Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
121351.pdf

Overview

General Information

Sample name:121351.pdf
Analysis ID:1431493
MD5:37de073e62c300444004213c88ecf89b
SHA1:86b5ac12c1f42c7eba2455591318c7b86a6f0cb1
SHA256:f6045d8109c061c20b187702fe774e1733f68fefc75c5c96a1bead1dbc51818b
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 3872 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\121351.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7116 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 2556 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1576,i,15305235246586624923,5573412500544858462,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.5:49714
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.5:49714
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.5:49714
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.5:49714
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.5:49714
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.5:49714
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.5:49714
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.5:49714
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.5:49714
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.5:49714
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 184.25.164.138:443
Source: Joe Sandbox ViewIP Address: 184.25.164.138 184.25.164.138
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: classification engineClassification label: clean2.winPDF@14/41@0/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4268Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 10-21-56-318.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\121351.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1576,i,15305235246586624923,5573412500544858462,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1576,i,15305235246586624923,5573412500544858462,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 121351.pdfInitial sample: PDF keyword /JS count = 0
Source: 121351.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: 121351.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive12
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1431493 Sample: 121351.pdf Startdate: 25/04/2024 Architecture: WINDOWS Score: 2 6 Acrobat.exe 18 63 2->6         started        process3 8 AcroCEF.exe 104 6->8         started        process4 10 AcroCEF.exe 2 8->10         started        dnsIp5 13 184.25.164.138, 443, 49714 BBIL-APBHARTIAirtelLtdIN United States 10->13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
184.25.164.138
unknownUnited States
9498BBIL-APBHARTIAirtelLtdINfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1431493
Start date and time:2024-04-25 10:21:08 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 5s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:9
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:121351.pdf
Detection:CLEAN
Classification:clean2.winPDF@14/41@0/1
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 23.55.252.138, 34.193.227.236, 18.207.85.246, 54.144.73.197, 107.22.247.231, 162.159.61.3, 172.64.41.3, 23.34.82.7, 23.34.82.6
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
184.25.164.138ppop_verification_request.zipGet hashmaliciousUnknownBrowse
    Proposal Invitation_ Proposal is Due by the EOB May 15.emlGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
      file.pdf.download.lnkGet hashmaliciousUnknownBrowse
        Factura_SA161.pdf.lnkGet hashmaliciousRHADAMANTHYSBrowse
          Re_ Medina County Kitchen.emlGet hashmaliciousUnknownBrowse
            oiDDogdK9A.exeGet hashmaliciousLokibot, PureLog Stealer, zgRATBrowse
              New_Order.xlsGet hashmaliciousUnknownBrowse
                https://enfoldindia.org/wp-content/uploads/2019/06/Restorative-Circle-Handbook-for-CCI.pdfGet hashmaliciousUnknownBrowse
                  TaxForm.lnkGet hashmaliciousDarkGate, MailPassViewBrowse
                    https://ntnusa0-my.sharepoint.com/:f:/g/personal/ajaronik_ntnusa_com/EjzRads0Sf5Ivon47-zBKVABS1TZOI64W6Uv34YFqNQjmQ?e=NuZrjrGet hashmaliciousHTMLPhisher, ReCaptcha PhishBrowse

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      BBIL-APBHARTIAirtelLtdINBitTorrent-7.6.exeGet hashmaliciousUnknownBrowse
                      • 122.185.41.86
                      ppop_verification_request.zipGet hashmaliciousUnknownBrowse
                      • 184.25.164.138
                      https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:24e81d17-b801-4fad-ae25-120d655923c5Get hashmaliciousRemcosBrowse
                      • 23.209.188.17
                      Proposal Invitation_ Proposal is Due by the EOB May 15.emlGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                      • 184.25.164.138
                      file.pdf.download.lnkGet hashmaliciousUnknownBrowse
                      • 184.25.164.138
                      Factura_SA161.pdf.lnkGet hashmaliciousRHADAMANTHYSBrowse
                      • 184.25.164.138
                      Ud310iQZnO.elfGet hashmaliciousMiraiBrowse
                      • 182.74.25.30
                      tWpGuzQQoW.elfGet hashmaliciousMiraiBrowse
                      • 122.185.203.209
                      kGbjOmkleq.elfGet hashmaliciousMiraiBrowse
                      • 125.23.195.204
                      iH18gdEj8Y.elfGet hashmaliciousMiraiBrowse
                      • 125.19.93.33

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):291
                      Entropy (8bit):5.177074031402224
                      Encrypted:false
                      SSDEEP:6:B+q2P92nKuAl9OmbnIFUt8SXZmw+S3VkwO92nKuAl9OmbjLJ:Mv4HAahFUt8SX/+SF5LHAaSJ
                      MD5:685D87AAF460B4EF7332D141C441EC3C
                      SHA1:15DDB15169C9EE06E6B20DFB707B3A2128685615
                      SHA-256:C350C155D0C73CE7776C60715A3BC9F6BBB8E1E314E7F566A5398E77B9999136
                      SHA-512:87CDEE68E544D51148E599C093CA5AA9BD9AD9CABB469EDF712F5BD74F71A3E22D2A13A5258D6DE579A3889077425A9883A59CE816A742F0E3AA323AEDB3F287
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/25-10:21:54.091 e28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/25-10:21:54.093 e28 Recovering log #3.2024/04/25-10:21:54.093 e28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):291
                      Entropy (8bit):5.177074031402224
                      Encrypted:false
                      SSDEEP:6:B+q2P92nKuAl9OmbnIFUt8SXZmw+S3VkwO92nKuAl9OmbjLJ:Mv4HAahFUt8SX/+SF5LHAaSJ
                      MD5:685D87AAF460B4EF7332D141C441EC3C
                      SHA1:15DDB15169C9EE06E6B20DFB707B3A2128685615
                      SHA-256:C350C155D0C73CE7776C60715A3BC9F6BBB8E1E314E7F566A5398E77B9999136
                      SHA-512:87CDEE68E544D51148E599C093CA5AA9BD9AD9CABB469EDF712F5BD74F71A3E22D2A13A5258D6DE579A3889077425A9883A59CE816A742F0E3AA323AEDB3F287
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/25-10:21:54.091 e28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/25-10:21:54.093 e28 Recovering log #3.2024/04/25-10:21:54.093 e28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):338
                      Entropy (8bit):5.164011381730232
                      Encrypted:false
                      SSDEEP:6:XiL+q2P92nKuAl9Ombzo2jMGIFUt8311Zmw+3jLVkwO92nKuAl9Ombzo2jMmLJ:Syv4HAa8uFUt8H/+zR5LHAa8RJ
                      MD5:6C2CBC3C2E526D699507BEC53AA2EE40
                      SHA1:4803A69BA8E5B831553F45BA3CAB033CCBA65960
                      SHA-256:B1EF8196D40500A6EA6EB4E20E7CB21E7F2E64FB1EF187028B61B7AE0C174C83
                      SHA-512:84E51319037046B450DEF1E6032EF1AE52A7B75501EEBEED62C2A8468FF6D57517607419A9D58D0D09BC753759AEC75356861518E9E984624A4F406B805676DE
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/25-10:21:54.225 1c38 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/25-10:21:54.227 1c38 Recovering log #3.2024/04/25-10:21:54.227 1c38 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):338
                      Entropy (8bit):5.164011381730232
                      Encrypted:false
                      SSDEEP:6:XiL+q2P92nKuAl9Ombzo2jMGIFUt8311Zmw+3jLVkwO92nKuAl9Ombzo2jMmLJ:Syv4HAa8uFUt8H/+zR5LHAa8RJ
                      MD5:6C2CBC3C2E526D699507BEC53AA2EE40
                      SHA1:4803A69BA8E5B831553F45BA3CAB033CCBA65960
                      SHA-256:B1EF8196D40500A6EA6EB4E20E7CB21E7F2E64FB1EF187028B61B7AE0C174C83
                      SHA-512:84E51319037046B450DEF1E6032EF1AE52A7B75501EEBEED62C2A8468FF6D57517607419A9D58D0D09BC753759AEC75356861518E9E984624A4F406B805676DE
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/25-10:21:54.225 1c38 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/25-10:21:54.227 1c38 Recovering log #3.2024/04/25-10:21:54.227 1c38 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\03e9b3a1-e39d-4708-b0ad-84a026ae5b5c.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:modified
                      Size (bytes):508
                      Entropy (8bit):5.055018257017307
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqZeVtsBdOg2H0caq3QYiubxnP7E4T3OF+:Y2sRds38dMHn3QYhbxP7nbI+
                      MD5:3A44BAC05DFBE1FD4D03EEFDBCA3992F
                      SHA1:073AB05527BB5104E2D5AB7A7BBB6915DA3D9DCE
                      SHA-256:9507F966EDF97EA72C30F32B293F2779914B5D9FAA4E87F480E692B48331CB22
                      SHA-512:3544ACDB5658C1588378354A1B526322522F7BD81B1CF024A15C35B09194E832905B517A66D98E160A60DC67E0382FCE91F28E713F11AEBE80E77C76645D8683
                      Malicious:false
                      Reputation:low
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358593325930647","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":111492},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):508
                      Entropy (8bit):5.055018257017307
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqZeVtsBdOg2H0caq3QYiubxnP7E4T3OF+:Y2sRds38dMHn3QYhbxP7nbI+
                      MD5:3A44BAC05DFBE1FD4D03EEFDBCA3992F
                      SHA1:073AB05527BB5104E2D5AB7A7BBB6915DA3D9DCE
                      SHA-256:9507F966EDF97EA72C30F32B293F2779914B5D9FAA4E87F480E692B48331CB22
                      SHA-512:3544ACDB5658C1588378354A1B526322522F7BD81B1CF024A15C35B09194E832905B517A66D98E160A60DC67E0382FCE91F28E713F11AEBE80E77C76645D8683
                      Malicious:false
                      Reputation:low
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358593325930647","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":111492},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4509
                      Entropy (8bit):5.237197370094994
                      Encrypted:false
                      SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUg6/f2mZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLu
                      MD5:B848D9363088B8166ACA5DA8A4FCDF7B
                      SHA1:C3B857A267C28ED98C77A59DD564C68163AF9339
                      SHA-256:2127F97AE197DD93C91D64F624C65E3AFABBB4943D2F1D01502C268FB8EC4C86
                      SHA-512:F394CF847BC49BCDD4F4B8357F614D13218C623F06720394042CBA28D581758C67835B85DB5965C8239C9B282E5B50A6C162FCF71E7D4ACF1EFB7AC6F2062DBD
                      Malicious:false
                      Reputation:low
                      Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):326
                      Entropy (8bit):5.172179912510298
                      Encrypted:false
                      SSDEEP:6:UwlL+q2P92nKuAl9OmbzNMxIFUt8sUGa11Zmw+VFLVkwO92nKuAl9OmbzNMFLJ:Fyv4HAa8jFUt8MaX/+zR5LHAa84J
                      MD5:15D6017A52773D6C78F8CAB7CE6096D0
                      SHA1:2BF45634D9AEC8249708D8910D0B10D1FAE3472B
                      SHA-256:B349B8DAFEBA23ABC9934E797C75C782FEE586D2C93EC5D7D9A9131F3C358677
                      SHA-512:5637355FC5619831E047A286B25B58B13D73CC7C2B3947E36B2813C513B09DFFDD2C86441759287B5586D8357144AD738C237CBD1D1F65D95E8BBF4D25609787
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/25-10:21:54.448 1c38 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/25-10:21:54.449 1c38 Recovering log #3.2024/04/25-10:21:54.450 1c38 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):326
                      Entropy (8bit):5.172179912510298
                      Encrypted:false
                      SSDEEP:6:UwlL+q2P92nKuAl9OmbzNMxIFUt8sUGa11Zmw+VFLVkwO92nKuAl9OmbzNMFLJ:Fyv4HAa8jFUt8MaX/+zR5LHAa84J
                      MD5:15D6017A52773D6C78F8CAB7CE6096D0
                      SHA1:2BF45634D9AEC8249708D8910D0B10D1FAE3472B
                      SHA-256:B349B8DAFEBA23ABC9934E797C75C782FEE586D2C93EC5D7D9A9131F3C358677
                      SHA-512:5637355FC5619831E047A286B25B58B13D73CC7C2B3947E36B2813C513B09DFFDD2C86441759287B5586D8357144AD738C237CBD1D1F65D95E8BBF4D25609787
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/25-10:21:54.448 1c38 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/25-10:21:54.449 1c38 Recovering log #3.2024/04/25-10:21:54.450 1c38 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240425082158Z-162.bmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                      Category:dropped
                      Size (bytes):65110
                      Entropy (8bit):3.2921985584380726
                      Encrypted:false
                      SSDEEP:768:VzvWD+3XxZwKpJmo2xJ+vl4g1YjnwWkubtKK9K98Y7:VzvWD+nAimo2WfnWkubtKK+8s
                      MD5:38BE09E448F68B24B9ECB59FAEBD9C47
                      SHA1:A868845755B2BDAC4C580EEEECADB079AAB6E8AC
                      SHA-256:3A068F4ABEC3123B1360D16D7187A46D46F281704E000449FBC7892AFA61ED19
                      SHA-512:87545FD8890D46E91A3524AAE4D4D01657A1C7C6EF87F801FDE0B8B31F5FD08299C0C2761DEFCE1574EFF29BACF011923A9C576AC177F961FB9E16D40677467B
                      Malicious:false
                      Reputation:low
                      Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4268

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):185099
                      Entropy (8bit):5.182478651346149
                      Encrypted:false
                      SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                      MD5:94185C5850C26B3C6FC24ABC385CDA58
                      SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                      SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                      SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                      Malicious:false
                      Reputation:moderate, very likely benign file
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):185099
                      Entropy (8bit):5.182478651346149
                      Encrypted:false
                      SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                      MD5:94185C5850C26B3C6FC24ABC385CDA58
                      SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                      SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                      SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                      Malicious:false
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):227002
                      Entropy (8bit):3.392780893644728
                      Encrypted:false
                      SSDEEP:1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
                      MD5:87EDBEE38F56C20298F25D5D3D4D1B5C
                      SHA1:7F904E9615AC3186A87472EF366DD8202855B0B7
                      SHA-256:A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
                      SHA-512:BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
                      Malicious:false
                      Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):295
                      Entropy (8bit):5.339586073884455
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJM3g98kUwPeUkwRe9:YvXKX2Ne5YpW7dZGMbLUkee9
                      MD5:262052EA1A928ACF7F7F38180F6EC799
                      SHA1:550AE4963A2325656346DC9CD7C374D210BA19F2
                      SHA-256:7351EBEF5B8DC48ADD076097B76E6624FF71D5D70E154E10A61BA2EB559C80C1
                      SHA-512:610369CCE67B46F17F995D9A548A9BF69CDD7BD8F7AD1A99510196DDB5E40CF0F25F45D1A351EB5E7782992C45B7E7651299330C9FA130632D4194A08B634BA2
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"dacd789b-69ce-498e-aebf-e66c23f685f8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714212074256,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.273629659300684
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJfBoTfXpnrPeUkwRe9:YvXKX2Ne5YpW7dZGWTfXcUkee9
                      MD5:A85121EBDE5881736AD6E856C465B61F
                      SHA1:34964469987C6CE3DBFC6BFFE8904096761FACE0
                      SHA-256:9ECE9F4162AB5CF747135FC6F9532838536BDDCE30CA4A26B90F698B4685EBA2
                      SHA-512:29525E5CED328BEF93F827B1EBEF60831103C73CD0A30B3846D015E17C04AA850338C21F76DC145BC8472EC6FC5DA9C68DFE5B792DBC8F91DFA1FB2A3255D9A7
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"dacd789b-69ce-498e-aebf-e66c23f685f8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714212074256,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.252299721724908
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJfBD2G6UpnrPeUkwRe9:YvXKX2Ne5YpW7dZGR22cUkee9
                      MD5:D21B43F96EFB0360E67D3816FF821669
                      SHA1:FB3BE6AE17A1587BC7481FEC06DB15A77F8AAD5E
                      SHA-256:3EA700772468461F152FB5B9C846B6935CE51044C912E6DACDE40E93E1402542
                      SHA-512:3A303C4CC8E57253C4C588850920A0F371C1AC31FF7E8F4CB7F796E91C8B1C35098B0F1E65AF979DBDE98DD78F73D2CEDC297CE7D1137923494C422223451BF4
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"dacd789b-69ce-498e-aebf-e66c23f685f8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714212074256,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):285
                      Entropy (8bit):5.317644659874085
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJfPmwrPeUkwRe9:YvXKX2Ne5YpW7dZGH56Ukee9
                      MD5:7D7111179A4BD577A67CE680F0C5157F
                      SHA1:11E62866E65DAD2B97178B7B1AAEAB632F6616EB
                      SHA-256:43945D92044992B27EA0C218B4838A340BE9DAF5437F96679821089B8E342D79
                      SHA-512:6CD283DEAE87EC1A61D82DD411EF195F841C83DE2792544A87332768DF0C439042B8590463C4F1EEBF9975A5C9A25BA334DC3C73AAAABCD19F8394D735D3AB4E
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"dacd789b-69ce-498e-aebf-e66c23f685f8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714212074256,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.2737752935301305
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJfJWCtMdPeUkwRe9:YvXKX2Ne5YpW7dZGBS8Ukee9
                      MD5:D8E7FB08B0C3F6CE499C07D489B48052
                      SHA1:D89860E7DDF3A801500AC7C1A762A8E712EE6978
                      SHA-256:CF110A823B3DC79095BB8D28AFB6AC28D525933B3E2FF3A2CAD1671D2D1B6EB2
                      SHA-512:1C5023852DC5196FE96EA5AC1461EE20F9EAA626934C823067D60E3A0C451A3510224ABFB6F30C5175C8DCCC777A7A96EE8DE3F3EE801CFCA10E7F48B2C2FF14
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"dacd789b-69ce-498e-aebf-e66c23f685f8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714212074256,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.259695249642059
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJf8dPeUkwRe9:YvXKX2Ne5YpW7dZGU8Ukee9
                      MD5:5198ABBE6AAC08F26189CEC34CABFF00
                      SHA1:358D5C2D51B14E927C1087C13D902867CF4EF8FA
                      SHA-256:B2089AEFC8AD4D72F0F14031F72CF368B984E2DE5C2BFF6C8F3636661E9CEB58
                      SHA-512:66F8911CFFAC01BCDA423B4539CE04C6ADC9CAC8241B365BAEDC491B72C61089EE4B05CE8630D6BC16E7B5008A1B5BC03E66443C1B3A435793E930857E068D53
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"dacd789b-69ce-498e-aebf-e66c23f685f8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714212074256,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.260547953284158
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJfQ1rPeUkwRe9:YvXKX2Ne5YpW7dZGY16Ukee9
                      MD5:27409E3761C48807D8203203E907C2B4
                      SHA1:70E8728790B4F708CEB74C112179FBF5B0F24010
                      SHA-256:D80CF6CABED96488B3B5F059E45E28B02DDCD0A0025F9D4B4F21FC1B19F69D73
                      SHA-512:4A24259824CF4343D0D3A1FA56B33F28CD6F2C7F97D7B09444E2446FB6924756E0238D4C382D93B5738BFD5486A7534E6EBF5EA581226A923D2C9D8288D8E760
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"dacd789b-69ce-498e-aebf-e66c23f685f8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714212074256,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.280666756399159
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJfFldPeUkwRe9:YvXKX2Ne5YpW7dZGz8Ukee9
                      MD5:FAD2D52192AE221FF9C22AA582F9936B
                      SHA1:0FB37D24C241AAC125837510700D6ED03D6656B8
                      SHA-256:87AF046D9E34F0520258F35BA42376905B8423D6409CEB65CE30066320119468
                      SHA-512:9B669F3DD892FF768DDCFFBAF38ED74BC4D65045F8BB3F8961AE41C7DD2E6F2D59BF078B2C1055F623761BC06EE0B99EE72B33B861BDB29B48CF35E6F00271D8
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"dacd789b-69ce-498e-aebf-e66c23f685f8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714212074256,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1372
                      Entropy (8bit):5.7366155455802
                      Encrypted:false
                      SSDEEP:24:Yv6X2Ne6iTKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJN+A:Yv7NETEgigrNt0wSJn+ns8cvFJsA
                      MD5:FD289B0EC9C6E6AB35E88402855076D6
                      SHA1:09F79786F8FB5327971E34AAB2EDF0517BA6432F
                      SHA-256:2DA29F838748DFFCD2A66B880DD86E30BF8A1EC3AB60AFEF3FD02F77221F4152
                      SHA-512:D297F95AD556ABCFEF6EE9D4A9F974157E86C6A2CB0580BC0028774C42EED1B340035F119E042A2CDE808C48E22B1BE11E376A8A7C1BC357AF69ACA276D604E7
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"dacd789b-69ce-498e-aebf-e66c23f685f8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714212074256,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.2675815334240035
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJfYdPeUkwRe9:YvXKX2Ne5YpW7dZGg8Ukee9
                      MD5:CE121C375A01F5C6AD60AD398486B52B
                      SHA1:4435DB731CE56CF09C652B96C5E05334B8DEAE53
                      SHA-256:CF18527DED82AADCBF7307BB55D03089940AAF835FF1D05701149D93E1189C6B
                      SHA-512:7628F345FDCB1DB9C848EC728BE6BFDBFBC5014E8BC116E7A36CE71F6EF11F7862B057DC20AF58801F85AC96C8A0EC5F7CC0E471014E8C256C68C9F83ABDABF6
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"dacd789b-69ce-498e-aebf-e66c23f685f8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714212074256,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1395
                      Entropy (8bit):5.773698007903073
                      Encrypted:false
                      SSDEEP:24:Yv6X2Ne6iurLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNGA:Yv7NEuHgDv3W2aYQfgB5OUupHrQ9FJgA
                      MD5:B87A8CCD7AA2C9E2C932892F76F1A9E4
                      SHA1:05B2338329F431C5FAFA20C2EEB4D26651098A47
                      SHA-256:6640D5E2F3D54DA85AF18118CC009E9AC420474F79AD46AFF8B2816BBC474198
                      SHA-512:F8D9E22EC70BD66540805B01E6E901BAE165DF2DDD3D9DE22A5B2F1B52387181A005E8C8B7F0FD182C27FA8B5CE09908228D9464138C5A8C7B802A7772311E40
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"dacd789b-69ce-498e-aebf-e66c23f685f8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714212074256,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):291
                      Entropy (8bit):5.251351438428286
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJfbPtdPeUkwRe9:YvXKX2Ne5YpW7dZGDV8Ukee9
                      MD5:48FDFC60839F840F6AC75FAE2E4C3CB3
                      SHA1:6FC382A44FDB5914083C93B94BCEA054FC7FCF0E
                      SHA-256:2BEB74B4084B972A49769E93E13967A0DA7F4AED16978B21B2FFF561E0DD9884
                      SHA-512:1659A4D8D1D104B8FCDA78BDB60A9017BB66F3BAA0C394FAAB7DB74872FE55FDEF0304337DA90BCE32A839C73307534C0D1FEF80C5DC547C0949D62044C760B5
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"dacd789b-69ce-498e-aebf-e66c23f685f8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714212074256,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):287
                      Entropy (8bit):5.252575937722157
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJf21rPeUkwRe9:YvXKX2Ne5YpW7dZG+16Ukee9
                      MD5:984F90AD15C555A48DFAD860D56046C4
                      SHA1:DED2C0D51A64DA7C8129540957EDF718D223B0EE
                      SHA-256:2A4F039AEF61FC61E77DA76EC6FA725753DD293F9BBA7E788733D85296FDB8C2
                      SHA-512:C265C51CC0AC98E87F41E610BD98997830DF4D593F92C5BF2DF885123561108AAB3717A210203F50738A576653A64882C393DE22653B6738C09DABE773A3808A
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"dacd789b-69ce-498e-aebf-e66c23f685f8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714212074256,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.274956999267318
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJfbpatdPeUkwRe9:YvXKX2Ne5YpW7dZGVat8Ukee9
                      MD5:0577A309E696452B829F583E60FE3DD3
                      SHA1:52BEE9458C84D181A299997FD260EB40E355B048
                      SHA-256:B5C0DF4DF3D2E3F966D938F732EA1EEBBF7BD9920F4C6552DA948BF35B96684C
                      SHA-512:2A28BCEA639C6E1900DAA45BF3A663F17499206298229C7B79D371E353C1F2BE1ED0525535CD12CE4A62426BA9DD8405D1104457976A5A8864DFFAAEF8497788
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"dacd789b-69ce-498e-aebf-e66c23f685f8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714212074256,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):286
                      Entropy (8bit):5.227623020589298
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX2QgeY+FIbRI6XVW7+0Y/uJ2xoAvJfshHHrPeUkwRe9:YvXKX2Ne5YpW7dZGUUUkee9
                      MD5:3520911221DDD79200B68D06E34D73AB
                      SHA1:54CB470EAC9FFADD489D42C235E97B5AAA744C05
                      SHA-256:AD1C9A9E51A6DAB264812586642F531060866244D983F275F6D22B2D4900B355
                      SHA-512:B44799E77DF319CAD9FC4AF7FE7F0D8C49CB28611A6BE2D795A8268C36073D352662417F4E54A28BC59931BC9F5CE46268B53D319AF1E3FAB29F3C1B0C41F134
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"dacd789b-69ce-498e-aebf-e66c23f685f8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714212074256,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):782
                      Entropy (8bit):5.361282949638159
                      Encrypted:false
                      SSDEEP:12:YvXKX2Ne5YpW7dZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWYRA:Yv6X2Ne6ir168CgEXX5kcIfANhjA
                      MD5:ADE8F1274A8382ECC376BFD14D5E43B5
                      SHA1:33D922FBF8A561AE844E5EF6F04642E469BF71B9
                      SHA-256:BB6CA19ABF88ECADE6393B1BF6B3EE3531A14F3B8C6AF60BB4FEF5D6327F5916
                      SHA-512:36B75563C0C063F402CD6C9A0EE9D5B03CB3DAB980B10799EA036F7D0EC901B4B5AFB0E3B1B2DE1B8E14C1921547C212B2B015FB92682965CD3FBCF64FC42037
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"dacd789b-69ce-498e-aebf-e66c23f685f8","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714212074256,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1714033319286}}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4
                      Entropy (8bit):0.8112781244591328
                      Encrypted:false
                      SSDEEP:3:e:e
                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                      Malicious:false
                      Preview:....

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2814
                      Entropy (8bit):5.133709429319345
                      Encrypted:false
                      SSDEEP:48:Yu6Nhquk9r5409Wk6UcNNBL5/pCse8VoNpWAW9uDzc:t6jPk9u09Wk6UcN3L5/pCsJ+NpWPuDzc
                      MD5:77980200F84743232961DF4BCFA9ABEE
                      SHA1:89ED3E4AF55540E248AE44BDB1D2D68E550FA894
                      SHA-256:A116B0BAA70637BA9C6971C9CAC9C20B32057041E5FE89430E4934B541855832
                      SHA-512:581824BCC0A422D4648DA90C55B1B65B450A04D8CE0B3380AF06280AEAE43FB334335CF537F3B9285F9ED32C04AE3BD531DB88C3DC78D3B5944EE3909AF61429
                      Malicious:false
                      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"d91f751700665d0b47c7625d0e05259c","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1714033318000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"5371decef3b2b9bcb0a3768ea5c1478f","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1714033318000},{"id":"Edit_InApp_Aug2020","info":{"dg":"f38c26064f1a3a36f3bae0b7d88d1590","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1714033318000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"2b434cd45a3e4f3a990fb9e5b8c42aaf","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1714033318000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"52dd68f28fa40a82b2107a5a993105b7","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1714033318000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"88cf10266d7c9ac230ebf2b90c09148c","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1714033318000},

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                      Category:dropped
                      Size (bytes):12288
                      Entropy (8bit):0.9855979887652101
                      Encrypted:false
                      SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpAlkt4zJwtNBwtNbRZ6bRZ4DlktF:TVl2GL7ms6ggOVpGnzutYtp6P4Q
                      MD5:8BD2D491513F6A71D21E371E44FD4228
                      SHA1:D22504252AC18F7B2AD95A01B12F87524ABE4D5D
                      SHA-256:9BD47D8AEE982342AD82F34E1D70AA9A76DD2816BC07E199B7EC04F9D88EABD9
                      SHA-512:3FEC07701D1CF009327EBD3532642F39C324CAAC75EA1F0787F400C6AC040F07F3761C5C2CDEAB62EB257B6C28FF1B35445F83517EADD6199743963DC5EC125E
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):1.3390892751833003
                      Encrypted:false
                      SSDEEP:24:7+tVAD1RZKHs/Ds/SpAlktPzJwtNBwtNbRZ6bRZWf1RZKrqLBx/XYKQvGJF7ursa:7MVGgOVpGAzutYtp6PMmqll2GL7msa
                      MD5:35B9FEC82499137D591ADA5F98ACA12F
                      SHA1:2587E55C377C2352656E5501F0D3E00A4DC48B94
                      SHA-256:2F4DF84C1196DCD3EA0A745584DE12DF7B9B8A741251A38696142AC26FC9A4E7
                      SHA-512:B5AA50E9EACEF2893760E7CCC8615CF83EC2EF1EDD55B9DBAF5E842EA96DE2528CF5B20E4233967A26FDE8153A30C183F5214DAA91526C28E0A9EEBA5DB84FC0
                      Malicious:false
                      Preview:.... .c.....,.~^......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\MSIba27.LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):246
                      Entropy (8bit):3.4953527754662135
                      Encrypted:false
                      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8+adNulNH:Qw946cPbiOxDlbYnuRKr
                      MD5:9A97D88503386BDCA68CA26A29BBBFE6
                      SHA1:DC427DC6A6353501F961922B08668701F6228CE1
                      SHA-256:05DA8700C7CBF6FB2031BEFF40A607C61D2C90D6BE0BCA6A0B6C46A118CA0A89
                      SHA-512:EEE959ED3D6C38FF62D7CA75C5221A7D6C972B106AD6AC1BEAE0146CBA6F785BE6915DA1F10D1A80E5CFBB2ECECB78C7E67F9203886578A20EADD4C458920012
                      Malicious:false
                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.5./.0.4./.2.0.2.4. . .1.0.:.2.2.:.0.1. .=.=.=.....

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 10-21-56-318.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393)
                      Category:dropped
                      Size (bytes):16525
                      Entropy (8bit):5.376360055978702
                      Encrypted:false
                      SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
                      MD5:1336667A75083BF81E2632FABAA88B67
                      SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
                      SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
                      SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
                      Malicious:false
                      Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393), with CRLF line terminators
                      Category:dropped
                      Size (bytes):16603
                      Entropy (8bit):5.379009836036224
                      Encrypted:false
                      SSDEEP:384:LFxuDTaHWF9omDc8DxPB3qHXovQ+BJbi1oUGOxz+8vOgwniY102YhYNkG0CcRBJo:+DB
                      MD5:F6C7A3354152D3D832ED39B74D953D31
                      SHA1:8DA6B5EDE59D1B72E264ADC16E1CA6434F91B948
                      SHA-256:F318AD515E0CD5DAF09419EF8AF7E4BBBFFD1511CC485EC767F7EB1690984149
                      SHA-512:B90C7FC5F619E9508BD74E505E6395CB529ACD456DEDC11438491CB4F4F9AE10146B409AAA9664839C85ECF58250A8A7D780564EFDB4C2AF734AD2B724059810
                      Malicious:false
                      Preview:SessionID=75a03ccd-f229-4ab2-850c-893b9b15dc9b.1714033316329 Timestamp=2024-04-25T10:21:56:329+0200 ThreadID=1408 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=75a03ccd-f229-4ab2-850c-893b9b15dc9b.1714033316329 Timestamp=2024-04-25T10:21:56:329+0200 ThreadID=1408 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=75a03ccd-f229-4ab2-850c-893b9b15dc9b.1714033316329 Timestamp=2024-04-25T10:21:56:329+0200 ThreadID=1408 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=75a03ccd-f229-4ab2-850c-893b9b15dc9b.1714033316329 Timestamp=2024-04-25T10:21:56:330+0200 ThreadID=1408 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=75a03ccd-f229-4ab2-850c-893b9b15dc9b.1714033316329 Timestamp=2024-04-25T10:21:56:330+0200 ThreadID=1408 Component=ngl-lib_NglAppLib Description="SetConf

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):29845
                      Entropy (8bit):5.396085327651308
                      Encrypted:false
                      SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbm:S
                      MD5:9BEDB3BD61009A08256F15709174E6E6
                      SHA1:98597FF5ACC57DDB7639342C61A570862B7C4838
                      SHA-256:59A95F0CC3533D9978E075B92F10996F14E0499433CB473295DB7C52D567C1ED
                      SHA-512:7DC985D4A0AAE2F36F70A44461DEB04D1B92C09D4F16DCECAAD4DF685AC32EC2F8BBC937E9CB0CE773F19A4F67F6740F9AAA09A1C859AD677F5A9E13D996DD27
                      Malicious:false
                      Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

                      C:\Users\user\AppData\Local\Temp\acrocef_low\24f8c9d7-6de6-4124-8f13-f4c41940dbd7.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                      Category:dropped
                      Size (bytes):386528
                      Entropy (8bit):7.9736851559892425
                      Encrypted:false
                      SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                      MD5:5C48B0AD2FEF800949466AE872E1F1E2
                      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                      Malicious:false
                      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                      C:\Users\user\AppData\Local\Temp\acrocef_low\7cbe2171-bd9a-4911-839b-5a587351996d.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                      Category:dropped
                      Size (bytes):758601
                      Entropy (8bit):7.98639316555857
                      Encrypted:false
                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                      MD5:3A49135134665364308390AC398006F1
                      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                      Malicious:false
                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                      C:\Users\user\AppData\Local\Temp\acrocef_low\85b2d8b7-a8d4-4f07-99e0-386b8d8f0ea0.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                      Category:dropped
                      Size (bytes):1419751
                      Entropy (8bit):7.976496077007677
                      Encrypted:false
                      SSDEEP:24576:/M7ouWLaGZjZwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLaGZjZwZGk3mlind9i4ufFXpAXkru
                      MD5:AE1E8A5D3E7B2198980A0CA16DE5F3D3
                      SHA1:A1DB2C58AFC81E6A114A8EB47BE0243956F79460
                      SHA-256:8C2E1B13F6658714D51737D6745FE065B87497923945AB3028706A4171C8328F
                      SHA-512:5B36CF0982C5AFED5CCEA4B30A0B31A2B5312FBF5438623D53153E076B59F1B4BEF8C08695EA74E086BCA4EF7221889DB977B5DCFF4C684BA0683FDDECDE2EC4
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      C:\Users\user\AppData\Local\Temp\acrocef_low\b27836e0-d1ad-4409-bde5-5b3bdb562d64.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                      Category:dropped
                      Size (bytes):1407294
                      Entropy (8bit):7.97605879016224
                      Encrypted:false
                      SSDEEP:24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07tOWLaGZ4ZwYIGNPS:RB3mlind9i4ufFXpAXkrfUs0kWLaGZ48
                      MD5:1D64D25345DD73F100517644279994E6
                      SHA1:DE807F82098D469302955DCBE1A963CD6E887737
                      SHA-256:0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC
                      SHA-512:C0A37437F84B4895A7566E278046CFD50558AD84120CA0BD2EAD2259CA7A30BD67F0BDC4C043D73257773C607259A64B6F6AE4987C8B43BB47241F3C78EB9416
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      Static File Info

                      General

                      File type:PDF document, version 1.4, 1 pages
                      Entropy (8bit):7.654318356143638
                      TrID:
                      • Adobe Portable Document Format (5005/1) 100.00%
                      File name:121351.pdf
                      File size:559'392 bytes
                      MD5:37de073e62c300444004213c88ecf89b
                      SHA1:86b5ac12c1f42c7eba2455591318c7b86a6f0cb1
                      SHA256:f6045d8109c061c20b187702fe774e1733f68fefc75c5c96a1bead1dbc51818b
                      SHA512:979f0f399cdf671b9a2f6c60f403846482523e067913d3aed57223511ad0bda0624e6783f0f819888913bc2af7adb059745012f83306b386aee7384927cab518
                      SSDEEP:12288:vp+6FsVAwhZl4tsEKX1BVthuCdCLtZXPd5A8fDltGUZ/Jz:E6vwcOVthpYLb9loUZ/9
                      TLSH:0AC4B8438C189B93A46D83E4BE174E9C2F452B1CE9963DFF04661EDB3E602635D8D42E
                      File Content Preview:%PDF-1.4.%......5 0 obj.<<./Type /XObject./Subtype /Image./Name /Im0./Width 3507./Height 2480./BitsPerComponent 8./ColorSpace /DeviceRGB./Filter /DCTDecode./Length 4 0 R.>>.stream.......JFIF.....,.,......................................C...............(B+

                      File Icon

                      Icon Hash:62cc8caeb29e8ae0

                      Static PDF Info

                      General

                      Header:%PDF-1.4
                      Total Entropy:7.654318
                      Total Bytes:559392
                      Stream Entropy:7.653109
                      Stream Bytes:558369
                      Entropy outside Streams:5.052249
                      Bytes outside Streams:1023
                      Number of EOF found:1
                      Bytes after EOF:

                      Keywords Statistics

                      NameCount
                      obj8
                      endobj8
                      stream2
                      endstream2
                      xref1
                      trailer1
                      startxref1
                      /Page1
                      /Encrypt0
                      /ObjStm0
                      /URI0
                      /JS0
                      /JavaScript0
                      /AA0
                      /OpenAction0
                      /AcroForm0
                      /JBIG2Decode0
                      /RichMedia0
                      /Launch0
                      /EmbeddedFile0

                      Image Streams

                      IDDHASHMD5Preview
                      511181a59595a5154423071ecfbb674ed35dabcd74950fccc

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Apr 25, 2024 10:22:06.781028032 CEST49714443192.168.2.5184.25.164.138
                      Apr 25, 2024 10:22:06.781107903 CEST44349714184.25.164.138192.168.2.5
                      Apr 25, 2024 10:22:06.781196117 CEST49714443192.168.2.5184.25.164.138
                      Apr 25, 2024 10:22:06.781377077 CEST49714443192.168.2.5184.25.164.138
                      Apr 25, 2024 10:22:06.781410933 CEST44349714184.25.164.138192.168.2.5
                      Apr 25, 2024 10:22:07.113042116 CEST44349714184.25.164.138192.168.2.5
                      Apr 25, 2024 10:22:07.113343954 CEST49714443192.168.2.5184.25.164.138
                      Apr 25, 2024 10:22:07.113375902 CEST44349714184.25.164.138192.168.2.5
                      Apr 25, 2024 10:22:07.114367008 CEST44349714184.25.164.138192.168.2.5
                      Apr 25, 2024 10:22:07.114465952 CEST49714443192.168.2.5184.25.164.138
                      Apr 25, 2024 10:22:07.116441965 CEST49714443192.168.2.5184.25.164.138
                      Apr 25, 2024 10:22:07.116522074 CEST44349714184.25.164.138192.168.2.5
                      Apr 25, 2024 10:22:07.116677046 CEST49714443192.168.2.5184.25.164.138
                      Apr 25, 2024 10:22:07.116693020 CEST44349714184.25.164.138192.168.2.5
                      Apr 25, 2024 10:22:07.164207935 CEST49714443192.168.2.5184.25.164.138
                      Apr 25, 2024 10:22:07.226865053 CEST44349714184.25.164.138192.168.2.5
                      Apr 25, 2024 10:22:07.227015972 CEST44349714184.25.164.138192.168.2.5
                      Apr 25, 2024 10:22:07.227087975 CEST49714443192.168.2.5184.25.164.138
                      Apr 25, 2024 10:22:07.227421999 CEST49714443192.168.2.5184.25.164.138
                      Apr 25, 2024 10:22:07.227454901 CEST44349714184.25.164.138192.168.2.5
                      Apr 25, 2024 10:22:07.227479935 CEST49714443192.168.2.5184.25.164.138
                      Apr 25, 2024 10:22:07.227535009 CEST49714443192.168.2.5184.25.164.138

                      HTTP Request Dependency Graph

                      • armmf.adobe.com

                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.549714184.25.164.1384432556C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      TimestampBytes transferredDirectionData
                      2024-04-25 08:22:07 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                      Host: armmf.adobe.com
                      Connection: keep-alive
                      Accept-Language: en-US,en;q=0.9
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                      Sec-Fetch-Site: same-origin
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      Accept-Encoding: gzip, deflate, br
                      If-None-Match: "78-5faa31cce96da"
                      If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                      2024-04-25 08:22:07 UTC198INHTTP/1.1 304 Not Modified
                      Content-Type: text/plain; charset=UTF-8
                      Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                      ETag: "78-5faa31cce96da"
                      Date: Thu, 25 Apr 2024 08:22:07 GMT
                      Connection: close


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:10:21:52
                      Start date:25/04/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\121351.pdf"
                      Imagebase:0x7ff686a00000
                      File size:5'641'176 bytes
                      MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:true

                      General

                      Target ID:2
                      Start time:10:21:53
                      Start date:25/04/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                      Imagebase:0x7ff6413e0000
                      File size:3'581'912 bytes
                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:true

                      General

                      Target ID:4
                      Start time:10:21:54
                      Start date:25/04/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1576,i,15305235246586624923,5573412500544858462,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                      Imagebase:0x7ff6413e0000
                      File size:3'581'912 bytes
                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:true

                      Disassembly

                      No disassembly