Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LT1 (3)_page-0001_compressed.pdf

Overview

General Information

Sample name:LT1 (3)_page-0001_compressed.pdf
Analysis ID:1430167
MD5:c580eb3f77967275e11de3960c9ab081
SHA1:5b07ebd2783cc82538a5a0074e96aaff6136cb70
SHA256:0541bda1fa931996498e21f8026e0fd373f6f1a0378bdec63c2e8c18e61fb28a
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 3132 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\LT1 (3)_page-0001_compressed.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 1336 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 2532 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1720,i,5408455416841799603,14446527396471553952,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 104.77.220.172:443 -> 192.168.2.6:49722
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 104.77.220.172:443 -> 192.168.2.6:49722
Source: global trafficTCP traffic: 104.77.220.172:443 -> 192.168.2.6:49722
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 104.77.220.172:443 -> 192.168.2.6:49722
Source: global trafficTCP traffic: 104.77.220.172:443 -> 192.168.2.6:49722
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 104.77.220.172:443 -> 192.168.2.6:49722
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 104.77.220.172:443 -> 192.168.2.6:49722
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 104.77.220.172:443 -> 192.168.2.6:49722
Source: global trafficTCP traffic: 104.77.220.172:443 -> 192.168.2.6:49722
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 104.77.220.172:443 -> 192.168.2.6:49722
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.6:49722 -> 104.77.220.172:443
Source: Joe Sandbox ViewIP Address: 104.77.220.172 104.77.220.172
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: classification engineClassification label: clean2.winPDF@14/43@0/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5844Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-23 08-38-15-859.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\LT1 (3)_page-0001_compressed.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1720,i,5408455416841799603,14446527396471553952,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1720,i,5408455416841799603,14446527396471553952,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: LT1 (3)_page-0001_compressed.pdfInitial sample: PDF keyword /JS count = 0
Source: LT1 (3)_page-0001_compressed.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: LT1 (3)_page-0001_compressed.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive12
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1430167 Sample: LT1 (3)_page-0001_compressed.pdf Startdate: 23/04/2024 Architecture: WINDOWS Score: 2 6 Acrobat.exe 18 70 2->6         started        process3 8 AcroCEF.exe 104 6->8         started        process4 10 AcroCEF.exe 2 8->10         started        dnsIp5 13 104.77.220.172, 443, 49722 AKAMAI-ASUS United States 10->13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
104.77.220.172
unknownUnited States
16625AKAMAI-ASUSfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1430167
Start date and time:2024-04-23 08:37:25 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 2s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:11
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:LT1 (3)_page-0001_compressed.pdf
Detection:CLEAN
Classification:clean2.winPDF@14/43@0/1
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 23.51.56.185, 52.5.13.197, 52.202.204.11, 23.22.254.206, 54.227.187.23, 162.159.61.3, 172.64.41.3, 104.117.182.145, 104.117.182.155
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, client.wns.windows.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
104.77.220.172https://www.grosfichiers.com/qfurMCm3fddGet hashmaliciousUnknownBrowse
    #U75c5#U6bd2#U67e5#U6740#U5de5#U5177.exeGet hashmaliciousUnknownBrowse
      Document PPS 430092.docxGet hashmaliciousUnknownBrowse
        Comprobante.xlaGet hashmaliciousUnknownBrowse
          DHLR000698175.docxGet hashmaliciousUnknownBrowse
            Payment advice.xlsGet hashmaliciousUnknownBrowse

              Domains

              No context

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              AKAMAI-ASUSGam.xlsGet hashmaliciousUnknownBrowse
              • 23.46.224.162
              file.exeGet hashmaliciousVidarBrowse
              • 23.61.62.148
              pGTQLD9ukH.elfGet hashmaliciousMiraiBrowse
              • 96.25.164.172
              https://www.wsj.pm/download.phpGet hashmaliciousNetSupport RATBrowse
              • 23.54.46.90
              RFQ235.htmlGet hashmaliciousHTMLPhisherBrowse
              • 104.84.231.217
              caA474oBY2.elfGet hashmaliciousMiraiBrowse
              • 23.219.94.238
              wsskM49eA3.elfGet hashmaliciousUnknownBrowse
              • 2.18.165.112
              dI3tFWyJ6d.elfGet hashmaliciousMiraiBrowse
              • 23.3.198.116
              file.exeGet hashmaliciousVidarBrowse
              • 184.30.122.179
              SamFw Tool 4.exeGet hashmaliciousVidarBrowse
              • 23.4.32.216

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):295
              Entropy (8bit):5.130575217998601
              Encrypted:false
              SSDEEP:6:uNEN+q2PN72nKuAl9OmbnIFUt8jKXWZmw+jKiVkwON72nKuAl9OmbjLJ:tN+vVaHAahFUt8+m/++iV5OaHAaSJ
              MD5:3486B035D7D66D4EE019B2B76B9D60C2
              SHA1:198D818FF3744B50BBAD9B1C7CA7D1700B23860F
              SHA-256:D5606AFCC90AB9909478F05559A773390AF27ECD9995843A131A680C38ED509A
              SHA-512:07D915201BB86E6DD514B0FC29B51A98D9DE35E6F1E97EC309DC74B08614121B80E3D141717BF8EF650AD0B534C958504BA8C78FDA30C140E0279BCB45CA54EE
              Malicious:false
              Reputation:low
              Preview:2024/04/23-08:38:13.600 b0c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/23-08:38:13.603 b0c Recovering log #3.2024/04/23-08:38:13.603 b0c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):295
              Entropy (8bit):5.130575217998601
              Encrypted:false
              SSDEEP:6:uNEN+q2PN72nKuAl9OmbnIFUt8jKXWZmw+jKiVkwON72nKuAl9OmbjLJ:tN+vVaHAahFUt8+m/++iV5OaHAaSJ
              MD5:3486B035D7D66D4EE019B2B76B9D60C2
              SHA1:198D818FF3744B50BBAD9B1C7CA7D1700B23860F
              SHA-256:D5606AFCC90AB9909478F05559A773390AF27ECD9995843A131A680C38ED509A
              SHA-512:07D915201BB86E6DD514B0FC29B51A98D9DE35E6F1E97EC309DC74B08614121B80E3D141717BF8EF650AD0B534C958504BA8C78FDA30C140E0279BCB45CA54EE
              Malicious:false
              Reputation:low
              Preview:2024/04/23-08:38:13.600 b0c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/23-08:38:13.603 b0c Recovering log #3.2024/04/23-08:38:13.603 b0c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):342
              Entropy (8bit):5.171078676241128
              Encrypted:false
              SSDEEP:6:OB/FIq2PN72nKuAl9Ombzo2jMGIFUt81dZZmw+1SFDkwON72nKuAl9Ombzo2jMmd:lvVaHAa8uFUt8d/+YR5OaHAa8RJ
              MD5:ABF79B9FCBEB96AF5A5D57F4FF7AEC08
              SHA1:A5ACD57311D4718544AB037063B798C598659C22
              SHA-256:A097898382303B80A888A65B081195398092976E06254711CCDAD0FFD4A1BBF2
              SHA-512:A7C8D79150D736CD329061FEFD60CB450574BF46F4D22F08E1B143ACAA4078658306840860B1921E5F79F5CDF14911CDD29693635B15D989EDAB2750444B1E6D
              Malicious:false
              Reputation:low
              Preview:2024/04/23-08:38:13.734 1900 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/23-08:38:13.736 1900 Recovering log #3.2024/04/23-08:38:13.737 1900 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):342
              Entropy (8bit):5.171078676241128
              Encrypted:false
              SSDEEP:6:OB/FIq2PN72nKuAl9Ombzo2jMGIFUt81dZZmw+1SFDkwON72nKuAl9Ombzo2jMmd:lvVaHAa8uFUt8d/+YR5OaHAa8RJ
              MD5:ABF79B9FCBEB96AF5A5D57F4FF7AEC08
              SHA1:A5ACD57311D4718544AB037063B798C598659C22
              SHA-256:A097898382303B80A888A65B081195398092976E06254711CCDAD0FFD4A1BBF2
              SHA-512:A7C8D79150D736CD329061FEFD60CB450574BF46F4D22F08E1B143ACAA4078658306840860B1921E5F79F5CDF14911CDD29693635B15D989EDAB2750444B1E6D
              Malicious:false
              Reputation:low
              Preview:2024/04/23-08:38:13.734 1900 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/23-08:38:13.736 1900 Recovering log #3.2024/04/23-08:38:13.737 1900 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\6e63828c-037d-48e4-855a-ea684ca76e13.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:JSON data
              Category:modified
              Size (bytes):474
              Entropy (8bit):4.966429420996877
              Encrypted:false
              SSDEEP:12:YH/um3RA8sqZaDsBdOg2HlYicaq3QYiubcP7E4T3y:Y2sRdsodMHlYt3QYhbA7nby
              MD5:68CA0FB737F78A1B6AB649F6C128E5CF
              SHA1:FB224E7948EA9B277547A17B5660E6887741E5E6
              SHA-256:6E63975C892F69D520AA2FBFCF967706441E9B26C9856B1A9416563439C71BBA
              SHA-512:F67F13E1641E2ADEA6335547C16F669848DED35CA409047CE3F013F8E5AB5B413FA40F6B62DA6FB275EE0896812990B77BBDCEBA0A46AF2EDC89E779E57A0744
              Malicious:false
              Reputation:low
              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358414305322783","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":89617},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):474
              Entropy (8bit):4.966429420996877
              Encrypted:false
              SSDEEP:12:YH/um3RA8sqZaDsBdOg2HlYicaq3QYiubcP7E4T3y:Y2sRdsodMHlYt3QYhbA7nby
              MD5:68CA0FB737F78A1B6AB649F6C128E5CF
              SHA1:FB224E7948EA9B277547A17B5660E6887741E5E6
              SHA-256:6E63975C892F69D520AA2FBFCF967706441E9B26C9856B1A9416563439C71BBA
              SHA-512:F67F13E1641E2ADEA6335547C16F669848DED35CA409047CE3F013F8E5AB5B413FA40F6B62DA6FB275EE0896812990B77BBDCEBA0A46AF2EDC89E779E57A0744
              Malicious:false
              Reputation:low
              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358414305322783","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":89617},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:data
              Category:dropped
              Size (bytes):5859
              Entropy (8bit):5.252836757204705
              Encrypted:false
              SSDEEP:96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7EevQO:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhp
              MD5:26D0B1678C548A78531F97E503374F6E
              SHA1:AB1448C569F16373716B41F5ACA2FBB5CCE002B6
              SHA-256:CBEEAEDFFF5A776E7CEA0E1667D9D2C76372285B92C5DC779BE1ED5521D814ED
              SHA-512:0B44563BE80462142ECF47A9BF60C2E25ED9D443C627C5CB40E4703BBD04C5A3E3EA34C79B9B1D1345D8C8A61D4D5B36A73E3DC950DC8813B15571743001BF83
              Malicious:false
              Reputation:low
              Preview:*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):330
              Entropy (8bit):5.170930421471773
              Encrypted:false
              SSDEEP:6:glTmq2PN72nKuAl9OmbzNMxIFUt8tgZZmw+tjRkwON72nKuAl9OmbzNMFLJ:gNmvVaHAa8jFUt8tM/+tjR5OaHAa84J
              MD5:05D6CE7529C6BDD859AC46005F7AC7A6
              SHA1:E00127504A2F0FAEC58DC10A6F0D622E14D764ED
              SHA-256:F03BE493FDEB9F34237403CBC9E0889D17CEA3E6E456255871D243ED4C711518
              SHA-512:8D571B401FA6D4C5E48F8520828955C773ADA1D6DA6FD21560C0D332A0D6D294B2D9FE7081F881E75BDCDE82CBC54A44427ED109DCF73F222B6C1D54BB92DDF8
              Malicious:false
              Reputation:low
              Preview:2024/04/23-08:38:13.873 1900 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/23-08:38:13.874 1900 Recovering log #3.2024/04/23-08:38:13.875 1900 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):330
              Entropy (8bit):5.170930421471773
              Encrypted:false
              SSDEEP:6:glTmq2PN72nKuAl9OmbzNMxIFUt8tgZZmw+tjRkwON72nKuAl9OmbzNMFLJ:gNmvVaHAa8jFUt8tM/+tjR5OaHAa84J
              MD5:05D6CE7529C6BDD859AC46005F7AC7A6
              SHA1:E00127504A2F0FAEC58DC10A6F0D622E14D764ED
              SHA-256:F03BE493FDEB9F34237403CBC9E0889D17CEA3E6E456255871D243ED4C711518
              SHA-512:8D571B401FA6D4C5E48F8520828955C773ADA1D6DA6FD21560C0D332A0D6D294B2D9FE7081F881E75BDCDE82CBC54A44427ED109DCF73F222B6C1D54BB92DDF8
              Malicious:false
              Reputation:low
              Preview:2024/04/23-08:38:13.873 1900 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/23-08:38:13.874 1900 Recovering log #3.2024/04/23-08:38:13.875 1900 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240423063817Z-159.bmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
              Category:dropped
              Size (bytes):65110
              Entropy (8bit):3.5519429115436467
              Encrypted:false
              SSDEEP:768:KM/725DOB6Ct946yh0FHEQ3Myx3DZ9jIaK9GZbM9t/UA:KSYD+Tt94bh0FHEQ3MW3DTkaEWM9NUA
              MD5:F7547D36CC2B98FD55557771D5356162
              SHA1:B93B628B36ADA61334F03DAF051526A351D3E5CB
              SHA-256:13228E29364C9DC2725E97256FACF700E003235812F5776158BE09830E6F1E64
              SHA-512:F7E9ED66393EFE617165B456EEA004B5D56EBF95DCFB6A6DC32AA389DE7C0F06FA2CC909EE62806FEF81B8230271480FEE8EB851299DB8D30679A0304280C667
              Malicious:false
              Reputation:low
              Preview:BMV.......6...(...k...h..... ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................o@).q@).q@).q@).q?).................@;..'#..(#..(#..FE......................................................................................................................................................................................QQQ.ccc.FFF.....III.........777.........TTT.................OH........................

              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
              Category:dropped
              Size (bytes):86016
              Entropy (8bit):4.445198798673261
              Encrypted:false
              SSDEEP:384:ye6ci5tBiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mSs3OazzU89UTTgUL
              MD5:634FE2DE2533B26D29E4680265A6E343
              SHA1:7FC084189D5EBCBA2B0B616019C72ABB174C9BF5
              SHA-256:9477FBAD2722907837AC7777AEEE7E722F0169DF62D8401B5BF9F6FC3D7228D4
              SHA-512:0F27048C95E3006D23869E64242EE1215557AC215D584B8E15C1E02AF702A76B85DD210845BE6B9E57037AEA273DE814BD47F8BEA7D59F3B3289CC7935D288E0
              Malicious:false
              Reputation:low
              Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):8720
              Entropy (8bit):3.7693039620231183
              Encrypted:false
              SSDEEP:48:7MkJioyVxioydoy1C7oy16oy1vKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1OD:7rJuxX6XjBiRRb9IVXEBodRBkM
              MD5:80C8207B7CC30D7A26A08483ED7BDF10
              SHA1:A7378A7A14405FA7DAF0DEF904750C359B9BE403
              SHA-256:C1413D22DD6BA760FEBC24759DD5394883EA913230F36247C5035E5427810951
              SHA-512:781337ED07BA97AE8B51895D9384CDCB7DD284E25FD979D7A7EE2CBD0F13ADCF16D1D6A70ADE9362468ADB5F24EC894334BEE59BC30DEB2668ECA0EA307ACA78
              Malicious:false
              Reputation:low
              Preview:.... .c.....~.N................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5844

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:PostScript document text
              Category:dropped
              Size (bytes):185099
              Entropy (8bit):5.182478651346149
              Encrypted:false
              SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
              MD5:94185C5850C26B3C6FC24ABC385CDA58
              SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
              SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
              SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
              Malicious:false
              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:PostScript document text
              Category:dropped
              Size (bytes):185099
              Entropy (8bit):5.182478651346149
              Encrypted:false
              SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
              MD5:94185C5850C26B3C6FC24ABC385CDA58
              SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
              SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
              SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
              Malicious:false
              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:data
              Category:dropped
              Size (bytes):227002
              Entropy (8bit):3.392780893644728
              Encrypted:false
              SSDEEP:1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn
              MD5:265E3E1166312A864FB63291EA661C6A
              SHA1:80DFF3187FF929596EB22E1DB9021BAD6F97178C
              SHA-256:C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728
              SHA-512:48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA
              Malicious:false
              Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):295
              Entropy (8bit):5.361435181172357
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJM3g98kUwPeUkwRe9:YvXKX4Q46icCRn1ZGMbLUkee9
              MD5:FEAF07A31560C0C4A38219FC68F1E70A
              SHA1:81C3BF957CBE816526D48C6D4CCC17B0F4760D69
              SHA-256:4141713F553738030067DFD9297A201A100B484812A529897001707E7874436F
              SHA-512:86E6592120EFD786240797928FD581090B891EC7A2665EE2D65829DAEF71D7CDAA4B1A9E22495982EFC515683F103667F5D33042F2BF66EB8CB3D4B051491925
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"5beb3b57-e4ba-41a8-9d7b-2d94b0bb3d45","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714033864297,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):294
              Entropy (8bit):5.316424193857392
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJfBoTfXpnrPeUkwRe9:YvXKX4Q46icCRn1ZGWTfXcUkee9
              MD5:46A26AC9B30B0D49FE0581A28C1306BF
              SHA1:D5098468AC1987EE3BCEE8E17AC677A983610712
              SHA-256:756C412055AF7FAA04EEA65CCBDA6780D7088FE04D0E8D25C4DDFE60C83742AC
              SHA-512:65072F9F00DC3E88B572F35B9DDFF8E738F4C7D83B39E17795B0D8492A71FCEFC0A4721547BD283839228717648660EB1C13302A575F382979978216878FD893
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"5beb3b57-e4ba-41a8-9d7b-2d94b0bb3d45","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714033864297,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):294
              Entropy (8bit):5.295910762994794
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJfBD2G6UpnrPeUkwRe9:YvXKX4Q46icCRn1ZGR22cUkee9
              MD5:9920906709065761C0B2ACDC6CBBC1D0
              SHA1:18EF259C86B42F9A52128607D0FFAB4FFAA3800D
              SHA-256:CE7750E9A03F545A7F453EF9DF2078146317A634F22801416412C9E3F71D4417
              SHA-512:3E1F8D5099E54E2A0B4AA6669463063502FF8493A71F924967DDF8528D2B9886F7BF25E216C5D17E6AE6F66AE04AB889940273843EA5E1D64BD3C607E40F4475
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"5beb3b57-e4ba-41a8-9d7b-2d94b0bb3d45","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714033864297,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):285
              Entropy (8bit):5.341390100515422
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJfPmwrPeUkwRe9:YvXKX4Q46icCRn1ZGH56Ukee9
              MD5:4265B937F3104E6F227816E57D0BE082
              SHA1:E5153521039E62E00EB1CDF8F7A5440C0DD3BC3C
              SHA-256:CB7CFCDA9B72EDC8E70EB588C8AE4919D4BAC23647CC63521034FFB0F6E3261C
              SHA-512:65E99F371F5CF817700628A45B093531C9220F98D2CC15E1EEDD4B718F6A848B63495094227A7BF07F664C470184FF9F40AA4118A07857A956BEA6BE2255BB0B
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"5beb3b57-e4ba-41a8-9d7b-2d94b0bb3d45","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714033864297,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):292
              Entropy (8bit):5.305017834618134
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJfJWCtMdPeUkwRe9:YvXKX4Q46icCRn1ZGBS8Ukee9
              MD5:3217E8A42A3384DB4AA9B2DD89C3B057
              SHA1:4B100FC482B49DB888DB62A261557AD91CA45D8F
              SHA-256:C95CA670B93DF99257C0871DE1E271007CFBEE5C07C17D6F95D5A45DCD19051A
              SHA-512:A7696493B3FD52597BEC319739BE65E074754418E7D01430E0FE1767CD5C419851B5BE02DD9C90639CA460247FEF54509088B9E5542362C5CDE468FF2FE0178F
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"5beb3b57-e4ba-41a8-9d7b-2d94b0bb3d45","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714033864297,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):289
              Entropy (8bit):5.2904655979428785
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJf8dPeUkwRe9:YvXKX4Q46icCRn1ZGU8Ukee9
              MD5:65E95AC231C5332B3095843A22875D6F
              SHA1:7D54132A64C7A700FCEDEB2B2D8AA44F1C058E1B
              SHA-256:77EBBBE1D063173B4537AFEFC65D4D9DEBFE1AE4F5B513E5E4A449D4A698B8EE
              SHA-512:2DB090D9F3905DF86A961898AB4AF2128F9C8DCC20FA90343D7259668C5E850E565758FDC4E061CE7E016C4B1F3EF5B5F72300C72A8940ED09A292B0E03FADE4
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"5beb3b57-e4ba-41a8-9d7b-2d94b0bb3d45","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714033864297,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):292
              Entropy (8bit):5.293215806271226
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJfQ1rPeUkwRe9:YvXKX4Q46icCRn1ZGY16Ukee9
              MD5:23BF521B4AD7C0AF77C44AAE6B55FAEF
              SHA1:5E9AF5CF0B2D4B00CD9291ACDA41D029751273AD
              SHA-256:E70850E3B8A611D1989D9AA3547477AC41A04C2D4DDE2A56C0ADCA8818B07642
              SHA-512:014C7FBDAB1CA20FEC21475BCD96A9A9520017009E2981FE9046071F7DDCED60B691C1F1F4A730A45AB0BE1972CD33634F5FCDA173F006934BE691351CA53680
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"5beb3b57-e4ba-41a8-9d7b-2d94b0bb3d45","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714033864297,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):289
              Entropy (8bit):5.2990583831316185
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJfFldPeUkwRe9:YvXKX4Q46icCRn1ZGz8Ukee9
              MD5:A403827EA73DF48130D56B46973A0164
              SHA1:1BC56A3D9F22701695B9BA275CF9402BDE8B32F0
              SHA-256:28647D09C948BCAE407F376DCAB77B4395D2B2B22603CBE4C01A9E6B83969086
              SHA-512:4E129AADCD703FED2CE51B26F673E68927D0CD3E95C1A53871A69511284E2CA3AE530FB3F96828A8235821E6649D92F13D8243DFF91F65C12885397CDCB99D59
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"5beb3b57-e4ba-41a8-9d7b-2d94b0bb3d45","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714033864297,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):1372
              Entropy (8bit):5.735727124286212
              Encrypted:false
              SSDEEP:24:Yv6X4IX8n1FKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNf:Yv1IMn1FEgigrNt0wSJn+ns8cvFJZ
              MD5:30837B3DCA6AB68314151D7656F73FD9
              SHA1:61458E4D5EF61C62FA7CEE0F4BB43F80927042E5
              SHA-256:AFFDF9DA5C37258AFB8CCC78DCFFE9114772C80544B39B3E87E49E212FF7F826
              SHA-512:6F718398B18E1B645D01592FA40C136A967135FC2806E2579448FE513292331D9D073FA6B0CD048D694BF750AFA00E7CA78710746CD14B00121E14494502515B
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"5beb3b57-e4ba-41a8-9d7b-2d94b0bb3d45","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714033864297,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):289
              Entropy (8bit):5.296881879325884
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJfYdPeUkwRe9:YvXKX4Q46icCRn1ZGg8Ukee9
              MD5:E37B826547DCF2E5CB5CE11322B0CFE1
              SHA1:50AC449173D01F7D1BFE9A4FAAE57C5DAF44F74B
              SHA-256:ECE819F528CD20D2BEB990F62011117B651E30634F5FE625C5E3B28DBD32F5BB
              SHA-512:82F910B835F95CD701FC000FB01536875687914B07D007E7033ED60FC7AFC8998D13345B283EE72196B0F8ABE21C68D93BC2DB02D1FB34550F92DF3C046F40BB
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"5beb3b57-e4ba-41a8-9d7b-2d94b0bb3d45","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714033864297,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):1395
              Entropy (8bit):5.772753398316456
              Encrypted:false
              SSDEEP:24:Yv6X4IX8n14rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNG:Yv1IMn14HgDv3W2aYQfgB5OUupHrQ9Fu
              MD5:6349E2F639119CA3A6122143B130BDB0
              SHA1:984ACF50DA54F10C2E43805E6BE466FF42B1E638
              SHA-256:D6AFB7BB451EDD7651D707509F1FF6BF4572B0B442D5189EC57D0A45452EDFB4
              SHA-512:D0460C043E9CEA6C45D98DEC1A1F18391EF5D55215913DA0A9AFAEDFD6AFA732E647BD8C5A729886538CD3A22282E9527C054A957A0917BBF2E9AAE6FDC36A63
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"5beb3b57-e4ba-41a8-9d7b-2d94b0bb3d45","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714033864297,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):291
              Entropy (8bit):5.280450407382387
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJfbPtdPeUkwRe9:YvXKX4Q46icCRn1ZGDV8Ukee9
              MD5:2FD558715AACCF96F1A6AF07A6F63647
              SHA1:A5924BD7196146B51EFD29723FA7CF22F1A6BE77
              SHA-256:F93BEFE25309EC7B489CAA41E4CD7ACB1588E089EFCED2DFECEDA04EEABF63A2
              SHA-512:9CB8FFD3072F12DE2DE8711D917435AB2CACC65E002109658E95661E49F35B4E1263B16DEAF9B2EAFE8A07BE66C4FF01EE09E8A6FE1F6A6C96F689D07DC4B162
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"5beb3b57-e4ba-41a8-9d7b-2d94b0bb3d45","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714033864297,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):287
              Entropy (8bit):5.283788568249392
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJf21rPeUkwRe9:YvXKX4Q46icCRn1ZG+16Ukee9
              MD5:B86004ED2AEC2A72E429CBE73329F266
              SHA1:DFE6DAD700A3BF4FDB98D79B9191DE19EB9BF12C
              SHA-256:71CE0A53441918EF349F20E22F90E804E9458C9AB7890CFD8932858DD03E2CD0
              SHA-512:DB7A19F80C0A952A79A33E4ECFF0B4E1AB6CC6E614891CCC300C72F9245391AF6C8BE847F077BF71F32A7CECF7EE59F2F878D1C848E8C63ACC48FB7A32D52933
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"5beb3b57-e4ba-41a8-9d7b-2d94b0bb3d45","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714033864297,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):289
              Entropy (8bit):5.303717008084032
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJfbpatdPeUkwRe9:YvXKX4Q46icCRn1ZGVat8Ukee9
              MD5:72746BFCC9185CECE74456340B004EF3
              SHA1:6288DD8EFFD2B74F9C05FB9C1F7FB5673EE757BC
              SHA-256:54766C2A056A31F82CE0311D32A9C780148C3B28C2E70129AF359D0088F65763
              SHA-512:07B41152EA2D930C70AA9FEBCA20DB49D2E514C7B49ED3BA95DD3BD021271627D1F0EFE92880E4F4F3F732ECDB3F98470A99FE84EB4917720327DF3F07A606BD
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"5beb3b57-e4ba-41a8-9d7b-2d94b0bb3d45","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714033864297,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):286
              Entropy (8bit):5.259844400503881
              Encrypted:false
              SSDEEP:6:YEQXJ2HX4QIXXq6JnZiQ0Y9Rn1qoAvJfshHHrPeUkwRe9:YvXKX4Q46icCRn1ZGUUUkee9
              MD5:B01B79FEAE1EB9CF47AB62B02FC652F3
              SHA1:FCB56806A3A9E482EBBCC1BB4BF0DAF0B67C1881
              SHA-256:9DD473E65576969AE0E5DB38AC5028BF78886B6CCEC5037A955A73102EB91537
              SHA-512:C1C4F2E994D8810EE3A9C005D364B6BEB3444267AF2577811113A0087C1ECF9AA48AB2602677D83418D4F7AFF041160C030A47041DEF321B8E7C3D856C6A8114
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"5beb3b57-e4ba-41a8-9d7b-2d94b0bb3d45","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714033864297,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):782
              Entropy (8bit):5.368768874388277
              Encrypted:false
              SSDEEP:12:YvXKX4Q46icCRn1ZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWlY:Yv6X4IX8n11168CgEXX5kcIfANh/
              MD5:11EACB71075F2E86DC3EC9DD729645CC
              SHA1:64D4AE17326E59CE0780AF9F2E39925979DE77AD
              SHA-256:CD359414DCC337BC65BEA530EA8E8CFA34198BCDED1616C780F1FC0C56026EE3
              SHA-512:B8DFCA05183FB83A66718CC5279EB16894447579B93E2051799E21A26FCDBA3CD84BA52D89ADDB1E8454B0E14570C6A5C796C1A54B7FB86E63FA69A31D3FEAB3
              Malicious:false
              Preview:{"analyticsData":{"responseGUID":"5beb3b57-e4ba-41a8-9d7b-2d94b0bb3d45","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714033864297,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1713854299336}}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:data
              Category:dropped
              Size (bytes):4
              Entropy (8bit):0.8112781244591328
              Encrypted:false
              SSDEEP:3:e:e
              MD5:DC84B0D741E5BEAE8070013ADDCC8C28
              SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
              SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
              SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
              Malicious:false
              Preview:....

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):2814
              Entropy (8bit):5.139435720010529
              Encrypted:false
              SSDEEP:24:Y7l2x2LSbCDeTR3EVpsPRauayTFsKXjQj0S5wlmepNq5V9EE6OuU3OG:YR8lHpSpGi6Lq79EEz
              MD5:9D8A17BAD294DF2BDCA5FC9EB498544B
              SHA1:4A4FC76211611182A0281A08FA798983FCB07C5E
              SHA-256:61A5F5E52B9C706B03A676AC4EA9446A87F2B6B4F91B5D6A15371D65B379FE39
              SHA-512:BC2004933B47753FF610C92CFEF59B52CB3911B51587DF09F5F9FFBE1570CD0CFBAFB7468F0503AB0D359935533A25EF8DC070F20BB099B017C6369894FBA923
              Malicious:false
              Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"8b3e7dc6b12bf4a4cf564e7af00572bd","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713854298000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"2e01f9877a0b16804391ab6f8779e3ba","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1713854298000},{"id":"Edit_InApp_Aug2020","info":{"dg":"3e1fa3aaa297efe7eb8b9dda0948d91b","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713854298000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"0bb9c9a4a1636cc0a3f6a5eb01e11747","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713854298000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"bf4a580060bc7124d3eec7f1419f6009","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713854298000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"4131ad62b7cb2ed7b99aa31d8dde9382","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713854298000},{"i

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
              Category:dropped
              Size (bytes):12288
              Entropy (8bit):1.145822627273595
              Encrypted:false
              SSDEEP:24:TLhx/XYKQvGJF7urs/A5rLRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUx:TFl2GL7msYLXc+XcGNFlRYIX2v3kvN
              MD5:0ADEFDF9B46E64A27B728CD340D8CD92
              SHA1:27C29DA080CED412AD0C7B845BDF6BC0DB673959
              SHA-256:1CB5FB27095E93F395A40EE4DA0D2685B3C168D769A58F29522F59DAB393EDFB
              SHA-512:15AED27737C8E493CA3CA28B8B2F830F72AB55CD88439DC565708BF1D88B2776F4718204CE76B74582EFB28B9EBBABA8FB8596BADD24925C9FD04C2AFE9C5F92
              Malicious:false
              Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):8720
              Entropy (8bit):1.5518049912538316
              Encrypted:false
              SSDEEP:24:7+tWA5rLUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxxqLxx/J:7MfcXc+XcGNFlRYIX2vAqVl2GL7msqQ
              MD5:C2A1A507B402E0CB069EBBA279140C28
              SHA1:31EDADA870CDCD8DAEED884C331F5E0310208388
              SHA-256:59A1BAF48A4E03695A7B348746141EC80C33270C3E658DEBCE4F80D2652AEE23
              SHA-512:B475EC9C7932AD2CE95415BDA66777567EBEF1DFF1F1A33460F1567E9ED7408DC1B4843BA5B57AA74EA52936B6CD2CB2EA422FAF7B419D1F3358A3C53C6EBB06
              Malicious:false
              Preview:.... .c.....Q..q..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b.b.b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Temp\MSIfc594.LOG

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
              Category:dropped
              Size (bytes):246
              Entropy (8bit):3.5213298467083405
              Encrypted:false
              SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rkylnNeNlH:Qw946cPbiOxDlbYnuRKslNq9
              MD5:40544DAE0C5D23338C908D7D02E119BE
              SHA1:B238B444E8AB1870516CD399DA9C1695CA4EA9D3
              SHA-256:BEBAB82FAD1D2788F02F4232DBCCBA89540F6396DF31BC0F745B3DD064AD3598
              SHA-512:CD0126FA99232D2EA80FC749453C3FA0F8BB6AD6E9F6F4CB2881AADF6C605C8133D09AFB05CE3847502D6382B26F1BE081CC97893A60805A56038184BFA03812
              Malicious:false
              Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.3./.0.4./.2.0.2.4. . .0.8.:.3.8.:.2.1. .=.=.=.....

              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-23 08-38-15-859.log

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:ASCII text, with very long lines (393)
              Category:dropped
              Size (bytes):16525
              Entropy (8bit):5.338264912747007
              Encrypted:false
              SSDEEP:384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
              MD5:128A51060103D95314048C2F32A15C66
              SHA1:EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
              SHA-256:601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
              SHA-512:55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
              Malicious:false
              Preview:SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:

              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:ASCII text, with very long lines (393), with CRLF line terminators
              Category:dropped
              Size (bytes):16603
              Entropy (8bit):5.339097939066559
              Encrypted:false
              SSDEEP:384:g6uLGC/uDkvHfH1yItm0uzGeNiaaCWE+Fd/5Nf2uCmqtqvvq/TChRzIbIp01fcgz:+agqpZ
              MD5:3E775A9ACA2587EA37546C5035075DA5
              SHA1:B7AB84762857D9190D444BA23839DC5BE4931475
              SHA-256:C71A6866FCD574DAA83CFF201F645F96377E35B8A78C1BCC91BA96DBE88F5D89
              SHA-512:CC46CDC6FCFD9F4FE84A70146B75A3181C95D0ABCD66EFF8E6DD541C6723B4FF6E3550F89EC0A249692EBBE31102818CC3885698486FDB2BBF422B5231F6784C
              Malicious:false
              Preview:SessionID=30ee5eec-771a-4050-afab-449281eba31d.1713854295881 Timestamp=2024-04-23T08:38:15:881+0200 ThreadID=1460 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=30ee5eec-771a-4050-afab-449281eba31d.1713854295881 Timestamp=2024-04-23T08:38:15:883+0200 ThreadID=1460 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=30ee5eec-771a-4050-afab-449281eba31d.1713854295881 Timestamp=2024-04-23T08:38:15:883+0200 ThreadID=1460 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=30ee5eec-771a-4050-afab-449281eba31d.1713854295881 Timestamp=2024-04-23T08:38:15:883+0200 ThreadID=1460 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=30ee5eec-771a-4050-afab-449281eba31d.1713854295881 Timestamp=2024-04-23T08:38:15:883+0200 ThreadID=1460 Component=ngl-lib_NglAppLib Description="SetConf

              C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):29845
              Entropy (8bit):5.396989458570783
              Encrypted:false
              SSDEEP:192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbJcbaIV5cbq:V3fOCIdJDekVz
              MD5:6C8333947F81BAB960E11A62A340E1AB
              SHA1:80C8CE21673202F18982732646187EE08AD19750
              SHA-256:86DABFB66221A0B7524566F80EEA2E9C8F9CB42FFE856E752CAB4753C0EB4DD5
              SHA-512:0BAFDFF50232BD8F1047837D7A8EDF85E8FF8B0E6EA0CA2195ACA9146A7342F72078EA767D0A5F524423F19C215E308E2A8E379F603B340564BB68471A3EF3C0
              Malicious:false
              Preview:05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-

              C:\Users\user\AppData\Local\Temp\acrocef_low\099f03ee-2ec9-4111-ac58-d804fb955993.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
              Category:dropped
              Size (bytes):1419751
              Entropy (8bit):7.976496077007677
              Encrypted:false
              SSDEEP:24576:/x0WCwYIGNPB07oYGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:J0WCwZGbxYGZn3mlind9i4ufFXpAXkru
              MD5:88B2722B96247B17B543D57C5854653B
              SHA1:8CD8A5117443E66B68808DB275330FE0715B36C9
              SHA-256:98E89D91676C400D8C9765D758C445E9446FFAF1757B5B67DD518BB76BB514E7
              SHA-512:7471ABF2EE6E0413E95E9CE5EC2E567A097FD370AD73A4583DE1DCFED11E0A9B371B65943E9DBB68BB097475930D59F29CA237D0DE8A90365DAECCC034B2B6AB
              Malicious:false
              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

              C:\Users\user\AppData\Local\Temp\acrocef_low\5b75bfda-ded4-4d74-9e0b-4398a51c7de3.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
              Category:dropped
              Size (bytes):758601
              Entropy (8bit):7.98639316555857
              Encrypted:false
              SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
              MD5:3A49135134665364308390AC398006F1
              SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
              SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
              SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
              Malicious:false
              Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

              C:\Users\user\AppData\Local\Temp\acrocef_low\77b7f8aa-b767-480f-9320-a36a788c4735.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
              Category:dropped
              Size (bytes):386528
              Entropy (8bit):7.9736851559892425
              Encrypted:false
              SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
              MD5:5C48B0AD2FEF800949466AE872E1F1E2
              SHA1:337D617AE142815EDDACB48484628C1F16692A2F
              SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
              SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
              Malicious:false
              Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

              C:\Users\user\AppData\Local\Temp\acrocef_low\883576cf-dc82-4c96-87b2-04279a1e5129.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
              Category:dropped
              Size (bytes):1407294
              Entropy (8bit):7.97605879016224
              Encrypted:false
              SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
              MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
              SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
              SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
              SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
              Malicious:false
              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

              Static File Info

              General

              File type:PDF document, version 1.7, 1 pages
              Entropy (8bit):7.9975533868702495
              TrID:
              • Adobe Portable Document Format (5005/1) 100.00%
              File name:LT1 (3)_page-0001_compressed.pdf
              File size:260'288 bytes
              MD5:c580eb3f77967275e11de3960c9ab081
              SHA1:5b07ebd2783cc82538a5a0074e96aaff6136cb70
              SHA256:0541bda1fa931996498e21f8026e0fd373f6f1a0378bdec63c2e8c18e61fb28a
              SHA512:e919609b14c019e052bd8ed18bb20c07f06db9fc0a7cb5236e1a62063bb46f65644c5a670d1b7bfe9d1606ff24a150d001a77f983151c758f07a231e8dc0189a
              SSDEEP:6144:xvrpwgxq7albSeHP2ZCfHYsc0lt5K5q0pawmoTfHTPSDIf:xv9bx/lbFHP2OH5SqEmoTJ
              TLSH:214423996B2D06CC0C23B4E3FBF4C4ABC150B55A5FC4A4656234BD96A7B4F32701AE27
              File Content Preview:%PDF-1.7.%.....7 0 obj.<<./Type /XObject./Subtype /Image./Width 1239./Height 1754./BitsPerComponent 8./ColorSpace /DeviceRGB./Filter [/FlateDecode /DCTDecode]./DecodeParms [null <<./Quality 60.>>]./Length 259345.>>.stream.x....T]....N.{.....=.B........Np.

              File Icon

              Icon Hash:62cc8caeb29e8ae0

              Static PDF Info

              General

              Header:%PDF-1.7
              Total Entropy:7.997553
              Total Bytes:260288
              Stream Entropy:7.997498
              Stream Bytes:259442
              Entropy outside Streams:5.357582
              Bytes outside Streams:846
              Number of EOF found:1
              Bytes after EOF:

              Keywords Statistics

              NameCount
              obj7
              endobj7
              stream3
              endstream3
              xref0
              trailer0
              startxref1
              /Page1
              /Encrypt0
              /ObjStm0
              /URI0
              /JS0
              /JavaScript0
              /AA0
              /OpenAction0
              /AcroForm0
              /JBIG2Decode0
              /RichMedia0
              /Launch0
              /EmbeddedFile0

              Network Behavior

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Apr 23, 2024 08:38:26.137015104 CEST49722443192.168.2.6104.77.220.172
              Apr 23, 2024 08:38:26.137068033 CEST44349722104.77.220.172192.168.2.6
              Apr 23, 2024 08:38:26.137136936 CEST49722443192.168.2.6104.77.220.172
              Apr 23, 2024 08:38:26.137413979 CEST49722443192.168.2.6104.77.220.172
              Apr 23, 2024 08:38:26.137445927 CEST44349722104.77.220.172192.168.2.6
              Apr 23, 2024 08:38:26.413619041 CEST44349722104.77.220.172192.168.2.6
              Apr 23, 2024 08:38:26.413965940 CEST49722443192.168.2.6104.77.220.172
              Apr 23, 2024 08:38:26.413985014 CEST44349722104.77.220.172192.168.2.6
              Apr 23, 2024 08:38:26.415014029 CEST44349722104.77.220.172192.168.2.6
              Apr 23, 2024 08:38:26.415087938 CEST49722443192.168.2.6104.77.220.172
              Apr 23, 2024 08:38:26.417160988 CEST49722443192.168.2.6104.77.220.172
              Apr 23, 2024 08:38:26.417222023 CEST44349722104.77.220.172192.168.2.6
              Apr 23, 2024 08:38:26.417443037 CEST49722443192.168.2.6104.77.220.172
              Apr 23, 2024 08:38:26.417449951 CEST44349722104.77.220.172192.168.2.6
              Apr 23, 2024 08:38:26.468290091 CEST49722443192.168.2.6104.77.220.172
              Apr 23, 2024 08:38:26.507472038 CEST44349722104.77.220.172192.168.2.6
              Apr 23, 2024 08:38:26.507556915 CEST44349722104.77.220.172192.168.2.6
              Apr 23, 2024 08:38:26.507785082 CEST49722443192.168.2.6104.77.220.172
              Apr 23, 2024 08:38:26.508671045 CEST49722443192.168.2.6104.77.220.172
              Apr 23, 2024 08:38:26.508687019 CEST44349722104.77.220.172192.168.2.6
              Apr 23, 2024 08:38:26.508709908 CEST49722443192.168.2.6104.77.220.172
              Apr 23, 2024 08:38:26.508754969 CEST49722443192.168.2.6104.77.220.172

              HTTP Request Dependency Graph

              • armmf.adobe.com

              HTTPS Proxied Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.649722104.77.220.1724432532C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              TimestampBytes transferredDirectionData
              2024-04-23 06:38:26 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
              Host: armmf.adobe.com
              Connection: keep-alive
              Accept-Language: en-US,en;q=0.9
              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
              Sec-Fetch-Site: same-origin
              Sec-Fetch-Mode: no-cors
              Sec-Fetch-Dest: empty
              Accept-Encoding: gzip, deflate, br
              If-None-Match: "78-5faa31cce96da"
              If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
              2024-04-23 06:38:26 UTC198INHTTP/1.1 304 Not Modified
              Content-Type: text/plain; charset=UTF-8
              Last-Modified: Mon, 01 May 2023 15:02:33 GMT
              ETag: "78-5faa31cce96da"
              Date: Tue, 23 Apr 2024 06:38:26 GMT
              Connection: close


              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:08:38:12
              Start date:23/04/2024
              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\LT1 (3)_page-0001_compressed.pdf"
              Imagebase:0x7ff651090000
              File size:5'641'176 bytes
              MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:moderate
              Has exited:true

              General

              Target ID:2
              Start time:08:38:13
              Start date:23/04/2024
              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
              Imagebase:0x7ff70df30000
              File size:3'581'912 bytes
              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:moderate
              Has exited:true

              General

              Target ID:4
              Start time:08:38:13
              Start date:23/04/2024
              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1720,i,5408455416841799603,14446527396471553952,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
              Imagebase:0x7ff70df30000
              File size:3'581'912 bytes
              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:moderate
              Has exited:true

              Disassembly

              No disassembly