Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
64800000797_IMO SYMBOLS.pdf

Overview

General Information

Sample name:64800000797_IMO SYMBOLS.pdf
Analysis ID:1430760
MD5:2289f869ef41ed8a006e2833dfe50006
SHA1:4d28aac128e97d27d7a4160a836f4a3700f1d4d5
SHA256:0eda3c0fd6b9a7d00b65d3f7610156fa55cdffae450b4873a8ca8df17f1ee5a8
Tags:jar
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6636 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\64800000797_IMO SYMBOLS.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 400 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 1004 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2144 --field-trial-handle=1640,i,2043785905118560439,8266881311133419412,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.7:49710 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.7:49710
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.7:49710
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.7:49710
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.7:49710
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.7:49710
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.7:49710
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.7:49710
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.7:49710
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.7:49710
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.7:49710
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: ReaderMessages.0.drString found in binary or memory: https://www.adobe.co
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: classification engineClassification label: clean1.winPDF@14/44@0/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 06-54-55-647.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\64800000797_IMO SYMBOLS.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2144 --field-trial-handle=1640,i,2043785905118560439,8266881311133419412,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2144 --field-trial-handle=1640,i,2043785905118560439,8266881311133419412,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 64800000797_IMO SYMBOLS.pdfInitial sample: PDF keyword /JS count = 0
Source: 64800000797_IMO SYMBOLS.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: 64800000797_IMO SYMBOLS.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive12
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1430760 Sample: 64800000797_IMO SYMBOLS.pdf Startdate: 24/04/2024 Architecture: WINDOWS Score: 1 6 Acrobat.exe 18 71 2->6         started        process3 8 AcroCEF.exe 106 6->8         started        process4 10 AcroCEF.exe 4 8->10         started        dnsIp5 13 23.200.60.110, 443, 49710 AKAMAI-ASUS United States 10->13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.adobe.co0%URL Reputationsafe
https://www.adobe.co0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://www.adobe.coReaderMessages.0.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
23.200.60.110
unknownUnited States
16625AKAMAI-ASUSfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1430760
Start date and time:2024-04-24 06:54:00 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 11s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:22
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:64800000797_IMO SYMBOLS.pdf
Detection:CLEAN
Classification:clean1.winPDF@14/44@0/1
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 23.202.56.131, 107.22.247.231, 34.193.227.236, 54.144.73.197, 18.207.85.246, 172.64.41.3, 162.159.61.3, 96.7.128.29, 96.7.128.37, 96.7.128.186, 96.7.128.200
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, time.windows.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
23.200.60.110Undeliverable IMPORTANT TAX RETURN DOCUMENT AVAILABLE LCAPOZZO #Ud83d#Udcd1 - 2 16 2024.emlGet hashmaliciousHTMLPhisherBrowse
    ChromeSetup.exe.lnkGet hashmaliciousUnknownBrowse
      phish_alert_iocp_v1.4.48 (2).emlGet hashmaliciousHTMLPhisherBrowse

        Domains

        No context

        ASNs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        AKAMAI-ASUSUXNob1Dp32.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
        • 23.59.200.146
        mJVVW85CnW.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
        • 104.106.57.101
        https://netorg442802-my.sharepoint.com/:b:/g/personal/darek_daronto_com/EeXtnEaZ3XJBqGk13it6odUB-K9vuYAC7zp7SfyciZ3BpQ?e=nkKu2wGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
        • 23.43.51.75
        EXTERNAL Bonnie St Dryden is inviting you to collaborate on One_docx(Apr 23) DOC3848493.msgGet hashmaliciousHTMLPhisherBrowse
        • 23.223.31.231
        https://lithiuimvalley.com/ssdGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
        • 96.17.33.186
        file.exeGet hashmaliciousVidarBrowse
        • 23.47.27.74
        https://sunhos-my.sharepoint.com/:b:/g/personal/mcaffrey_suncrestcare_com/EVEm8VhV9TBDp7AQUrliImYB4Kt7rXcd_m6-8qNUjxBhTA?e=P3XNTL&xsdata=MDV8MDJ8cHJpY2hhcmRzb25AY2FsdG9uLmNvbXxkM2U5ZTc1MTlkNDA0NmI2OWMzODA4ZGM2M2JhOTA4Y3w3YjU1NzU2YTg5NTg0ZWNlODFkYzVkYTZhYmRiNmE5N3wwfDB8NjM4NDk0OTAwMTUyMzMwMjUxfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=TldIbEg2OTJiSkRUS29RRElmU3dYbTBRQUlqUTBBMXZPcGlIaTlzNnlOQT0%3dGet hashmaliciousHTMLPhisherBrowse
        • 23.50.113.17
        file.exeGet hashmaliciousVidarBrowse
        • 23.65.246.108
        Remittance. #U0440df.htmlGet hashmaliciousHTMLPhisherBrowse
        • 23.193.106.150
        https://netorgft12232017-my.sharepoint.com:443/:f:/g/personal/lisa_imjts_com/EsnpAMoHQfhBluK8Y5tDE68BaHrT-12huxTJR_ZqVWR4tA?e=5%3aZZh3dZ&at=9Get hashmaliciousUnknownBrowse
        • 23.210.240.138

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):300
        Entropy (8bit):5.205414908146271
        Encrypted:false
        SSDEEP:6:2ZHwN+q2PcNwi2nKuAl9OmbnIFUt8n28Zmw+n28VkwOcNwi2nKuAl9OmbjLJ:Cc+vLZHAahFUt828/+28V54ZHAaSJ
        MD5:66910B15A9D61E5D830E34BFDE00FC8B
        SHA1:1D2D9B7DA64091EDE0994891BCD54686D88229B4
        SHA-256:42994DE3492696B1FE604D40B77C074FA904A91F1B1803D6C3221AD95540F7F8
        SHA-512:C90033D358809DEDA4C084CF4382661E0587148458150FC2D39BAB5FCD70E2C2D135CD48CB82C956C6740BD5274FAC337362342CB43C4E20C6A9BA4EEF7CFEFE
        Malicious:false
        Reputation:low
        Preview:2024/04/24-06:54:53.523 1bdc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/24-06:54:53.524 1bdc Recovering log #3.2024/04/24-06:54:53.524 1bdc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):300
        Entropy (8bit):5.205414908146271
        Encrypted:false
        SSDEEP:6:2ZHwN+q2PcNwi2nKuAl9OmbnIFUt8n28Zmw+n28VkwOcNwi2nKuAl9OmbjLJ:Cc+vLZHAahFUt828/+28V54ZHAaSJ
        MD5:66910B15A9D61E5D830E34BFDE00FC8B
        SHA1:1D2D9B7DA64091EDE0994891BCD54686D88229B4
        SHA-256:42994DE3492696B1FE604D40B77C074FA904A91F1B1803D6C3221AD95540F7F8
        SHA-512:C90033D358809DEDA4C084CF4382661E0587148458150FC2D39BAB5FCD70E2C2D135CD48CB82C956C6740BD5274FAC337362342CB43C4E20C6A9BA4EEF7CFEFE
        Malicious:false
        Reputation:low
        Preview:2024/04/24-06:54:53.523 1bdc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/24-06:54:53.524 1bdc Recovering log #3.2024/04/24-06:54:53.524 1bdc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):344
        Entropy (8bit):5.195427677666743
        Encrypted:false
        SSDEEP:6:2qVF34q2PcNwi2nKuAl9Ombzo2jMGIFUt8nCcHvJZmw+nCcHvDkwOcNwi2nKuAlx:zv4vLZHAa8uFUt8CcHvJ/+CcHvD54ZHA
        MD5:825F5239BCC0D96D4F380C38B0749214
        SHA1:4F06CEC2E921A216259F2610A528CF29351E7B09
        SHA-256:33E7715AE779ABBCF86C66C9849113B6E1834FC4D1B0FCF767AEDBF42B49D091
        SHA-512:DF23574D083A8BE6E090A602AF14B40A14CDB47AF92D019D4C9E04FC059235541A66ABE0B129EBD2AD58441C80AF193737218AC640D43F271E5E8F6D18BE98EF
        Malicious:false
        Reputation:low
        Preview:2024/04/24-06:54:53.600 19b0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/24-06:54:53.601 19b0 Recovering log #3.2024/04/24-06:54:53.601 19b0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):344
        Entropy (8bit):5.195427677666743
        Encrypted:false
        SSDEEP:6:2qVF34q2PcNwi2nKuAl9Ombzo2jMGIFUt8nCcHvJZmw+nCcHvDkwOcNwi2nKuAlx:zv4vLZHAa8uFUt8CcHvJ/+CcHvD54ZHA
        MD5:825F5239BCC0D96D4F380C38B0749214
        SHA1:4F06CEC2E921A216259F2610A528CF29351E7B09
        SHA-256:33E7715AE779ABBCF86C66C9849113B6E1834FC4D1B0FCF767AEDBF42B49D091
        SHA-512:DF23574D083A8BE6E090A602AF14B40A14CDB47AF92D019D4C9E04FC059235541A66ABE0B129EBD2AD58441C80AF193737218AC640D43F271E5E8F6D18BE98EF
        Malicious:false
        Reputation:low
        Preview:2024/04/24-06:54:53.600 19b0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/24-06:54:53.601 19b0 Recovering log #3.2024/04/24-06:54:53.601 19b0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\5f92fab1-e169-479a-977d-86660c41d274.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:modified
        Size (bytes):475
        Entropy (8bit):4.971105805422558
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqZk7tsBdOg2HFcaq3QYiubSpDyP7E4TX:Y2sRds17OdMHk3QYhbSpDa7n7
        MD5:7966899905BFEA351E6ECAE3D375AC30
        SHA1:60A4637F223B28A95EBDB1D1A85F0FAF8D16A261
        SHA-256:1904DCEEDA3F544091815C426F9BDACEC7441024BFA7027FD5CF40B88FDBD57D
        SHA-512:D44602F9D607FDB31E26421384AF1FAE89217B24E89672506164635D98BC774CC7E25C4C90A4E08120EC50562EB50AD7D2442DB618514B4F3F57FF99BAF6B19A
        Malicious:false
        Reputation:low
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358494505397855","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":154160},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):475
        Entropy (8bit):4.971105805422558
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqZk7tsBdOg2HFcaq3QYiubSpDyP7E4TX:Y2sRds17OdMHk3QYhbSpDa7n7
        MD5:7966899905BFEA351E6ECAE3D375AC30
        SHA1:60A4637F223B28A95EBDB1D1A85F0FAF8D16A261
        SHA-256:1904DCEEDA3F544091815C426F9BDACEC7441024BFA7027FD5CF40B88FDBD57D
        SHA-512:D44602F9D607FDB31E26421384AF1FAE89217B24E89672506164635D98BC774CC7E25C4C90A4E08120EC50562EB50AD7D2442DB618514B4F3F57FF99BAF6B19A
        Malicious:false
        Reputation:low
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358494505397855","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":154160},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):4509
        Entropy (8bit):5.22875902890685
        Encrypted:false
        SSDEEP:96:CwNwpDGHqPySfkcr2smSX8I2OQCDh28wDtPWa5KGsupIuK+uZ:CwNw1GHqPySfkcigoO3h28ytPWG5SrZ
        MD5:BA441B60910A953B3215BE38FEB6AF64
        SHA1:046E86DB6828C3586768A8596A883CD169E47772
        SHA-256:A41F2090DEA35789684F488B281D1442F9F408809E8A09DAD18A2591CD1CB238
        SHA-512:8EADF9F8C3CCF8667073B0C325C54DDBA7E9AB8E10E90EC838D5E149FE70F88D54AE8D7376B75ABD311E7E0EDFEFDDE4D8D7351209812D3B10B955ACECA8DA9E
        Malicious:false
        Reputation:low
        Preview:*...#................version.1..namespace-.aw.o................next-map-id.1.Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.0I.$.r................next-map-id.2.Snamespace-9a9aa6d6_c307_4dda_b6c0_dc91084c8e68-https://rna-v2-resource.acrobat.com/.1!...r................next-map-id.3.Snamespace-1fbd9dc5_70a3_4975_91b4_966e0915c27a-https://rna-v2-resource.acrobat.com/.2..N.o................next-map-id.4.Pnamespace-0e0aed8d_6d6f_4be0_b28f_8e02158bc792-https://rna-resource.acrobat.com/.3*.z.o................next-map-id.5.Pnamespace-52652c26_09c2_43f2_adf7_da56a1f00d32-https://rna-resource.acrobat.com/.4.{.^...............Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.C..r................next-map-id.6.Snamespace-3a89c6b0_72b9_411a_9e44_fa247f34ac91-https://rna-v2-resource.acrobat.com/.5.q._r................next-map-id.7.Snamespace-02b23955_9103_42e0_ba64_3f8683969652-https://rna-v2-resource.acrobat.com/.6..d.o..............

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):332
        Entropy (8bit):5.211979631862781
        Encrypted:false
        SSDEEP:6:2cW34q2PcNwi2nKuAl9OmbzNMxIFUt8niv3JZmw+nMdP3DkwOcNwi2nKuAl9Ombg:9w4vLZHAa8jFUt8iv3J/+MdPD54ZHAab
        MD5:E8C51AEF7A4F98AF4EAA03C1EC767EE7
        SHA1:568E3A3E5065E28E24464241E861FEB5C6EC88A2
        SHA-256:EC5271247A5A5A4DD6B0BB6F22894D1D0DCDC33102A692D86CB3B1FB111FA89A
        SHA-512:C629D31594E54CCA0D5A6663DE2D519441A54BD5D04783D4CDD8A146F47C8379D3E72D34516680A9C3EBB9ABBBC3ACF67403609CDC84E896CBE037821DDCB856
        Malicious:false
        Reputation:low
        Preview:2024/04/24-06:54:53.922 19b0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/24-06:54:53.925 19b0 Recovering log #3.2024/04/24-06:54:53.930 19b0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):332
        Entropy (8bit):5.211979631862781
        Encrypted:false
        SSDEEP:6:2cW34q2PcNwi2nKuAl9OmbzNMxIFUt8niv3JZmw+nMdP3DkwOcNwi2nKuAl9Ombg:9w4vLZHAa8jFUt8iv3J/+MdPD54ZHAab
        MD5:E8C51AEF7A4F98AF4EAA03C1EC767EE7
        SHA1:568E3A3E5065E28E24464241E861FEB5C6EC88A2
        SHA-256:EC5271247A5A5A4DD6B0BB6F22894D1D0DCDC33102A692D86CB3B1FB111FA89A
        SHA-512:C629D31594E54CCA0D5A6663DE2D519441A54BD5D04783D4CDD8A146F47C8379D3E72D34516680A9C3EBB9ABBBC3ACF67403609CDC84E896CBE037821DDCB856
        Malicious:false
        Reputation:low
        Preview:2024/04/24-06:54:53.922 19b0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/24-06:54:53.925 19b0 Recovering log #3.2024/04/24-06:54:53.930 19b0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424045457Z-170.bmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
        Category:dropped
        Size (bytes):71190
        Entropy (8bit):2.1049501420059373
        Encrypted:false
        SSDEEP:96:1O+Xpb7bIDNl9zqjKM+rOafatFbwgQqEDUQ14xThF/eGYIRHQN98h8X90JH7X/E:o+XpnQl9KK95fa4gQ9VGHRHQ970vE
        MD5:9D63F181A2F48F88F3F9B5FFA0AA2ACD
        SHA1:B908F260800B42987FF242D1FD743DB28FE240F4
        SHA-256:B1A12579931237066124966EAC67969FDC3A55436A8BA298F3D4E7E548A1ADD6
        SHA-512:DBB621E8EDACDEEC5F3CBEF7381632549F9CECD6C91E7E6092DD01392D14F89AA522B322CFF0DE80ECCA7EF16FDC8B193DB5A7C7DA354BE25E730AFE22C56898
        Malicious:false
        Reputation:low
        Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
        Category:dropped
        Size (bytes):86016
        Entropy (8bit):4.439181944412511
        Encrypted:false
        SSDEEP:384:yeaci5GQiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:18urVgazUpUTTGt
        MD5:26533B7F3B29311E05E944A1B06480F2
        SHA1:4574763470D8C1E39C841690E2EB34471E46603F
        SHA-256:D99F14C602ABFC3E2876FDF05E44E855A19793EE2A49E2A282D7E0C9E21751DB
        SHA-512:077E2D7409F56D3CCA616F5A3ABC63CB8EDC5AAE6D3021554B36533D708E21D3AF2AC1FA1F0F6EDABCEC14A99EC61DBB31FA44ACFF2017D69B992BD32F6F9DAA
        Malicious:false
        Reputation:low
        Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):3.7750542538808034
        Encrypted:false
        SSDEEP:48:7Mkp/E2ioyVHioy3DoWoy1CABoy1LKOioy1noy1AYoy1Wioy1hioybioyHoy1noK:7zpjuH0iANXKQe8b9IVXEBodRBk0
        MD5:61777F8415D0ED27D79FBCB59D1011A0
        SHA1:7C93B575D4E93EF0AFBF5DCA03195FF5F6873D46
        SHA-256:363CF50B2B8B9AF7755B01B5151FDF4205ADDA37F13DA4F913123F760655000B
        SHA-512:1633193BD3A6521E86C05E7840C0EA1CEE1B07B577E1528D89721ACDB67801180A103545EE52E452264F715FE3072C2120D60FD209A74CA5982A41817FA3D7D4
        Malicious:false
        Reputation:low
        Preview:.... .c.....q.M................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5832

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):185099
        Entropy (8bit):5.182478651346149
        Encrypted:false
        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
        MD5:94185C5850C26B3C6FC24ABC385CDA58
        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):185099
        Entropy (8bit):5.182478651346149
        Encrypted:false
        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
        MD5:94185C5850C26B3C6FC24ABC385CDA58
        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):227002
        Entropy (8bit):3.392780893644728
        Encrypted:false
        SSDEEP:1536:qMKP+iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:FKPoJ/3AYvYwglFoL+sn
        MD5:C11248DE3EDEB5F39EE8D1E2C1FFE7D8
        SHA1:7EC6B85BDB7C99BA691BB08A051EF7C4D4A43231
        SHA-256:57612AEEE8F8E8471B730963F8E111C9890F83D8120380A6FF0676A3814A4B41
        SHA-512:E13FD658A42EE8BA3CDE3DE5912C3BF3F1A5D720D6C47C3FBCB9C529208DC2860A64B3C41F08660A76CAF5482CF8FDA5EEB62ACC719860AE05EE5C8369C24D9F
        Malicious:false
        Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):295
        Entropy (8bit):5.39888190393622
        Encrypted:false
        SSDEEP:6:YEQXJ2HXHW4GHGHWKWWsGiIPEeOF0YKcxoAvJM3g98kUwPeUkwRe9:YvXKX1GwNRsdTeOqtGMbLUkee9
        MD5:B74652D9C7C0E496CC27F0864FCD8ED0
        SHA1:C49704B866156AE07DA45EB5ED986EB32E030466
        SHA-256:0718AD5B4C1AFDFBD25CF90BEC510D3F30EFDF6BBF5782CD9E5FA44F447285AF
        SHA-512:115F77D22E1647015623203FFBE8BF66E5B4A344280045E10C9A8499DBDEB00E9157E466D63F6B83A46C47BC381E47BF3187C27B5C0D9D292376A02627655700
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"f7f07eb0-46fd-455d-b189-5c1667237b21","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714110794867,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.335547061241008
        Encrypted:false
        SSDEEP:6:YEQXJ2HXHW4GHGHWKWWsGiIPEeOF0YKcxoAvJfBoTfXpnrPeUkwRe9:YvXKX1GwNRsdTeOqtGWTfXcUkee9
        MD5:445E7B1A2C1520A7CC32D4C9F51594D7
        SHA1:D58042D9D77F723A55F6FD898FB5DD5668D748DA
        SHA-256:530A3BBB4A0609FC9EA2F52123C0EB7D60B78F309E59A3ADE29A72B90BF1BB83
        SHA-512:039EE7FE8BE82B78E8EE231FCA812A36C0D40FBF3D042E2FA7000E8AC34A1BF124AB46F066B6F327141DD27874199C9018CA0AAC5B77601764395EE6AAF09FE2
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"f7f07eb0-46fd-455d-b189-5c1667237b21","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714110794867,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.314253275467887
        Encrypted:false
        SSDEEP:6:YEQXJ2HXHW4GHGHWKWWsGiIPEeOF0YKcxoAvJfBD2G6UpnrPeUkwRe9:YvXKX1GwNRsdTeOqtGR22cUkee9
        MD5:E062933111C4D78FE3EB8D79561E7E76
        SHA1:45A0059FB7E22C6288492C2BF9D3BE66549642A0
        SHA-256:59E3582FE3091DA20B1311183757B970F0B58625D9D44E8BA8BEC38DE71FD621
        SHA-512:EB04878F04BF472DBFCDDEA3906374F8AE208C868FD0EC93E12540316D87D9A22F531159E0A24ABBAAA268629A0A108FAE4D2BAD01E76C835A7109B348DA19EC
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"f7f07eb0-46fd-455d-b189-5c1667237b21","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714110794867,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):285
        Entropy (8bit):5.387006470867141
        Encrypted:false
        SSDEEP:6:YEQXJ2HXHW4GHGHWKWWsGiIPEeOF0YKcxoAvJfPmwrPeUkwRe9:YvXKX1GwNRsdTeOqtGH56Ukee9
        MD5:1D045A1AD508F771F10A1372D162127C
        SHA1:5DF1FCDF4C578EEAF609C188AD1FB71AF025034D
        SHA-256:3C4E8FB9336F05D226F9547A50BA17CFE9C5112B0DE8D9E4C8E2DCADBB46B98A
        SHA-512:3977F3DB1DF019BA8E9C38A44EE9682A7E473B5E9D23349894F851FBBDDEDD33AF1E84D38E0771BE909D60556179AC072B5A0DB0C047B6FBD19C8B2BC6C6C6F5
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"f7f07eb0-46fd-455d-b189-5c1667237b21","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714110794867,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.338142422844019
        Encrypted:false
        SSDEEP:6:YEQXJ2HXHW4GHGHWKWWsGiIPEeOF0YKcxoAvJfJWCtMdPeUkwRe9:YvXKX1GwNRsdTeOqtGBS8Ukee9
        MD5:69116463896EAC019A8206C541CC8709
        SHA1:E64AC182767485160A589CC7DC863144FFC6B824
        SHA-256:9EBA97F52077BBDF9B554CD6E8D146AE9DEF4B8CD051C3A4BD3A0A90C58B020A
        SHA-512:5F42682515C0905CE86388396EB6C8FD8EB66855EBF2427DAFA7E1E32A2E30C46AC16A0D0632EFCC394A9726D850493907139FFA324D31A67DB7B314C76F2881
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"f7f07eb0-46fd-455d-b189-5c1667237b21","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714110794867,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.324901564431143
        Encrypted:false
        SSDEEP:6:YEQXJ2HXHW4GHGHWKWWsGiIPEeOF0YKcxoAvJf8dPeUkwRe9:YvXKX1GwNRsdTeOqtGU8Ukee9
        MD5:68D6332B06FEA0BFCE9D1A5677DC5165
        SHA1:FEA0026AF180830BD2953B78AA9592A219D04190
        SHA-256:05F490D25430C4F70085465F20758EB6015CCD31DF51E7084CC7827100887069
        SHA-512:312BEDD0D5A9BFC4165C7FE7123380BD156ABDED0E7ABBF4D39D65C2370B6CE327821C7C22FFC42DA65B70A0CDEF8FBFFBD90117BD9A5CA06E0A29C935AC3ECB
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"f7f07eb0-46fd-455d-b189-5c1667237b21","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714110794867,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.328198537227474
        Encrypted:false
        SSDEEP:6:YEQXJ2HXHW4GHGHWKWWsGiIPEeOF0YKcxoAvJfQ1rPeUkwRe9:YvXKX1GwNRsdTeOqtGY16Ukee9
        MD5:3D004F6912D96FEB9351D2825E8C9F1D
        SHA1:B4739B8C4BAD92FDDEE85C4532627E0C406289C5
        SHA-256:824E96FF9C8FE60B89E23D5C2CC7CDED7443ED05FED187AFCB6E9B8A064019A9
        SHA-512:73F75E9827BE63A520CF5A6042D0E6204C4083BD80A1F44F58140D69140588B9F3418D49BB7761EC15578B9DCB584A2D3D4E980D8B844D2899C6C61A1A48A08D
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"f7f07eb0-46fd-455d-b189-5c1667237b21","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714110794867,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.343862731704138
        Encrypted:false
        SSDEEP:6:YEQXJ2HXHW4GHGHWKWWsGiIPEeOF0YKcxoAvJfFldPeUkwRe9:YvXKX1GwNRsdTeOqtGz8Ukee9
        MD5:EDB01FF897C170F7F2BEA30241BB118D
        SHA1:0E8B3CF8BF01319F49B2DF88A2F6BED21F5F3E3E
        SHA-256:5830B845F64B23F435D035788279FDC3E326EB94C903EBBA3C556B788D13290F
        SHA-512:5809810916279F71489B2DAFF4D0E1E5650117EFDEDAB264E2F574CB292E693CFAB02F1CB014ED85AB3432A71B30B0E1BAF6F467727E197F2ED5C4C8B41252FB
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"f7f07eb0-46fd-455d-b189-5c1667237b21","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714110794867,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1372
        Entropy (8bit):5.74444912025541
        Encrypted:false
        SSDEEP:24:Yv6X1GymeOKKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNV:Yv1xenEgigrNt0wSJn+ns8cvFJr
        MD5:903BF02D7B327BB7F6214ADC5B391209
        SHA1:0122E1F1727CB7E2FA506973052C5C205DE82FA1
        SHA-256:F3D0EECB870B7790BC8B08DB076F2240B2B563B42221471B0E80FF60B0D1E563
        SHA-512:6831F428A78032CDCF66F49C5958D6F338A2733E615CA38E490A0E896526EB8E05866FA0865539363FA461246F00741D4FC7E0525E7E9AA66A8DBB2A18D5CDDA
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"f7f07eb0-46fd-455d-b189-5c1667237b21","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714110794867,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.331611663888371
        Encrypted:false
        SSDEEP:6:YEQXJ2HXHW4GHGHWKWWsGiIPEeOF0YKcxoAvJfYdPeUkwRe9:YvXKX1GwNRsdTeOqtGg8Ukee9
        MD5:6CB730C42CDE05CF2C8F4791E43BA521
        SHA1:A9610C550205435742CE345158F25B7F9A096261
        SHA-256:D9C77207D385BB16A6A6F7ED02E0101F328837268845377E8012CF27B38230E1
        SHA-512:2DA5A46434C53950241AD9A2AA18FE2377DAAC1282471F79C69B52E1F34089811E54DC8596FC83A93D2F2034CC4F364FFF601B973DD55D04B1B708CFDA4FFEF3
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"f7f07eb0-46fd-455d-b189-5c1667237b21","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714110794867,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1395
        Entropy (8bit):5.779249497673083
        Encrypted:false
        SSDEEP:24:Yv6X1GymeO5rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNd:Yv1xe6HgDv3W2aYQfgB5OUupHrQ9FJn
        MD5:DD85B4631CFCFE638D4C1EEB8A65C2B0
        SHA1:70A982296899D3778F421F321F0F6FD48C8A7728
        SHA-256:EFE3DC64341E1079129075DC706402CFDDD08B7085E52A880316135BA9C300F6
        SHA-512:FAC2A61042E616A2EE5D593B4733AE91B580C0F812E366A0562FC0460549F427CEFBB1519F249362DF7CD8CC4EB493622DDFD1433666560CB78B9B13CEB5A91B
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"f7f07eb0-46fd-455d-b189-5c1667237b21","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714110794867,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):291
        Entropy (8bit):5.314941499267468
        Encrypted:false
        SSDEEP:6:YEQXJ2HXHW4GHGHWKWWsGiIPEeOF0YKcxoAvJfbPtdPeUkwRe9:YvXKX1GwNRsdTeOqtGDV8Ukee9
        MD5:823A45A4EB4786F5F03F59EDF7A2F8EB
        SHA1:B5644C9978904CE8D517B27849E5BA5CE47CC838
        SHA-256:25A2B6703943E24E2E5D547F72E17AC2D0A7586F5EE173F97CB5D3BACEBF64D8
        SHA-512:9351BB25C24E2D129F432164694FD20B5D612CABCCD3C61C8401AF0CA75542F16FA3A7953842B91FDE1F182A36C85393666E1825F6F0D31A56F11160E6810337
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"f7f07eb0-46fd-455d-b189-5c1667237b21","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714110794867,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):287
        Entropy (8bit):5.3193807544487814
        Encrypted:false
        SSDEEP:6:YEQXJ2HXHW4GHGHWKWWsGiIPEeOF0YKcxoAvJf21rPeUkwRe9:YvXKX1GwNRsdTeOqtG+16Ukee9
        MD5:199C061655FD57C90B4B1A55D6D65A2A
        SHA1:D60003C69C8619D7CC1243769581812C5C35E86A
        SHA-256:59C5C6A8062D9424F1A5BBE1D4BDE174D4D710304A349B0E66874DF4A7D4B64C
        SHA-512:5F8BC0E4C2A994380B28E1E2A4B0270402801CC5D386FBFB9C9F0C68DBA852BAF7EE55494C2FF0A3D53ECC401F073C315F6C57E1C483CDD4F5545A863065B7F4
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"f7f07eb0-46fd-455d-b189-5c1667237b21","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714110794867,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.338152974572297
        Encrypted:false
        SSDEEP:6:YEQXJ2HXHW4GHGHWKWWsGiIPEeOF0YKcxoAvJfbpatdPeUkwRe9:YvXKX1GwNRsdTeOqtGVat8Ukee9
        MD5:5DFC6D538A045527613058537C5E38DD
        SHA1:1CC64A557F5385D4DB2D39CB336BFCF2AE50E83D
        SHA-256:598FFC627E7DD1D2031C6207A61950910D651FC044B1EACF449992082D7A5563
        SHA-512:94D813DA884615B23AEBC960E550100117CA348047F1C70A9F3149CEDFFBEF7FA3F669F4C5D5B573243058BD2BAEF692B94A772EE2F74CEE390E595EEE216C68
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"f7f07eb0-46fd-455d-b189-5c1667237b21","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714110794867,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):286
        Entropy (8bit):5.295486250976941
        Encrypted:false
        SSDEEP:6:YEQXJ2HXHW4GHGHWKWWsGiIPEeOF0YKcxoAvJfshHHrPeUkwRe9:YvXKX1GwNRsdTeOqtGUUUkee9
        MD5:F28963CDED63212D10F085DD36DA1F34
        SHA1:BD400C67FECEE82FE9BC71C0B59C2922248B6BCB
        SHA-256:71B3FF667D055B3413EFA09B3B5FF0E92883433657C8A1A67E229EA6686D0A6B
        SHA-512:4A14F6120C42F4C0DD64DE680D6A5D9AF1208827D785397B5ABB2B68E6ED0DE3F3DA0E7D72B57E65C2D1C81DC0B01808A539087960D003A133043D84877B47FC
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"f7f07eb0-46fd-455d-b189-5c1667237b21","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714110794867,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):782
        Entropy (8bit):5.383811836306872
        Encrypted:false
        SSDEEP:12:YvXKX1GwNRsdTeOqtGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWR:Yv6X1GymeOY168CgEXX5kcIfANh4
        MD5:592519C37C4055F1EF5B538CBA657894
        SHA1:A67B03671A43267DAB4507AA0F5A58E1CEE99E0B
        SHA-256:71C092AEF1C140C3CCA721B2CE2C78199C40D12FCAE44EB6AC5F06687A8C5686
        SHA-512:6EE1518BE80792A31DA576F83BA02424C883DC805C7BE9DE13487B6EF2DC2504C71076B9F605D41276A17748708B4CDC21BB15D0B938241832924DCC86EAAF34
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"f7f07eb0-46fd-455d-b189-5c1667237b21","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714110794867,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1713934499899}}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):4
        Entropy (8bit):0.8112781244591328
        Encrypted:false
        SSDEEP:3:e:e
        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
        Malicious:false
        Preview:....

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):2814
        Entropy (8bit):5.140186959063915
        Encrypted:false
        SSDEEP:24:YmxCP4ORCVT8LJqtnxjcCGaw71ayCrmkWCwmVmZPjO7j0SzfeSuC2XP2LSz5M+ir:YzyWqlqMPag2gUPHM+i45B9BaWoF
        MD5:F21160EF2C95DA42CA7A16F15A81D5E8
        SHA1:94AD9CCD3026E88D5260E955B175F7F433A675BE
        SHA-256:DEA780091954D5E3E8DD2DD0E41037721149C7F83F95FE793BE64572CE5B38B3
        SHA-512:2A4F9B3BB3DD521155D907FA369F9BEA1132C54DD39622FB601A753C01AD4677E492DBBE942E2BD5A69EA2BED6F240ABF78323EC25796B94E9E39BCA301569AE
        Malicious:false
        Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"3afcb15a1c7fbc9b529d7be267aee8a6","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713934499000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"9529c577d2a8cac123ab5f15dc69d70c","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713934499000},{"id":"Edit_InApp_Aug2020","info":{"dg":"3174b619a0a4bb058d19e7bd53832e82","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713934499000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"b4b298aa349aee44302837e2cb298e20","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713934499000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"0609fcad9581bbf945e0d4431c390f11","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713934499000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"e86d65258588c5b921181c65835df4a8","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713934499000},

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
        Category:dropped
        Size (bytes):12288
        Entropy (8bit):1.4518687738863933
        Encrypted:false
        SSDEEP:48:TGufl2GL7msCvrBd6dHtbGIbPe0K3+fDy2dsQl4:lNVmsw3SHtbDbPe0K3+fDZdk
        MD5:83ED044B40A984B399272B49EF4E816B
        SHA1:A7DE0B04D29FD075699B63A23075C98DE512DAF1
        SHA-256:894F0C9745E87204E7AFE14A7EFC6D625BD80EBEDD2610B1EDA1A23A1F361B87
        SHA-512:BF327539B24BC036D622E23791BE4D83E487BBB2FE55C77BC28FEA59D4A6B9F74FD312B6636F8B107654CBACA034C596FCD8BBFDF7592650A784F94CF3BC3138
        Malicious:false
        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):1.9576598204067077
        Encrypted:false
        SSDEEP:48:7MXrvrBd6dHtbGIbPe0K3+fDy2dsFmqFl2GL7msj:7G3SHtbDbPe0K3+fDZdFKVmsj
        MD5:C012566CBC75ABB46F857E6EF424FD4B
        SHA1:D1A44D1350E76461FB351C9739217A15D8E0D2D3
        SHA-256:F36FB1DF893767C65063D4E253D55BE6CA0216BA6648934E0271501F59A9EE95
        SHA-512:36E416C596F83698C3257BC75CA10AEC560B541A39734914327C82A4CED2806D0427F730F3009153E681CC961619BC158110D96270A6B8FCFAC522DD30533102
        Malicious:false
        Preview:.... .c.......3......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\MSI42ef6.LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
        Category:dropped
        Size (bytes):246
        Entropy (8bit):3.5197430193686525
        Encrypted:false
        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c+/8NH:Qw946cPbiOxDlbYnuRKHN
        MD5:9A47125F4E98502B411774CB07FA66D2
        SHA1:444C19B72F0E372E77CCD3667476CC53444BD172
        SHA-256:749415118CC1F40E0D6D56FA22D383133E654C8B0BB4C58FC76A70AACF46FCEE
        SHA-512:7E56C4B8F037C69F146B688C53F7298D5A38AE551193E352BE5E2B4B30B7225FBD8C590ED08800C0CDE0E70C2A888C87DAAAA8F34DCF0D512E29D668E0CCCCDB
        Malicious:false
        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.0.4./.2.0.2.4. . .0.6.:.5.5.:.0.1. .=.=.=.....

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 06-54-55-647.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393)
        Category:dropped
        Size (bytes):16525
        Entropy (8bit):5.386483451061953
        Encrypted:false
        SSDEEP:384:A2+jkjVj8jujXj+jPjghjKj0jLjmF/FRFO7t75NsXNsbNsgNssNsNNsaNsliNsTY:AXg5IqTS7Mh+oXChrYhFiQHXiz1W60ID
        MD5:F49CA270724D610D1589E217EA78D6D1
        SHA1:22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3
        SHA-256:D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D
        SHA-512:181B42465DE41E298329CBEB80181CBAB77CFD1701DBA31E61B2180B483BC35E2EFAFFA14C98F1ED0EDDE67F997EE4219C5318CE846BB0116A908FB2EAB61D29
        Malicious:false
        Preview:SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:808+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig:

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 08-25-02-815.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393)
        Category:dropped
        Size (bytes):15258
        Entropy (8bit):5.379125248966609
        Encrypted:false
        SSDEEP:384:ALhkZPWn+pjb1K3DQvj1W1hMGnkekIQnKvTVcYz/eDqxLjxLwCTDxWhe0KaQTL3H:uB
        MD5:20E6FAA1E16CF5326B8B3F5109F3B2CF
        SHA1:70ABF3212748D65B166757CCFF4AE0E5DD949228
        SHA-256:69FA369171471A88D9ED967FFBCDEE66D0268AF153E49B852CFD75BDEBA134BC
        SHA-512:AD5F7D92A01F9551B8E91A989F20038ADD5B1FA818A5855FAD548D479FA1CBEFCFA5CE86FE8D8D1119752848910CD58C1B8F5121693C2A65932B15E3335D8B75
        Malicious:false
        Preview:SessionID=a7392680-1ae0-45db-828f-f93b9aace91c.1713934495681 Timestamp=2024-04-24T06:54:55:681+0200 ThreadID=396 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=a7392680-1ae0-45db-828f-f93b9aace91c.1713934495681 Timestamp=2024-04-24T06:54:55:682+0200 ThreadID=396 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=a7392680-1ae0-45db-828f-f93b9aace91c.1713934495681 Timestamp=2024-04-24T06:54:55:682+0200 ThreadID=396 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=a7392680-1ae0-45db-828f-f93b9aace91c.1713934495681 Timestamp=2024-04-24T06:54:55:682+0200 ThreadID=396 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=a7392680-1ae0-45db-828f-f93b9aace91c.1713934495681 Timestamp=2024-04-24T06:54:55:682+0200 ThreadID=396 Component=ngl-lib_NglAppLib Description="SetConfig: NGLLi

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):1255
        Entropy (8bit):5.280267978656825
        Encrypted:false
        SSDEEP:24:P7T9rOWvZOFC7T9rOWN82O7TAV6R7TAVlt7TAVswW7TAVP8Zvn:F5vN5N84VtVoVsw3VE
        MD5:773557F1DDE57418AA9AE99D1BF7DD7E
        SHA1:9D697C019B260AD21DCEFF423B9A3946E3E2FCFF
        SHA-256:A59D8D339A7DE9D1D5D3F33970E315C03CBC7BB595FB4260DDA6A319266E685F
        SHA-512:F13834535E6AE39A4F2C1E65C4D469085EDFCC7BE09B644FFB0FF95BEB79AABC55819ED1285FF7BC7FDF69163F49B1F5387602583125D5D9A9D74B153A5F4045
        Malicious:false
        Preview:SessionID=a7392680-1ae0-45db-828f-f93b9aace91c.1713934495681 Timestamp=2024-04-24T08:25:02:996+0200 ThreadID=5944 Component=ngl-lib_ NglIngestManager Description="ProcessSpecialEventBeforeClose : Ingest - Checking & Processing for Special Events"..SessionID=a7392680-1ae0-45db-828f-f93b9aace91c.1713934495681 Timestamp=2024-04-24T08:25:02:996+0200 ThreadID=5944 Component=ngl-lib_ NglIngestManager Description="ProcessNglIngestEvents : Ingest Process - Finished"..SessionID=a7392680-1ae0-45db-828f-f93b9aace91c.1713934495681 Timestamp=2024-04-24T08:25:02:997+0200 ThreadID=6568 Component=ngl-lib_ NglIngestManager Description="CleanEventQ : Cleared Ingest Event"..SessionID=a7392680-1ae0-45db-828f-f93b9aace91c.1713934495681 Timestamp=2024-04-24T08:25:02:997+0200 ThreadID=6568 Component=ngl-lib_ NglIngestManager Description="Shutdown : Ingest manager shutdown."..SessionID=a7392680-1ae0-45db-828f-f93b9aace91c.1713934495681 Timestamp=2024-04-24T08:25:02:997+0200 ThreadID=6568 Component=ngl-lib_Ht

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):35814
        Entropy (8bit):5.411779536288356
        Encrypted:false
        SSDEEP:768:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRldy0+AyxkHBDgRh9gRP:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRp
        MD5:B23E05B71AF1675602D27B0991E389B6
        SHA1:908521E8F5BBEA676A567AC10739CE4C27155EB3
        SHA-256:2E9CCC9071628E62999C64BC26EFA0332CABFE020C64F7E36818FC28374BB45D
        SHA-512:A564317268D4258A85C096C417997B132521C6A904CE811288A9756A9800CE4DB5B3047E3D979576A7F15245D77AEDD68099232BDB66F4BEBA2AD2F1E80A227B
        Malicious:false
        Preview:05-10-2023 08:41:17:.---2---..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:41:17:.Closing File..05-10-

        C:\Users\user\AppData\Local\Temp\acrocef_low\06604954-ea1d-40a8-bbbc-96397dc29507.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
        Category:dropped
        Size (bytes):1419751
        Entropy (8bit):7.976496077007677
        Encrypted:false
        SSDEEP:24576:/rwYIGNP4mOWL07oBGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:TwZG6bWLxBGZN3mlind9i4ufFXpAXkru
        MD5:95F182500FC92778102336D2D5AADCC8
        SHA1:BEC510B6B3D595833AF46B04C5843B95D2A0A6C9
        SHA-256:9F9C041D7EE1DA404E53022D475B9E6D5924A17C08D5FDEC58C0A1DCDCC4D4C9
        SHA-512:D7C022459486D124CC6CDACEAD8D46E16EDC472F4780A27C29D98B35AD01A9BA95F62155433264CC12C32BFF384C7ECAFCE0AC45853326CBC622AE65EE0D90BA
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

        C:\Users\user\AppData\Local\Temp\acrocef_low\ca55f51e-3a64-4673-8c94-eb07ec37a0fe.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
        Category:dropped
        Size (bytes):386528
        Entropy (8bit):7.9736851559892425
        Encrypted:false
        SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
        MD5:5C48B0AD2FEF800949466AE872E1F1E2
        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
        Malicious:false
        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

        C:\Users\user\AppData\Local\Temp\acrocef_low\cfd082d5-af35-4c81-adcc-15cf6dc2c672.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
        Category:dropped
        Size (bytes):758601
        Entropy (8bit):7.98639316555857
        Encrypted:false
        SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
        MD5:3A49135134665364308390AC398006F1
        SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
        SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
        SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
        Malicious:false
        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

        C:\Users\user\AppData\Local\Temp\acrocef_low\d05c265e-8647-499e-ad80-f86190860e74.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
        Category:dropped
        Size (bytes):1407294
        Entropy (8bit):7.97605879016224
        Encrypted:false
        SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
        MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
        SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
        SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
        SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

        Static File Info

        General

        File type:PDF document, version 1.4, 1 pages
        Entropy (8bit):6.9326527670892695
        TrID:
        • Adobe Portable Document Format (5005/1) 100.00%
        File name:64800000797_IMO SYMBOLS.pdf
        File size:54'330 bytes
        MD5:2289f869ef41ed8a006e2833dfe50006
        SHA1:4d28aac128e97d27d7a4160a836f4a3700f1d4d5
        SHA256:0eda3c0fd6b9a7d00b65d3f7610156fa55cdffae450b4873a8ca8df17f1ee5a8
        SHA512:a9d46c6bda75b3402385296b60cb0e9d7bd3d528c086c8352a5b3cffb34e9dd00b201429a6b934b16911e2791f9f174bbcb37045eab4eb8d857566b396cd19cc
        SSDEEP:768:rtEGXKYL3H5dRQasXFRgB1leACqXJu+sNwQg/7FJ3gw6q1W7zkcSoc88NltHwdXt:rJKYbZdRUXFRTDM0wzJP1W7zkXoyX2Dn
        TLSH:74335B5C9195E488E5A7CBF5D7469CE9A65D730355C8C8B232AE4ED20B03E9CFA0EC42
        File Content Preview:%PDF-1.4.%.....4 0 obj.<</ColorSpace[/Indexed/DeviceRGB 255(.............................................................................................................................3..f..........3..33.3f.3..3..3..f..f3.ff.f..f..f......3..f............

        File Icon

        Icon Hash:62cc8caeb29e8ae0

        Static PDF Info

        General

        Header:%PDF-1.4
        Total Entropy:6.932653
        Total Bytes:54330
        Stream Entropy:7.482685
        Stream Bytes:34119
        Entropy outside Streams:4.662332
        Bytes outside Streams:20211
        Number of EOF found:3
        Bytes after EOF:

        Keywords Statistics

        NameCount
        obj30
        endobj30
        stream9
        endstream9
        xref3
        trailer3
        startxref3
        /Page3
        /Encrypt0
        /ObjStm0
        /URI0
        /JS0
        /JavaScript0
        /AA0
        /OpenAction0
        /AcroForm0
        /JBIG2Decode0
        /RichMedia0
        /Launch0
        /EmbeddedFile0

        Network Behavior

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        Apr 24, 2024 06:55:05.814964056 CEST49710443192.168.2.723.200.60.110
        Apr 24, 2024 06:55:05.815022945 CEST4434971023.200.60.110192.168.2.7
        Apr 24, 2024 06:55:05.815087080 CEST49710443192.168.2.723.200.60.110
        Apr 24, 2024 06:55:05.815315962 CEST49710443192.168.2.723.200.60.110
        Apr 24, 2024 06:55:05.815340042 CEST4434971023.200.60.110192.168.2.7
        Apr 24, 2024 06:55:06.328977108 CEST4434971023.200.60.110192.168.2.7
        Apr 24, 2024 06:55:06.329303980 CEST49710443192.168.2.723.200.60.110
        Apr 24, 2024 06:55:06.329338074 CEST4434971023.200.60.110192.168.2.7
        Apr 24, 2024 06:55:06.332946062 CEST4434971023.200.60.110192.168.2.7
        Apr 24, 2024 06:55:06.333014011 CEST49710443192.168.2.723.200.60.110
        Apr 24, 2024 06:55:06.335077047 CEST49710443192.168.2.723.200.60.110
        Apr 24, 2024 06:55:06.335273027 CEST49710443192.168.2.723.200.60.110
        Apr 24, 2024 06:55:06.335275888 CEST4434971023.200.60.110192.168.2.7
        Apr 24, 2024 06:55:06.376671076 CEST49710443192.168.2.723.200.60.110
        Apr 24, 2024 06:55:06.376686096 CEST4434971023.200.60.110192.168.2.7
        Apr 24, 2024 06:55:06.429045916 CEST49710443192.168.2.723.200.60.110
        Apr 24, 2024 06:55:06.505547047 CEST4434971023.200.60.110192.168.2.7
        Apr 24, 2024 06:55:06.505740881 CEST4434971023.200.60.110192.168.2.7
        Apr 24, 2024 06:55:06.505880117 CEST49710443192.168.2.723.200.60.110
        Apr 24, 2024 06:55:06.517151117 CEST49710443192.168.2.723.200.60.110
        Apr 24, 2024 06:55:06.517180920 CEST4434971023.200.60.110192.168.2.7

        HTTP Request Dependency Graph

        • armmf.adobe.com

        HTTPS Proxied Packets

        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        0192.168.2.74971023.200.60.1104431004C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        TimestampBytes transferredDirectionData
        2024-04-24 04:55:06 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
        Host: armmf.adobe.com
        Connection: keep-alive
        Accept-Language: en-US,en;q=0.9
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
        Sec-Fetch-Site: same-origin
        Sec-Fetch-Mode: no-cors
        Sec-Fetch-Dest: empty
        Accept-Encoding: gzip, deflate, br
        If-None-Match: "78-5faa31cce96da"
        If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
        2024-04-24 04:55:06 UTC198INHTTP/1.1 304 Not Modified
        Content-Type: text/plain; charset=UTF-8
        Last-Modified: Mon, 01 May 2023 15:02:33 GMT
        ETag: "78-5faa31cce96da"
        Date: Wed, 24 Apr 2024 04:55:06 GMT
        Connection: close


        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        High Level Behavior Distribution

        Click to dive into process behavior distribution

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:06:54:52
        Start date:24/04/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\64800000797_IMO SYMBOLS.pdf"
        Imagebase:0x7ff702560000
        File size:5'641'176 bytes
        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:moderate
        Has exited:true

        General

        Target ID:2
        Start time:06:54:53
        Start date:24/04/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
        Imagebase:0x7ff6c3ff0000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:moderate
        Has exited:true

        General

        Target ID:4
        Start time:06:54:53
        Start date:24/04/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2144 --field-trial-handle=1640,i,2043785905118560439,8266881311133419412,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        Imagebase:0x7ff6c3ff0000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:moderate
        Has exited:true

        Disassembly

        No disassembly