2nKuAl9OmbzNMFd:XxM+vYfHAa8jFUt8YD0Z/+YrpMV5JfHP
                      MD5:AFAC594BAAC8881B88279FCD35E1D6E6
                      SHA1:FD63D53963EECDBC52A3B5619E5453880DA0B668
                      SHA-256:566CBC0D3F654F6861294507064691E5431926D21B97934807EC29EAEE59F0CE
                      SHA-512:D3E961A550F9C292296404A56988AFDBD28BB2D33A24E00BD1D383E46E68C3EB80F8E3355D8064731009B0656C6059BF6A469AD8860B9C6A141A41EF223D5E35
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/19-14:46:56.767 1d6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/19-14:46:56.769 1d6c Recovering log #3.2024/04/19-14:46:56.770 1d6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240419124700Z-158.bmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                      Category:dropped
                      Size (bytes):71190
                      Entropy (8bit):1.0204070140004342
                      Encrypted:false
                      SSDEEP:96:4Mox4aKysSTa5lU6BOEFhbkMfQXsMwNyKxN6iMZMMGAMti4uZIRPMaCB1NNMMMkx:CF+M1RaCNjP
                      MD5:CC3F27BBD2F217A5482C3AB16C0A6D45
                      SHA1:CAC7C255B394A62494AF6050DF1CFCA7FBCC9213
                      SHA-256:5C66D4C170706011BAF382C1CAF8649A85D8738555149174F269C87195B2660E
                      SHA-512:357BF6F95A1AD99488CCDD372CA2ED38FFB4814CFD19797C675DB2E1B629B9DB5D976237F0600E2A4D1B59EB03E006919E1C30083AB586E59915110A576D3F27
                      Malicious:false
                      Reputation:low
                      Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                      Category:dropped
                      Size (bytes):86016
                      Entropy (8bit):4.445262760292521
                      Encrypted:false
                      SSDEEP:384:yezci5t0iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rjs3OazzU89UTTgUL
                      MD5:D5F88E760C37EE80D3AFFFB4B0A23FFB
                      SHA1:14AF068ADD25BE0D05ACE6E01094572FCF6DAF80
                      SHA-256:A9D84B9D74E617B88938FFE0AD476DEF68BA4341A0D47EF68FB857B5B8D2AF6C
                      SHA-512:A513F68864EA2A5EF1F648E0A86E1F75D223AB87D6065AD9B13AF024264A74EB5686478E0F0C31DB8FA2852CB223646AF5AF5B27C0A08716F162AD100A565672
                      Malicious:false
                      Reputation:low
                      Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):3.7768689740798567
                      Encrypted:false
                      SSDEEP:48:7MPp/E2ioyV4ioy9oWoy1Cwoy1AKOioy1noy1AYoy1Wioy1hioybioySoy1noy1r:7Mpju4FLXKQD0b9IVXEBodRBke
                      MD5:E0CCFBCB06B731C7B33BBEC229DC615C
                      SHA1:D7C61080EAFB993BE72AC94DBA45BBA7A71E00D0
                      SHA-256:A9CFFC36D1042373D88ACC9E951C14144B8AA58CBD7CE3FFC2CF8C795DC92CD6
                      SHA-512:BB2DCD2B7EA62DA59CD197893DA9558F36B17F85096F3E38997D24F0EBBF53E24D50F99BFEADA0BD0F77A198C5577D33EE756562004E64513D81FDC21C02B2DD
                      Malicious:false
                      Reputation:low
                      Preview:.... .c.......H................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5020

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):185099
                      Entropy (8bit):5.182478651346149
                      Encrypted:false
                      SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                      MD5:94185C5850C26B3C6FC24ABC385CDA58
                      SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                      SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                      SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                      Malicious:false
                      Reputation:moderate, very likely benign file
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):185099
                      Entropy (8bit):5.182478651346149
                      Encrypted:false
                      SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                      MD5:94185C5850C26B3C6FC24ABC385CDA58
                      SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                      SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                      SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                      Malicious:false
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):243196
                      Entropy (8bit):3.3450692389394283
                      Encrypted:false
                      SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
                      MD5:F5567C4FF4AB049B696D3BE0DD72A793
                      SHA1:EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
                      SHA-256:D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
                      SHA-512:E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
                      Malicious:false
                      Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):295
                      Entropy (8bit):5.3637017335375035
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJM3g98kUwPeUkwRe9:YvXKXCOgGAVEZc0voQtGMbLUkee9
                      MD5:25B46B689418B7B89D707BB28C149316
                      SHA1:2E85555A67C951E45B3D19EFB4E5A7E9714C186F
                      SHA-256:AAB9104FB9520BEB85ECD37B242A1C93BA1B87436517D11751240138599ACD31
                      SHA-512:BF84AD4202681F249558B8B061D27B11B8646F06FCFF149885353D0DC14436AF76110C7CA3A4F6F79DB290F6B329FB17C1745D6EB60913796491DBFA3DF6A98D
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"305ba542-4219-4e46-81a1-30ca4359b49f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713708751895,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.314829564647583
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJfBoTfXpnrPeUkwRe9:YvXKXCOgGAVEZc0voQtGWTfXcUkee9
                      MD5:A4A42B9C267915E085313C6F502653A9
                      SHA1:28E7C666C2CCC49E2DFDD2A80A5FA3E2BBE5DCED
                      SHA-256:6B54E26A5ACF351439F03C5CC459431C0201E45EC96CB55EA10597E6A69E0838
                      SHA-512:5875682A34078D734BF17ED5D36E023D24467A3C08C08FD56EE1FFC020E7D705F5A52BC00DC203AB27F4E6663ED3F41847AD2011AF562784E17706A9596DF61F
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"305ba542-4219-4e46-81a1-30ca4359b49f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713708751895,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.293535778874461
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJfBD2G6UpnrPeUkwRe9:YvXKXCOgGAVEZc0voQtGR22cUkee9
                      MD5:D2A3E15B2FF59878FEE91999B7CFCDE8
                      SHA1:702F449CCE58F2E5891FA229516A5BBCC8859D54
                      SHA-256:07F5BDDEA25A6A8738FC749A1BEF49D7325E40E95215A714BCFC3EA2CD765CCB
                      SHA-512:57A63A8A089EA0E51324047493A354B478AD7FB279955FB1EDD49054C9E0F7F3B94944A02FAAE9016973DFD297C59C8FE934CE8799A29C407A8D23019EF62A14
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"305ba542-4219-4e46-81a1-30ca4359b49f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713708751895,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):285
                      Entropy (8bit):5.350724111564954
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJfPmwrPeUkwRe9:YvXKXCOgGAVEZc0voQtGH56Ukee9
                      MD5:1992239AF6E672EAC51CD514F8371BF3
                      SHA1:33A113A9AA3C6B28DE53DD303DDE3BBA01CA096B
                      SHA-256:E87A34D33BA89BCE12A5FFD69BC1E528FF9049A3E70D8A11D7A1CD96221F8B3F
                      SHA-512:CFCD4421AAA693749D7703DF38B0A9A9E7D0F08FEBACEE8779C771E7548BB644AD7C23DB496C76F38D853FF1C17650E97E0CA93C9685FD2D02C010AD4467DBAB
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"305ba542-4219-4e46-81a1-30ca4359b49f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713708751895,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.31319460024452
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJfJWCtMdPeUkwRe9:YvXKXCOgGAVEZc0voQtGBS8Ukee9
                      MD5:E34ED9FB5524AC08F6399902EE44857C
                      SHA1:1BA116DBDE96D78D7DA5D6F8D90E267C1F8D6E1D
                      SHA-256:E0BC7B66545CCAC0B27727C9587686B69693528C3DB69BCAC358B1647F1502B4
                      SHA-512:E788D78FD5DD836FDC5B2F02C8C60259C1DAB8C079F869DB4C0E2FE018EF30821632A0E9A2796168C7966D018362F5EEC574F44CBC36BED3F964904375B9D152
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"305ba542-4219-4e46-81a1-30ca4359b49f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713708751895,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.300320406190072
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJf8dPeUkwRe9:YvXKXCOgGAVEZc0voQtGU8Ukee9
                      MD5:A50D96417F5ADE7F4C92F628C8E84829
                      SHA1:8FB06ABEA03FA11B2CD105298EBBE073D21966CC
                      SHA-256:F1DCAEDD1A18880A82D78FF8EDE48C2F020EC956B437964DB4B970F3D4F9860B
                      SHA-512:6383D87A5DC5612C00AD6A3DB6353E76A9252EEB35DE7DC4B18B81D5CE09A8A06638C67012252313477C8896B5E66B4EFF4B172BAA4460F4CA36EADB8511A4D3
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"305ba542-4219-4e46-81a1-30ca4359b49f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713708751895,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.304799348760742
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJfQ1rPeUkwRe9:YvXKXCOgGAVEZc0voQtGY16Ukee9
                      MD5:8FCFFDF8088F86058468D959CFC91C5F
                      SHA1:5DE189118A4256D4043917A28B857FAC8C042E2A
                      SHA-256:89217728B66237283E1381BBF5031649B1E0A4E82A6A5C09320F521BE86F5E3E
                      SHA-512:5C8668BB9B8AD970E01B1CE29BAB9A9E5AB06B304B2DB4C2D159CDE8B814CA2C2578CEB875F6E3D1811DDDF40925A59AA043DC4EE981771548F56C0142CBCB5A
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"305ba542-4219-4e46-81a1-30ca4359b49f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713708751895,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.31138996468281
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJfFldPeUkwRe9:YvXKXCOgGAVEZc0voQtGz8Ukee9
                      MD5:E122D338D864E1289B768FADC773B0D5
                      SHA1:139A80A1BD7A9042DBB639D715B949D52FE43099
                      SHA-256:75B6431EA3B7444B3F94380082BDBC1A9E43B20CB4162C895029F8F51DB07D1C
                      SHA-512:AFBC943F4001185D5A70974B2018A8936821D2D09FE47ACEEE3FDE92F733D8329DEFB7C7EA28115362D97B63F93D6B14F1AEF60EB09A70DE9229E704AC61B7BC
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"305ba542-4219-4e46-81a1-30ca4359b49f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713708751895,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1372
                      Entropy (8bit):5.7408999927679965
                      Encrypted:false
                      SSDEEP:24:Yv6XRgGkEzv3JKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNdXB:Yvyg4BEgigrNt0wSJn+ns8cvFJPx
                      MD5:3786DCA364C4F4F5E4657371E4EF9D6E
                      SHA1:939C9F15D27E27D2EFE37768C68A106EB39EC2E3
                      SHA-256:597B300F5FCB86798750A494B22667324A3875C853B5AD6A6624EE5824B1F6AB
                      SHA-512:7E8936755A4A0A7FB840CD2E4C6D04E3D203397B3A67F27DBD0280511E1F99553187CDD3DDAC46AB60D97CE47419D35749005706317F04D88FB3961053F16EB1
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"305ba542-4219-4e46-81a1-30ca4359b49f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713708751895,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.306404867351851
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJfYdPeUkwRe9:YvXKXCOgGAVEZc0voQtGg8Ukee9
                      MD5:8EF6A049AF5C4892557BB29841213848
                      SHA1:316203604F1E12E95D684D3FF94C3EB06A9344D9
                      SHA-256:DF40DF4D9C76437BA675EF3021AD71F83C408A3AD214051279136F60E0722E21
                      SHA-512:E497469F5AC049B475FAB038925BBC7EBE1E797E766388BBD79F7AE41263949D7BA655C05F067D3CDE54EA0DED17639B5111EB87C85F75EE1609C7619EF74ABF
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"305ba542-4219-4e46-81a1-30ca4359b49f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713708751895,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1395
                      Entropy (8bit):5.778054076774433
                      Encrypted:false
                      SSDEEP:24:Yv6XRgGkEzv3krLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNFXB:Yvyg4MHgDv3W2aYQfgB5OUupHrQ9FJTx
                      MD5:D53CEDE3FA8F1F07DC45ED2BEFB889DB
                      SHA1:AAB37DCC4C6E0589C853BECA4923D1D693E63720
                      SHA-256:5E8B311C3426FA1DB3965E838D373C2AA362D3E15FF5CA4BE7333144CB87F26B
                      SHA-512:F36BD6B3278EBBF74408EF595E0073FA24611FB25638EE8B63F5C13BEC36F4F550A9A94EA882882BFB4496D5E215FF873E45B33C779D792BF2351553B3A83143
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"305ba542-4219-4e46-81a1-30ca4359b49f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713708751895,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):291
                      Entropy (8bit):5.28990794531883
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJfbPtdPeUkwRe9:YvXKXCOgGAVEZc0voQtGDV8Ukee9
                      MD5:3453F51CBCE071586286BF4598A15404
                      SHA1:A795AABF7A09650814EC479BDF7EDB2C715A6FC8
                      SHA-256:A288E834478E970ADBAFC198E172A563D8A220BF36EA5821853A75D335B2816D
                      SHA-512:73FD8D92D1576341BC6025C76DAD944FF483F9357C2208BBAEF474DDDB366DB9161B423E0091F19F3D7477E4DC1E771D672E9D8D7448C1DEFE65FA5513BAFB12
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"305ba542-4219-4e46-81a1-30ca4359b49f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713708751895,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):287
                      Entropy (8bit):5.294943916470839
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJf21rPeUkwRe9:YvXKXCOgGAVEZc0voQtG+16Ukee9
                      MD5:FF6286A4211B630589688AFF83DBFF0E
                      SHA1:2F5EB9EC165561482BD56FE45CFC5CCF0C115BFA
                      SHA-256:CEEDC2008602781C71590D4F1EBBC678ABD6FE1E654A08D73BAD754E4B92D9D4
                      SHA-512:467AE65556DF9236C784B9269ECA39BA6FC1062E3BAAD77CA74E25C961FFB91C41EC548624C5023AB12FBD6339B873A6C8A6159089247D43443320345BD68BA7
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"305ba542-4219-4e46-81a1-30ca4359b49f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713708751895,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.312946178035778
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJfbpatdPeUkwRe9:YvXKXCOgGAVEZc0voQtGVat8Ukee9
                      MD5:F9B13D40D66DCF45F3651148D8EDF066
                      SHA1:44BB4BDF98A49C253743D23F2578F4CF43A96181
                      SHA-256:6706FA261349DE8E602F4A9A724A065D07DADD351EB143DBA269DD3DC2D83AFB
                      SHA-512:6C1109D9EA0E59E1EFD237A72BC5695CCF4CF80378FA5A35DE4DB47F30E93D977C6E4610E37A133DE96ED2B7ED9467BB56CFB779CE12B6755EF43D87E6B92F66
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"305ba542-4219-4e46-81a1-30ca4359b49f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713708751895,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):286
                      Entropy (8bit):5.272305334309106
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXCrIDgGAV9VoZcg1vRcR0YdQB8oAvJfshHHrPeUkwRe9:YvXKXCOgGAVEZc0voQtGUUUkee9
                      MD5:DFD2260837446CE28DA4FC0CAEDCECE1
                      SHA1:E082C10A6B74D651D86CE0F1075BEF2603F24E6D
                      SHA-256:6F7E4B5AAA402D4A1FA153539775192D51A2A00CA2D979FA3317A8506AA44305
                      SHA-512:B0C28AB93893BCCB696834676D52E95BE7B6DFA177DB2C522C0A097621316EAEA87E30EFBBD191AF8EC81D341908DADF22F4FD9FEFE6AB79C5D46687AEA9BB77
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"305ba542-4219-4e46-81a1-30ca4359b49f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713708751895,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):782
                      Entropy (8bit):5.372601428233747
                      Encrypted:false
                      SSDEEP:12:YvXKXCOgGAVEZc0voQtGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWxx:Yv6XRgGkEzv3Z168CgEXX5kcIfANhEXB
                      MD5:490C06405A211D0131F1F03F6438EA2B
                      SHA1:C0C324B5359AA3EEF2507655CABBEC18D49CCE94
                      SHA-256:0C012FB0AA5A99B413867B67BAB76B1E57626427EB106FA96B39815E18676B0F
                      SHA-512:1BEB8A6AF612A33B6E1C0AF28E46E431E5A3D939D9208BB1C41558B1199C17FE38128ED7857EC24E33C29A222F82B4D03AA424C03FA5D564E41016E13DECF104
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"305ba542-4219-4e46-81a1-30ca4359b49f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713708751895,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1713530821928}}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4
                      Entropy (8bit):0.8112781244591328
                      Encrypted:false
                      SSDEEP:3:e:e
                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                      Malicious:false
                      Preview:....

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2814
                      Entropy (8bit):5.137160628630873
                      Encrypted:false
                      SSDEEP:24:YY7FYZLTLgCDQw43Z44qTnaOKfayuOcfVA5j/Lcj0SXbQD2Ui2LSx4U+1E5yh9pI:YY7+1o24Jtils/C/uDifmE0h9vG
                      MD5:DF56EE38E4C276FEA8AF6A01670A599E
                      SHA1:AF7EA3CE7D72625025BB675B6A0D03D5FEA6A36C
                      SHA-256:7CD35987BB403FA9048E55BAD54ABECE0B0363808354DBC354D313416235FAEF
                      SHA-512:41C866E055701FBAAE2C9E40C3026FBF50EA05224971F1C97F75AF47BEEF01EE722515AEA263CC1E09DB3C0C4489FC71E6D39CBDFB04F3D0B3FA2C58DA250FDF
                      Malicious:false
                      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"eb84788c9dfbb06e9ea361b8bea89b12","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713530821000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"23c6ba5f243a2e03798f8403625da2f8","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713530820000},{"id":"Edit_InApp_Aug2020","info":{"dg":"e3fabaa4aae90b28fa92a5d1c66acc9b","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713530820000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"145a5ed7badacb2a6f919228e45e178d","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713530820000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"189d717d5475f3eb3fa7c254e6857bd3","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713530820000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"2d14bebf1ab24c1507d19939599fbd6a","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713530820000},

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                      Category:dropped
                      Size (bytes):12288
                      Entropy (8bit):1.1885803285701537
                      Encrypted:false
                      SSDEEP:48:TGufl2GL7msEHUUUUUUUUc2SvR9H9vxFGiDIAEkGVvpIw:lNVmswUUUUUUUUc2+FGSItcw
                      MD5:4FB217F88A08FC862708AF66AE978554
                      SHA1:3A47BF26EA1FDD9784A7B201B0BB47AB1DDE7157
                      SHA-256:B27B19EBC4F850251C948895D3610592F028F17C96C5C9CA5090A4E8C5ED299E
                      SHA-512:81A186CA7C1E3884D4037DD677BE9B9B708A6D8E4F6ED734AC7122067E15B05758E48538D946D3DF9FDA3F282EBDC086EA131BD0C30C6C1052D141A1D7E09CE9
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):1.606986736023211
                      Encrypted:false
                      SSDEEP:48:7Mt4KUUUUUUUUUUcUvR9H9vxFGiDIAEkGVviqFl2GL7msN:76fUUUUUUUUUUcEFGSItEKVmsN
                      MD5:CA0D2A5D0C79F07857A0C27B15A8C9B7
                      SHA1:F544A4FA02DC393BC164D8A9D6C7F73742744B83
                      SHA-256:10592D022CDEF90C37B57479CF81970CB7F996AFE41673D6D231E9DACB83308C
                      SHA-512:69D1B6220D088940A3868B744F7C3411F52155C425593AEA0F947A7B8126B7DD2A127747D8BB80B21973CEA6ABAD45703F9A832BB90F052836C40B9DC2139CD8
                      Malicious:false
                      Preview:.... .c...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\MSIc0de8.LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):246
                      Entropy (8bit):3.5197430193686525
                      Encrypted:false
                      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8m+aRMQf9:Qw946cPbiOxDlbYnuRKQO
                      MD5:B87891D20D5437096E35306B1A8DD226
                      SHA1:01E07F50057D75908360179963F73D1A185928D2
                      SHA-256:7592830EBB46E323F435636FA3AA8E282BFBD89018BCD1B60BEE3E4759C19DEC
                      SHA-512:554C7D48AE101B87163D1E58DF63268EC4BA5510C5684E89D2F140225A31588A335C4BBBF0EC52EF80B56ADA7FA0DC28E3164446049F76A87D93709B3306404A
                      Malicious:false
                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.9./.0.4./.2.0.2.4. . .1.4.:.4.7.:.0.5. .=.=.=.....

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-19 14-46-58-573.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393)
                      Category:dropped
                      Size (bytes):16525
                      Entropy (8bit):5.345946398610936
                      Encrypted:false
                      SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                      MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                      SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                      SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                      SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                      Malicious:false
                      Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393), with CRLF line terminators
                      Category:dropped
                      Size (bytes):16603
                      Entropy (8bit):5.382733414036173
                      Encrypted:false
                      SSDEEP:384:VIsFsspI11QSCcf2Im58WchpqpE4iqw8/BjNFDhsijmYzD2Oh/Fvgv2XFP8oDzbk:unD
                      MD5:99142807D1A8EDB6E26FB4923CD3133C
                      SHA1:0F8874E850DC8960AA290EAFA106B5FAC864654D
                      SHA-256:B7998E74E93968A6C7DD5735A61AE93D14BDECE0A711AA962D1C870A65B8F04D
                      SHA-512:DBDF59BEEE3E70595CD291E2AD4A93639D24F33137FBE24BFBA7E77725D18E937A5147BE3EB5898E9C870E7051988A7B9826013F911C12696F382BDF8BA827B7
                      Malicious:false
                      Preview:SessionID=2ac18331-ab2d-494b-bf54-cf045c222717.1713530818587 Timestamp=2024-04-19T14:46:58:587+0200 ThreadID=7244 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=2ac18331-ab2d-494b-bf54-cf045c222717.1713530818587 Timestamp=2024-04-19T14:46:58:588+0200 ThreadID=7244 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=2ac18331-ab2d-494b-bf54-cf045c222717.1713530818587 Timestamp=2024-04-19T14:46:58:588+0200 ThreadID=7244 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=2ac18331-ab2d-494b-bf54-cf045c222717.1713530818587 Timestamp=2024-04-19T14:46:58:588+0200 ThreadID=7244 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=2ac18331-ab2d-494b-bf54-cf045c222717.1713530818587 Timestamp=2024-04-19T14:46:58:588+0200 ThreadID=7244 Component=ngl-lib_NglAppLib Description="SetConf

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):29845
                      Entropy (8bit):5.3976632560035
                      Encrypted:false
                      SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r8:Y
                      MD5:B4D57665A2DDAA5DAD7483C4FF54F422
                      SHA1:121FB38B67AF23ED526D8058A6CF7F8303B9CEB9
                      SHA-256:D3577AC7E069380C8226336078BFC3770CD0B0E803ED009B9DD67610A72581C5
                      SHA-512:1FFDEF9A9B2C39A7458A147A2FA31982DB5445D65DEA296A809DD21DB651457EAD456D18113524715EA8FBF52A7060EDB392CF8D0B4D6B785C8B1569BBAE2289
                      Malicious:false
                      Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                      C:\Users\user\AppData\Local\Temp\acrocef_low\37397f9a-0659-4206-afe4-8ac966170490.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                      Category:dropped
                      Size (bytes):1419751
                      Entropy (8bit):7.976496077007677
                      Encrypted:false
                      SSDEEP:24576:/M7ouWLaGZjZwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLaGZjZwZGk3mlind9i4ufFXpAXkru
                      MD5:AE1E8A5D3E7B2198980A0CA16DE5F3D3
                      SHA1:A1DB2C58AFC81E6A114A8EB47BE0243956F79460
                      SHA-256:8C2E1B13F6658714D51737D6745FE065B87497923945AB3028706A4171C8328F
                      SHA-512:5B36CF0982C5AFED5CCEA4B30A0B31A2B5312FBF5438623D53153E076B59F1B4BEF8C08695EA74E086BCA4EF7221889DB977B5DCFF4C684BA0683FDDECDE2EC4
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      C:\Users\user\AppData\Local\Temp\acrocef_low\5f23a469-d330-4ceb-9ecc-4d919ee04572.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                      Category:dropped
                      Size (bytes):758601
                      Entropy (8bit):7.98639316555857
                      Encrypted:false
                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                      MD5:3A49135134665364308390AC398006F1
                      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                      Malicious:false
                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                      C:\Users\user\AppData\Local\Temp\acrocef_low\6d0fce63-8578-4a81-84f0-d8d523092238.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                      Category:dropped
                      Size (bytes):1407294
                      Entropy (8bit):7.97605879016224
                      Encrypted:false
                      SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                      MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                      SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                      SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                      SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      C:\Users\user\AppData\Local\Temp\acrocef_low\8ab33bf7-465f-4b91-91e1-47c18cec79fb.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                      Category:dropped
                      Size (bytes):386528
                      Entropy (8bit):7.9736851559892425
                      Encrypted:false
                      SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                      MD5:5C48B0AD2FEF800949466AE872E1F1E2
                      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                      Malicious:false
                      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                      Static File Info

                      General

                      File type:PDF document, version 1.3, 1 pages
                      Entropy (8bit):5.972611247764149
                      TrID:
                      • Adobe Portable Document Format (5005/1) 100.00%
                      File name:Purchase Order 150184.PDF
                      File size:11'792 bytes
                      MD5:2c1a5340c52c01aa8171271222241992
                      SHA1:8abcc360efb61fff9c10bb2df3d64fd19cda56da
                      SHA256:4c6f8c145799f0b4d1a0d0c7d4130f613da3c664f46cb4f7246a0eaab9c553d1
                      SHA512:13acdc1962689c07f987267b460f68c842a4ea0ea00d125b3db9a6874537dc27554a90f45e457c16d708399cc39b314993785f39f1e376e2007f787d2eedaabd
                      SSDEEP:192:eHIwiFQuHdYbKFedPFLLuSikpmljDTGaU3lQFa5Tol0LC3e0:ntFQ+dYbKFeFFvuSikpmZDTGawOcTol9
                      TLSH:4532651C2EA6DE9DD90B5FF89B14B241E77D72603B9495C13E2CA322F714F02E95B805
                      File Content Preview:%PDF-1.3..%......%RSTXPDF3 Parameters: DRSXh..2 0 obj..<<../Type /XObject../Subtype /Image../Filter 3 0 R../Length 4 0 R../Name /00002../Width 752../Height 389../BitsPerComponent 1../ImageMask true..>>..stream..x..Z.........%..A....O..e.!..k...fw....\{...

                      File Icon

                      Icon Hash:62cc8caeb29e8ae0

                      Static PDF Info

                      General

                      Header:%PDF-1.3
                      Total Entropy:5.972611
                      Total Bytes:11792
                      Stream Entropy:6.368871
                      Stream Bytes:7060
                      Entropy outside Streams:4.701745
                      Bytes outside Streams:4732
                      Number of EOF found:1
                      Bytes after EOF:

                      Keywords Statistics

                      NameCount
                      obj14
                      endobj14
                      stream2
                      endstream2
                      xref1
                      trailer1
                      startxref1
                      /Page1
                      /Encrypt0
                      /ObjStm0
                      /URI0
                      /JS0
                      /JavaScript0
                      /AA0
                      /OpenAction0
                      /AcroForm0
                      /JBIG2Decode0
                      /RichMedia0
                      /Launch0
                      /EmbeddedFile0

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Apr 19, 2024 14:47:09.409653902 CEST49740443192.168.2.4184.25.164.138
                      Apr 19, 2024 14:47:09.409683943 CEST44349740184.25.164.138192.168.2.4
                      Apr 19, 2024 14:47:09.409778118 CEST49740443192.168.2.4184.25.164.138
                      Apr 19, 2024 14:47:09.409938097 CEST49740443192.168.2.4184.25.164.138
                      Apr 19, 2024 14:47:09.409953117 CEST44349740184.25.164.138192.168.2.4
                      Apr 19, 2024 14:47:09.726594925 CEST44349740184.25.164.138192.168.2.4
                      Apr 19, 2024 14:47:09.726957083 CEST49740443192.168.2.4184.25.164.138
                      Apr 19, 2024 14:47:09.726986885 CEST44349740184.25.164.138192.168.2.4
                      Apr 19, 2024 14:47:09.728023052 CEST44349740184.25.164.138192.168.2.4
                      Apr 19, 2024 14:47:09.728091002 CEST49740443192.168.2.4184.25.164.138
                      Apr 19, 2024 14:47:09.730632067 CEST49740443192.168.2.4184.25.164.138
                      Apr 19, 2024 14:47:09.730691910 CEST44349740184.25.164.138192.168.2.4
                      Apr 19, 2024 14:47:09.731015921 CEST49740443192.168.2.4184.25.164.138
                      Apr 19, 2024 14:47:09.731023073 CEST44349740184.25.164.138192.168.2.4
                      Apr 19, 2024 14:47:09.784178019 CEST49740443192.168.2.4184.25.164.138
                      Apr 19, 2024 14:47:09.836076975 CEST44349740184.25.164.138192.168.2.4
                      Apr 19, 2024 14:47:09.836169004 CEST44349740184.25.164.138192.168.2.4
                      Apr 19, 2024 14:47:09.836802006 CEST49740443192.168.2.4184.25.164.138
                      Apr 19, 2024 14:47:09.836858034 CEST49740443192.168.2.4184.25.164.138
                      Apr 19, 2024 14:47:09.836874962 CEST44349740184.25.164.138192.168.2.4
                      Apr 19, 2024 14:47:09.836884022 CEST49740443192.168.2.4184.25.164.138
                      Apr 19, 2024 14:47:09.836930037 CEST49740443192.168.2.4184.25.164.138

                      HTTP Request Dependency Graph

                      • armmf.adobe.com

                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.449740184.25.164.1384437448C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      TimestampBytes transferredDirectionData
                      2024-04-19 12:47:09 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                      Host: armmf.adobe.com
                      Connection: keep-alive
                      Accept-Language: en-US,en;q=0.9
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                      Sec-Fetch-Site: same-origin
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      Accept-Encoding: gzip, deflate, br
                      If-None-Match: "78-5faa31cce96da"
                      If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                      2024-04-19 12:47:09 UTC198INHTTP/1.1 304 Not Modified
                      Content-Type: text/plain; charset=UTF-8
                      Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                      ETag: "78-5faa31cce96da"
                      Date: Fri, 19 Apr 2024 12:47:09 GMT
                      Connection: close


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:14:46:55
                      Start date:19/04/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Purchase Order 150184.PDF"
                      Imagebase:0x7ff6bc1b0000
                      File size:5'641'176 bytes
                      MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:true

                      General

                      Target ID:1
                      Start time:14:46:56
                      Start date:19/04/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                      Imagebase:0x7ff74bb60000
                      File size:3'581'912 bytes
                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:true

                      General

                      Target ID:3
                      Start time:14:46:56
                      Start date:19/04/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1632,i,14395213634663841905,6941489701800868828,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                      Imagebase:0x7ff74bb60000
                      File size:3'581'912 bytes
                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:true

                      Disassembly

                      No disassembly