Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
630081273.pdf

Overview

General Information

Sample name:630081273.pdf
Analysis ID:1431793
MD5:76992deaf0d92a2ff008e15c4c1bdbfd
SHA1:babfec1e36a55c0444b19a217144df0b01d72bc7
SHA256:f3be6cfd54cc5fa38233115d965f28ed2d85a60011e41d1418c5a4fc3a16cf09
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 344 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\630081273.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6972 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7228 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1564,i,18356397164535584762,3493887587701290198,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.5:49715 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.5:49715
Source: Joe Sandbox ViewIP Address: 184.25.164.138 184.25.164.138
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: classification engineClassification label: clean2.winPDF@14/41@0/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7104Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 19-25-24-996.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\630081273.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1564,i,18356397164535584762,3493887587701290198,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1564,i,18356397164535584762,3493887587701290198,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 630081273.pdfInitial sample: PDF keyword /JS count = 0
Source: 630081273.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: 630081273.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive12
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1431793 Sample: 630081273.pdf Startdate: 25/04/2024 Architecture: WINDOWS Score: 2 6 Acrobat.exe 18 62 2->6         started        process3 8 AcroCEF.exe 105 6->8         started        process4 10 AcroCEF.exe 2 8->10         started        dnsIp5 13 184.25.164.138, 443, 49715 BBIL-APBHARTIAirtelLtdIN United States 10->13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
184.25.164.138
unknownUnited States
9498BBIL-APBHARTIAirtelLtdINfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1431793
Start date and time:2024-04-25 19:24:36 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 9s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:9
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:630081273.pdf
Detection:CLEAN
Classification:clean2.winPDF@14/41@0/1
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 23.54.200.159, 54.227.187.23, 23.22.254.206, 52.202.204.11, 52.5.13.197, 172.64.41.3, 162.159.61.3, 104.76.210.69, 104.76.210.84
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
184.25.164.138ppop_verification_request.zipGet hashmaliciousUnknownBrowse
    Proposal Invitation_ Proposal is Due by the EOB May 15.emlGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
      file.pdf.download.lnkGet hashmaliciousUnknownBrowse
        Factura_SA161.pdf.lnkGet hashmaliciousRHADAMANTHYSBrowse
          Re_ Medina County Kitchen.emlGet hashmaliciousUnknownBrowse
            oiDDogdK9A.exeGet hashmaliciousLokibot, PureLog Stealer, zgRATBrowse
              New_Order.xlsGet hashmaliciousUnknownBrowse
                https://enfoldindia.org/wp-content/uploads/2019/06/Restorative-Circle-Handbook-for-CCI.pdfGet hashmaliciousUnknownBrowse
                  TaxForm.lnkGet hashmaliciousDarkGate, MailPassViewBrowse
                    https://ntnusa0-my.sharepoint.com/:f:/g/personal/ajaronik_ntnusa_com/EjzRads0Sf5Ivon47-zBKVABS1TZOI64W6Uv34YFqNQjmQ?e=NuZrjrGet hashmaliciousHTMLPhisher, ReCaptcha PhishBrowse

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      BBIL-APBHARTIAirtelLtdINBitTorrent-7.6.exeGet hashmaliciousUnknownBrowse
                      • 122.185.41.86
                      ppop_verification_request.zipGet hashmaliciousUnknownBrowse
                      • 184.25.164.138
                      https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:24e81d17-b801-4fad-ae25-120d655923c5Get hashmaliciousRemcosBrowse
                      • 23.209.188.17
                      Proposal Invitation_ Proposal is Due by the EOB May 15.emlGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                      • 184.25.164.138
                      file.pdf.download.lnkGet hashmaliciousUnknownBrowse
                      • 184.25.164.138
                      Factura_SA161.pdf.lnkGet hashmaliciousRHADAMANTHYSBrowse
                      • 184.25.164.138
                      Ud310iQZnO.elfGet hashmaliciousMiraiBrowse
                      • 182.74.25.30
                      tWpGuzQQoW.elfGet hashmaliciousMiraiBrowse
                      • 122.185.203.209
                      kGbjOmkleq.elfGet hashmaliciousMiraiBrowse
                      • 125.23.195.204
                      iH18gdEj8Y.elfGet hashmaliciousMiraiBrowse
                      • 125.19.93.33

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.211753032344033
                      Encrypted:false
                      SSDEEP:6:iSX+q2P92nKuAl9OmbnIFUt8FSVEZZmw+FSVENVkwO92nKuAl9OmbjLJ:fuv4HAahFUt8EVY/+EVA5LHAaSJ
                      MD5:8428911A893938F8BAA9674D932293CB
                      SHA1:F313B96D24538A73423BD1241BB0838750C7812E
                      SHA-256:70C097407238E2A1F496914EBD35AFE3C8C3CE60A93DB1EDCAF2FC83C6BDB185
                      SHA-512:57D1A1EDEAC45023AE8B659A66E35A4C0F99606294E0D4BDDB2BAAD9B8D173C297830887B7A0175102A28609FA0DC6E996C055346D6C7E03934A973FD9756DE0
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/25-19:25:22.781 1c18 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/25-19:25:22.782 1c18 Recovering log #3.2024/04/25-19:25:22.782 1c18 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.211753032344033
                      Encrypted:false
                      SSDEEP:6:iSX+q2P92nKuAl9OmbnIFUt8FSVEZZmw+FSVENVkwO92nKuAl9OmbjLJ:fuv4HAahFUt8EVY/+EVA5LHAaSJ
                      MD5:8428911A893938F8BAA9674D932293CB
                      SHA1:F313B96D24538A73423BD1241BB0838750C7812E
                      SHA-256:70C097407238E2A1F496914EBD35AFE3C8C3CE60A93DB1EDCAF2FC83C6BDB185
                      SHA-512:57D1A1EDEAC45023AE8B659A66E35A4C0F99606294E0D4BDDB2BAAD9B8D173C297830887B7A0175102A28609FA0DC6E996C055346D6C7E03934A973FD9756DE0
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/25-19:25:22.781 1c18 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/25-19:25:22.782 1c18 Recovering log #3.2024/04/25-19:25:22.782 1c18 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):338
                      Entropy (8bit):5.145383041941284
                      Encrypted:false
                      SSDEEP:6:iZM4q2P92nKuAl9Ombzo2jMGIFUt8FSKv3JZmw+FSKv3DkwO92nKuAl9Ombzo2jz:Iv4HAa8uFUt8oKvZ/+oKvz5LHAa8RJ
                      MD5:99A3193E0D7E129DB018EAB36A806B9E
                      SHA1:4683C5EB8FC7DC6F214214B5F97B12DC99956B1E
                      SHA-256:65B6B3D72FA7E9EC11C7DD6678494D30FC5AC2020F5FD53A9AC2734B9F01C9BB
                      SHA-512:2656FB24B8F3D1A80751E09B6D8C45EBC8CF81C2B86B8664383017694360206A219498C6DC3602B1CADD0C4AD3BDDAE812CB4A6F12B2802511AA2F4EAD0462A1
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/25-19:25:22.801 1c80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/25-19:25:22.802 1c80 Recovering log #3.2024/04/25-19:25:22.802 1c80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):338
                      Entropy (8bit):5.145383041941284
                      Encrypted:false
                      SSDEEP:6:iZM4q2P92nKuAl9Ombzo2jMGIFUt8FSKv3JZmw+FSKv3DkwO92nKuAl9Ombzo2jz:Iv4HAa8uFUt8oKvZ/+oKvz5LHAa8RJ
                      MD5:99A3193E0D7E129DB018EAB36A806B9E
                      SHA1:4683C5EB8FC7DC6F214214B5F97B12DC99956B1E
                      SHA-256:65B6B3D72FA7E9EC11C7DD6678494D30FC5AC2020F5FD53A9AC2734B9F01C9BB
                      SHA-512:2656FB24B8F3D1A80751E09B6D8C45EBC8CF81C2B86B8664383017694360206A219498C6DC3602B1CADD0C4AD3BDDAE812CB4A6F12B2802511AA2F4EAD0462A1
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/25-19:25:22.801 1c80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/25-19:25:22.802 1c80 Recovering log #3.2024/04/25-19:25:22.802 1c80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0d9c90c0-51e6-4ffd-8b7e-0058edf53f01.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:modified
                      Size (bytes):508
                      Entropy (8bit):5.05663747558245
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqZQssBdOg2HWfcaq3QYiubxnP7E4T3OF+:Y2sRdsfRdMHWu3QYhbxP7nbI+
                      MD5:F42FBB18F3E8C97A027C6DAE0C99FD18
                      SHA1:80B84A9EE0D09D14D3C723C7D066F14B8E3FF239
                      SHA-256:D6AD3E1EF4388A00210D89C00456985D03B948771B06A66B403F6293ED05CB82
                      SHA-512:2B820C86D63119ED511F23B576652860FDD0043F0EEC7ED76CC3C9FEF8429FE21AD31A7324D9E61C42ADA3501807FAFA42C9911AF2AF3CE7F70C8BE8E7EE1E80
                      Malicious:false
                      Reputation:low
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358625934602547","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":112468},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):508
                      Entropy (8bit):5.05663747558245
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqZQssBdOg2HWfcaq3QYiubxnP7E4T3OF+:Y2sRdsfRdMHWu3QYhbxP7nbI+
                      MD5:F42FBB18F3E8C97A027C6DAE0C99FD18
                      SHA1:80B84A9EE0D09D14D3C723C7D066F14B8E3FF239
                      SHA-256:D6AD3E1EF4388A00210D89C00456985D03B948771B06A66B403F6293ED05CB82
                      SHA-512:2B820C86D63119ED511F23B576652860FDD0043F0EEC7ED76CC3C9FEF8429FE21AD31A7324D9E61C42ADA3501807FAFA42C9911AF2AF3CE7F70C8BE8E7EE1E80
                      Malicious:false
                      Reputation:low
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358625934602547","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":112468},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4509
                      Entropy (8bit):5.238482648711951
                      Encrypted:false
                      SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUiQzVpUxQlzOZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLd
                      MD5:407C86C54597491CB9AE5EC163733BB6
                      SHA1:44A01E03F741C2071DC6F14B1D61A7348F2FBB38
                      SHA-256:72ECBBA5543656F1471DD3CE2046D66D9890868A7116D86BC7CF6789E1E3333D
                      SHA-512:567B4F80E133102A6C68E71426B9CAEB950E06E2036C134D77F8E5897F4FCF5E4F0A6C389B4E3F060BC7D81A1BDE2BEA88E7C44E8C558D40D8CE57DA88C45A76
                      Malicious:false
                      Reputation:low
                      Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):326
                      Entropy (8bit):5.206572933320813
                      Encrypted:false
                      SSDEEP:6:iMoON4q2P92nKuAl9OmbzNMxIFUt8FMuF3JZmw+FMJdDkwO92nKuAl9OmbzNMFLJ:YOOv4HAa8jFUt8DZ/+u15LHAa84J
                      MD5:0574C46D1CE0FA98527BD265BAA4940E
                      SHA1:C8C496185531547DFAA5D279DDE8D5EE62C4914F
                      SHA-256:5363EC3EB05777C532EB4E28A1E8EB592E3618A1B74AED52948ED6B7DAA0608E
                      SHA-512:730B3EC446CBBBDEE4986955FA3DA4C21973677D80A0F53201FA3F2B0F205FABA29BA33A094C24B8021F13B18D3A3435952C833C7848E2A3911B552049429470
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/25-19:25:23.068 1c80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/25-19:25:23.070 1c80 Recovering log #3.2024/04/25-19:25:23.071 1c80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):326
                      Entropy (8bit):5.206572933320813
                      Encrypted:false
                      SSDEEP:6:iMoON4q2P92nKuAl9OmbzNMxIFUt8FMuF3JZmw+FMJdDkwO92nKuAl9OmbzNMFLJ:YOOv4HAa8jFUt8DZ/+u15LHAa84J
                      MD5:0574C46D1CE0FA98527BD265BAA4940E
                      SHA1:C8C496185531547DFAA5D279DDE8D5EE62C4914F
                      SHA-256:5363EC3EB05777C532EB4E28A1E8EB592E3618A1B74AED52948ED6B7DAA0608E
                      SHA-512:730B3EC446CBBBDEE4986955FA3DA4C21973677D80A0F53201FA3F2B0F205FABA29BA33A094C24B8021F13B18D3A3435952C833C7848E2A3911B552049429470
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/25-19:25:23.068 1c80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/25-19:25:23.070 1c80 Recovering log #3.2024/04/25-19:25:23.071 1c80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240425172526Z-157.bmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PC bitmap, Windows 3.x format, 158 x -152 x 32, cbSize 96118, bits offset 54
                      Category:dropped
                      Size (bytes):96118
                      Entropy (8bit):3.5703917032754116
                      Encrypted:false
                      SSDEEP:768:xbbc6wmF6GTfVSzcGHOoUFt0bVnyGhRO9x:xXcFmwgszcGHODFKbByGhRO9x
                      MD5:352952C062F04FB4E07F377FB61D12F7
                      SHA1:C6CC7EC9B696C4B9A73FA26C5E68B707F68A8F79
                      SHA-256:B0AB932186A203A2ADA516F9475B34D6D1CE08F28F22EB57947A658709D27149
                      SHA-512:81E3277971F00035825147F62FEF9BF98D06A94D985A393B84AB68F3527F984D8696305D02BD6775811881AA14FEF515FD8B8AA93B61FA6938592D550B3A23F4
                      Malicious:false
                      Reputation:low
                      Preview:BMvw......6...(.......h..... .......................... ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".......................................................................................................................................................................................................................................................................................................................................................................................... ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. ".. "...........................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7104

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):185099
                      Entropy (8bit):5.182478651346149
                      Encrypted:false
                      SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                      MD5:94185C5850C26B3C6FC24ABC385CDA58
                      SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                      SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                      SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                      Malicious:false
                      Reputation:moderate, very likely benign file
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):185099
                      Entropy (8bit):5.182478651346149
                      Encrypted:false
                      SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                      MD5:94185C5850C26B3C6FC24ABC385CDA58
                      SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                      SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                      SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                      Malicious:false
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):228346
                      Entropy (8bit):3.3890581331110528
                      Encrypted:false
                      SSDEEP:1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgf/rRoL+sn:DPCaJ/3AYvYwgXFoL+sn
                      MD5:BAE090D23B1C0D4F6DC247F0080D349E
                      SHA1:8A7AAD52A54F9A3CCEF3CE323F6BBD5B2B530461
                      SHA-256:D7D3096317CF32DBEDF75D85390FE89A96170D44C09B2F6D164036064F506AE3
                      SHA-512:208136EBA10544EA5EADA1C32EADFD8066047A9D851FF95BADF9938D40AFA1771003C2725DB8C78991E700C73FA2FC3C9F3CC3712B3332E4CF6F8DDE0E539130
                      Malicious:false
                      Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):295
                      Entropy (8bit):5.335341369975515
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJM3g98kUwPeUkwRe9:YvXKXJ5VyYpW70sGMbLUkee9
                      MD5:05E875934EFC90537DF4D1E5A9DB99A2
                      SHA1:FC9F0FEED02C77F83CFAC617F7024BC901609551
                      SHA-256:1435EADE54937E2DEE87D2BB53C23CA0EC0FF5D77B0B19F40AA97E4F8F18F3B1
                      SHA-512:CE104993EABA7E4C4984DF103F2583CD22A0B1AA9D0EC6E99C45B300BDD7B3672CE68040A2A07EA3D9336B6B71D008B44B5944CC705FEE6F7CC5D4310F7CC588
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"020dfafb-1815-490f-aba3-688fd509047c","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714241352828,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.274258017090176
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJfBoTfXpnrPeUkwRe9:YvXKXJ5VyYpW70sGWTfXcUkee9
                      MD5:DF47C295708A40F2D726BD0BD73D3B7A
                      SHA1:FC27D0A3579DD0B7CD0A6F983354E4F603B31C82
                      SHA-256:DE713C40FBB857A260152A8639FBD95712E96F52719543CF321F96B1A4CDF60B
                      SHA-512:1B7371697E51B9D99F8989961CA5BDC6C8AAABB71C2A8AA214FFD4E606F536AE26EF0EB3CFACCDDCF5F13A4C450C4E0A9B4AB359A99DB99658C092FF5B2BB439
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"020dfafb-1815-490f-aba3-688fd509047c","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714241352828,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.252657335958607
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJfBD2G6UpnrPeUkwRe9:YvXKXJ5VyYpW70sGR22cUkee9
                      MD5:150DB4A55C8DC8ACFE2227A83F64C803
                      SHA1:D9876FBC3F0EDBACC16246B12CAFF902967B9304
                      SHA-256:2BDE03295CF2767613F4896748655B1D9BBCA90BDB7BF37D761D5A2F6CC57C98
                      SHA-512:60E23B8174842A0009E197179393D5B5448D3F4B9F5C28E48A2AA578FC1E7D1511EC0D1B109D6AF8F4C5D1D15C751C0254EBD65584DE2E114E1B5BA54AA91E3F
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"020dfafb-1815-490f-aba3-688fd509047c","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714241352828,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):285
                      Entropy (8bit):5.313251018985884
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJfPmwrPeUkwRe9:YvXKXJ5VyYpW70sGH56Ukee9
                      MD5:F03B1A029CDA44F0A9097D9461F613B8
                      SHA1:B30E9395C851F275B8EBFFA2C6CE7393E8636587
                      SHA-256:C2C77096A6D65D66EB2791C127D1B7FAF4C9D1C5416C92AD0812F8252271B693
                      SHA-512:D9B1FA3D1593474DA740BBD73D663FEA984BC9551A9B8B2D50DF79DFE54852F58B211E68D4B8AA993136EA4DBD396E8F7014FAC7C5A0D572D816D19A418543D8
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"020dfafb-1815-490f-aba3-688fd509047c","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714241352828,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.273880716798727
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJfJWCtMdPeUkwRe9:YvXKXJ5VyYpW70sGBS8Ukee9
                      MD5:99A13558FD595A53A2FA77A40C45C84B
                      SHA1:89C52CC744BB254568EEAE611B2275A6FD433143
                      SHA-256:FBDC861EB94BDEDB5F4F76F9284E531210AA28870FAA6AD16C8DAEB5A80688BA
                      SHA-512:52FC6E573888C677A646D3F26448AAC879A24DB4A0006740F833CE97DF2208E98BC0192389CAEBA0EE362AD25741EAD5E01ADD321250EBB061DCDC320A6DC1FB
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"020dfafb-1815-490f-aba3-688fd509047c","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714241352828,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.25960989249927
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJf8dPeUkwRe9:YvXKXJ5VyYpW70sGU8Ukee9
                      MD5:A2218730BA87DFAA9E60D7C0D2A84DBD
                      SHA1:FAD895C228CEBF4E08F53F2534171FE810FE0E9F
                      SHA-256:D1E18298C73EF34BDC28009093E6978E2915AC2CD986FA220E4E609C961F6B4B
                      SHA-512:0DE7035F6B6415E332D92D70E6A580C901B4132900CAFE7C9E8D2B40BA22B67ADABD38F093748E89AFC63E64D8F27BFB5EC330F448770C8136C56AEC4DA417B0
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"020dfafb-1815-490f-aba3-688fd509047c","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714241352828,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.26188885494728
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJfQ1rPeUkwRe9:YvXKXJ5VyYpW70sGY16Ukee9
                      MD5:A18C44D0BC796971DCEB84F04B4686C3
                      SHA1:BA0FADF6913367623A3CA1F2C74662DFF9625283
                      SHA-256:89D7AA7F177212215D2574BBBD242BA0DFC598B3642E0C8E4AD99787BAC574D4
                      SHA-512:E96A13C52FEA7FF9D0530DB11355C077825F233FCA98B99A6B5A60610D3DD8C39B1E0DB278B20C1346B14D9E2CDA5BFC0CCFA70EDB158C446239F8D19B055981
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"020dfafb-1815-490f-aba3-688fd509047c","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714241352828,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.279626913900831
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJfFldPeUkwRe9:YvXKXJ5VyYpW70sGz8Ukee9
                      MD5:690A03E4B494F3896E69C7789DC2BA8B
                      SHA1:44D6B8DA86943E4ABA41296012D873BA1661155B
                      SHA-256:210D9DB15DFD8CBC356320B523F64EB0907FECDE7632CBDA8162F76A45733C48
                      SHA-512:CB93F9F17EAF74B5005660170E95D90CC231CC399600BDA1A650E8413BB00E18DCFC11C17B69266BAC79B4F1B2609E6C147B19F7D1B63EE3226CD35618C88F73
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"020dfafb-1815-490f-aba3-688fd509047c","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714241352828,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1372
                      Entropy (8bit):5.737914147145943
                      Encrypted:false
                      SSDEEP:24:Yv6XNi0UKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJN3:Yvn3EgigrNt0wSJn+ns8cvFJl
                      MD5:E82038922866B0CEEAF796FB6E2CA1AE
                      SHA1:33A2714E545C25050EFB79428695E1AB0FBA785B
                      SHA-256:318A7961FD6BDA57704816F5BF1AF4471CEFEFB675674B245468CF7C8A8D59FD
                      SHA-512:5F1843DE6ADD8A577894DE77FF2B17D85763FE47EE8ABAECD9964C3582B89A2712231ACEF13D9112AB3C2DDC90CC576D6A9BFDDD302C4A1D643E61848AB580D1
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"020dfafb-1815-490f-aba3-688fd509047c","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714241352828,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.267688051051789
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJfYdPeUkwRe9:YvXKXJ5VyYpW70sGg8Ukee9
                      MD5:EA9AC191D5060D7899B3F83F14F5BBB4
                      SHA1:2953623AAD5C9F2D811EF5AEBD404BBA8D5FA858
                      SHA-256:B17D78C4D62F6A11502390E5110023A3B04318B9B367A2D02DC0DB743DFB2C62
                      SHA-512:6EF29CE276C66A384D677A80235A6AEC1074DCC581C0DCA58523C6F5E9444EE9525E5B9E5EA956C4E4D8F71E3602F5329348E1882B68945C9AC3FFFEDAD560A7
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"020dfafb-1815-490f-aba3-688fd509047c","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714241352828,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1395
                      Entropy (8bit):5.775912983926792
                      Encrypted:false
                      SSDEEP:24:Yv6XNi07rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNf:YvnKHgDv3W2aYQfgB5OUupHrQ9FJR
                      MD5:400243EB3A994161CC4D52B52AF7486F
                      SHA1:4E4B9CFF8A091E125A2FB6988A5B1E77756DCE92
                      SHA-256:03E52A2FAD798EB735D5C1195C70A72E01912717A4239D218E1EA72939F4A9B1
                      SHA-512:B388EA0F39A87984A1C16CEED0791EB950A7CA74F6118D7EEC079DEFEB1D46A0489055F36B2D92B25D6060289DB4AE9A33CCE337E71EE9F88419CF449DBE69B6
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"020dfafb-1815-490f-aba3-688fd509047c","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714241352828,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):291
                      Entropy (8bit):5.251457223976157
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJfbPtdPeUkwRe9:YvXKXJ5VyYpW70sGDV8Ukee9
                      MD5:4169802E80C6FDF9105F08B26078CEF6
                      SHA1:A4765F8EB0B18F24A26847673DD0D3E67A232305
                      SHA-256:D845CD33E2998E62AD6FDE63E3BF836D365630DC2F5F2BB694DE1E85948A1FE3
                      SHA-512:FE99D25EC796898195DA31D395AB5A3294C9675ECDF4BD019410003A402B51EB5AE2F572C6F20511FD555B5798BE56DA9031F90945D6B9EBAE6A6A7FD6E7968E
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"020dfafb-1815-490f-aba3-688fd509047c","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714241352828,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):287
                      Entropy (8bit):5.252979063219998
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJf21rPeUkwRe9:YvXKXJ5VyYpW70sG+16Ukee9
                      MD5:6133272EBE88DBFF57FA1721A5312C70
                      SHA1:BCC5F8904122429471E90AE95DE937E697DF596F
                      SHA-256:B0B7E7F9C705BDBFF0F42229CFAA2DF3B2ADBA96A655FF07F1F51864F6E038A1
                      SHA-512:62FE961C0AB8DE2FF070C0EDEA37996AA45B8932252D9D25139705CCDE363B5130B4BEC9775559CB169B4B71E28182496285CA1CCB085F4ABA81BCC39A3714B9
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"020dfafb-1815-490f-aba3-688fd509047c","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714241352828,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.27391715676899
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJfbpatdPeUkwRe9:YvXKXJ5VyYpW70sGVat8Ukee9
                      MD5:6C4A86C25B5F06BF2C1953B1A1A9999E
                      SHA1:DF66E4B7C54041FBE2ECB851C9706A7A81672A71
                      SHA-256:334D851CC872EC6E8DB971C1F21235F39E0294ADA6622E8C0E3B15EC7084B04B
                      SHA-512:9179297CE22D7839BA99F023959AE82CDAFF205703D58CE2FB20DFB0B9589E4BBBBADB6F8B72816706004ED598CDA8361C8C8BDAF8406BF82439F0EE98CD7C52
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"020dfafb-1815-490f-aba3-688fd509047c","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714241352828,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):286
                      Entropy (8bit):5.226572270652176
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHJJhAcV7+FIbRI6XVW7+0Y/FnEeoAvJfshHHrPeUkwRe9:YvXKXJ5VyYpW70sGUUUkee9
                      MD5:2D35492CD65F3C03F76206035418F3C2
                      SHA1:A7B0EA2F34358B3FC072E420D8C57380A07D101E
                      SHA-256:8722691B0E49B746FE6E82C9D5722AEC1AD5059397C5A77591C3F81F85BED35B
                      SHA-512:4441813F8444E7D42F82CB51C3013CD3D96C639A088CB86688C2BA527E02DA041D237496AD04639F83910CD538FDDFA41038406B09D421A7D75CBBDE51FD648C
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"020dfafb-1815-490f-aba3-688fd509047c","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714241352828,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):782
                      Entropy (8bit):5.364817329707188
                      Encrypted:false
                      SSDEEP:12:YvXKXJ5VyYpW70sGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWYlO:Yv6XNi0C168CgEXX5kcIfANhu
                      MD5:A119DD8807642CE156BCC1004B0EC15C
                      SHA1:0297E129ECF38CC77CABFAC2400B6A97F0772AF5
                      SHA-256:FFCD0D438C16D7D5760DF3341ABF93DD525638B1FDCB98C2A0CFE72FC20A2CDF
                      SHA-512:F1CB9D80341799727CCCDA6963842E607613D5C82A7B8CE314AE09C3BA1597D62C346EE7FEABC3CE509E6BC64D2B111230804E3DFD270AA3940BD66BBDDF8974
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"020dfafb-1815-490f-aba3-688fd509047c","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714241352828,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1714065927857}}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4
                      Entropy (8bit):0.8112781244591328
                      Encrypted:false
                      SSDEEP:3:e:e
                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                      Malicious:false
                      Preview:....

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2814
                      Entropy (8bit):5.137057433976164
                      Encrypted:false
                      SSDEEP:48:YYoDVbSSD3T/eh7hhXVGzT2PPjHJg3pb9jr:oSa3T/e9h/GverHJKPjr
                      MD5:BB5E575B1C63A8B0ABF1CC7579BF7634
                      SHA1:C7A486C98CC3B9ACE7B1D863F410046A85BDCB3F
                      SHA-256:216CA7CCF8D9804C7BE046495C95382BF388A900B1E6AF81ED4C3B79F40F7C9C
                      SHA-512:2FD100D6E998BC0EAAE8F0ABA541ADEB7C64FD12C8E256587FBFE371432197ABD10761209322BAE6A53FF4AEE8658F889ED2F295D1530FBB554EBE00B05AC0FD
                      Malicious:false
                      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"01b87ed8c74f3fb5d4c07bd77f2669a9","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1714065927000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"524ae258913b8b5a566f574e158bd076","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1714065927000},{"id":"Edit_InApp_Aug2020","info":{"dg":"887bc0e9c5536e535f17c845ff5de736","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1714065927000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"7fbe05cdcf48613a4c86501a521baf5d","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1714065927000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"5860db769d04373b9d15f3881123c3cc","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1714065927000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"efe8d34af5059490117d6f2b30e977c5","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1714065927000},

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                      Category:dropped
                      Size (bytes):12288
                      Entropy (8bit):0.9844613780377172
                      Encrypted:false
                      SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpaaLkn4zJwtNBwtNbRZ6bRZ4VaLknF:TVl2GL7ms6ggOVppzutYtp6PU
                      MD5:1B5BB763A77D99E7477E038A5DDC12FA
                      SHA1:39A1A23BDCA3B052841CB64C23F7E50991AAB57B
                      SHA-256:23363A112EE70F65BABA4489EDBA5B5249A36E88F5C1D051D2E89E771D2BF6B2
                      SHA-512:8D0BE6AB4809001ADF671B6A3DDB333434B723919F17ED871EA21FEC4F2366596890387BD4192E963C4B3D324DBAE6AEAC738E4DA78218D77A5EBBCB29701766
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):1.334687379567044
                      Encrypted:false
                      SSDEEP:24:7+t4UAD1RZKHs/Ds/SpaaLknPzJwtNBwtNbRZ6bRZWf1RZK6qLBx/XYKQvGJF7uT:7M4UGgOVpyzutYtp6PMrqll2GL7msa
                      MD5:6057FA7466D0119BC940323F7C2580B1
                      SHA1:B9089820EF068F75B3CA58FE1230E7ABA557ECD9
                      SHA-256:29CB1A0A2E89A0D21B2B3F5885C3DB0DF0831844E804EDA6990BC0511F01AE9A
                      SHA-512:837DEDD03F54FB00F0F2679C9B8C2B92CEA007B67F1B3C29DD28839E167F4B37D40794E57BD89C14D0D1DAB4E2C126AD6DAEC365085DD1B2B3671DE90AB2D207
                      Malicious:false
                      Preview:.... .c.....lIu.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\MSIbaa8b.LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):246
                      Entropy (8bit):3.529459928009153
                      Encrypted:false
                      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8+a7+dwlYH:Qw946cPbiOxDlbYnuRKO+ilYH
                      MD5:3E0DB1AA4BB664858960C96CA9255C03
                      SHA1:01631A0CDB53CCE66640AD2D0453400D8B8D2470
                      SHA-256:4686BFD280EB0C73FDF07176D8F01A5AD03A335D663E94CF06D9ED404C167A06
                      SHA-512:F5F166D49CDB3B1700C7DE109ECEC360A3A7EA88D3B0FB1B3BC92EE091653D5595066ECE2C9D62B7C32DA2FC5C148929C2013FEE3C45986AE9C53C9FB8D8A6DD
                      Malicious:false
                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.5./.0.4./.2.0.2.4. . .1.9.:.2.5.:.3.0. .=.=.=.....

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 19-25-24-996.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393)
                      Category:dropped
                      Size (bytes):16525
                      Entropy (8bit):5.376360055978702
                      Encrypted:false
                      SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
                      MD5:1336667A75083BF81E2632FABAA88B67
                      SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
                      SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
                      SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
                      Malicious:false
                      Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393), with CRLF line terminators
                      Category:dropped
                      Size (bytes):16603
                      Entropy (8bit):5.36207903089982
                      Encrypted:false
                      SSDEEP:384:fD9ZSgjYuvB+ed+QOErQEYtZmD/H7vgc7WU6mUCXjVWEvaDzcbklilA9oOkbkcop:KoM
                      MD5:2C2F6B917066C71FF2FED0065692A7BA
                      SHA1:2C2F2A0FF5FEF89ED3FBA4060C4A5C21B8AA9668
                      SHA-256:7027B653F38D3E52CBBBEF8F6BD0DA88CB4BF2DFD9B9112A662E8D6D9AFF6CD6
                      SHA-512:69BF12391E65CD12FA83B6A6EEC0C99C9F10CCFBE8BDDEA030FD71250406C7FDC62FDB92F3C24D30784A82C54BD6617BD1F0D05C10882798A824E10835BB5ACC
                      Malicious:false
                      Preview:SessionID=32826556-12b8-4a47-bb32-19b8bb32cd84.1714065925010 Timestamp=2024-04-25T19:25:25:010+0200 ThreadID=7768 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=32826556-12b8-4a47-bb32-19b8bb32cd84.1714065925010 Timestamp=2024-04-25T19:25:25:011+0200 ThreadID=7768 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=32826556-12b8-4a47-bb32-19b8bb32cd84.1714065925010 Timestamp=2024-04-25T19:25:25:011+0200 ThreadID=7768 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=32826556-12b8-4a47-bb32-19b8bb32cd84.1714065925010 Timestamp=2024-04-25T19:25:25:012+0200 ThreadID=7768 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=32826556-12b8-4a47-bb32-19b8bb32cd84.1714065925010 Timestamp=2024-04-25T19:25:25:012+0200 ThreadID=7768 Component=ngl-lib_NglAppLib Description="SetConf

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):29845
                      Entropy (8bit):5.390692000403136
                      Encrypted:false
                      SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbb:TA0s+
                      MD5:CE84EBE9642B62E14842D546D9975ECE
                      SHA1:FA99EA202AB1A1B7423D71E6901E27D065620CA3
                      SHA-256:47F6C6D5747F7ED6DC7EC52B8F480B582023E21F9AA209C97E6671071C37B096
                      SHA-512:86529652AD0559AEBEFB581593C622DC4876C98B656BCB6C7BAD5236A996D5B66A2579784C53E7F2AB8A8627A979CF113612C9A35F7B5F8D97E65E786C811BA0
                      Malicious:false
                      Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

                      C:\Users\user\AppData\Local\Temp\acrocef_low\27728c86-3fff-4db6-87aa-076868eb37fc.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                      Category:dropped
                      Size (bytes):386528
                      Entropy (8bit):7.9736851559892425
                      Encrypted:false
                      SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                      MD5:5C48B0AD2FEF800949466AE872E1F1E2
                      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                      Malicious:false
                      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                      C:\Users\user\AppData\Local\Temp\acrocef_low\3f00af47-3b96-4a54-8e87-7620bd2c8b54.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                      Category:dropped
                      Size (bytes):1407294
                      Entropy (8bit):7.97605879016224
                      Encrypted:false
                      SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
                      MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
                      SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
                      SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
                      SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      C:\Users\user\AppData\Local\Temp\acrocef_low\d82eee32-24da-422d-ba3b-d6dae5be3e03.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                      Category:dropped
                      Size (bytes):758601
                      Entropy (8bit):7.98639316555857
                      Encrypted:false
                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                      MD5:3A49135134665364308390AC398006F1
                      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                      Malicious:false
                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                      C:\Users\user\AppData\Local\Temp\acrocef_low\fb0485fa-27de-44eb-8212-332b8758f5bb.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                      Category:dropped
                      Size (bytes):1419751
                      Entropy (8bit):7.976496077007677
                      Encrypted:false
                      SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                      MD5:18E3D04537AF72FDBEB3760B2D10C80E
                      SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                      SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                      SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      Static File Info

                      General

                      File type:PDF document, version 1.3, 1 pages
                      Entropy (8bit):7.718817884611854
                      TrID:
                      • Adobe Portable Document Format (5005/1) 100.00%
                      File name:630081273.pdf
                      File size:99'497 bytes
                      MD5:76992deaf0d92a2ff008e15c4c1bdbfd
                      SHA1:babfec1e36a55c0444b19a217144df0b01d72bc7
                      SHA256:f3be6cfd54cc5fa38233115d965f28ed2d85a60011e41d1418c5a4fc3a16cf09
                      SHA512:bfd589fb6e55080badb4ccef402c44ea3d77001135de81b80802bf323433f94eaaad6c94a05a591890eb4b302105f63393b1ce080ab2ad8105bb61c7714ca846
                      SSDEEP:1536:HfMfCCv9TDTBIKZHvdzey+R8O0HuJOIoOCn4UV:/Md9D7hVCUhOJO34C
                      TLSH:70A3F607DC058A87E05C93FDB8072DBC2A4D2A1CFA827BFB10754ED67E609665D4B139
                      File Content Preview:%PDF-1.3.%.....3 0 obj.<< /Linearized 1 /L 99497 /H [ 561 122 ] /O 6 /E 99168 /N 1 /T 99319 >>.endobj. .xref.3 6.0000000015 00000 n .0000000512

                      File Icon

                      Icon Hash:62cc8caeb29e8ae0

                      Static PDF Info

                      General

                      Header:%PDF-1.3
                      Total Entropy:7.718818
                      Total Bytes:99497
                      Stream Entropy:7.712055
                      Stream Bytes:98160
                      Entropy outside Streams:4.851207
                      Bytes outside Streams:1337
                      Number of EOF found:2
                      Bytes after EOF:

                      Keywords Statistics

                      NameCount
                      obj8
                      endobj8
                      stream3
                      endstream3
                      xref2
                      trailer2
                      startxref2
                      /Page1
                      /Encrypt0
                      /ObjStm0
                      /URI0
                      /JS0
                      /JavaScript0
                      /AA0
                      /OpenAction0
                      /AcroForm0
                      /JBIG2Decode0
                      /RichMedia0
                      /Launch0
                      /EmbeddedFile0

                      Image Streams

                      IDDHASHMD5Preview
                      7d0c4d4d4c4cccccc830543ac2af86e1ab92dbeadf77dad94

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Apr 25, 2024 19:25:35.126375914 CEST49715443192.168.2.5184.25.164.138
                      Apr 25, 2024 19:25:35.126476049 CEST44349715184.25.164.138192.168.2.5
                      Apr 25, 2024 19:25:35.126605988 CEST49715443192.168.2.5184.25.164.138
                      Apr 25, 2024 19:25:35.126854897 CEST49715443192.168.2.5184.25.164.138
                      Apr 25, 2024 19:25:35.126892090 CEST44349715184.25.164.138192.168.2.5
                      Apr 25, 2024 19:25:35.459707022 CEST44349715184.25.164.138192.168.2.5
                      Apr 25, 2024 19:25:35.460055113 CEST49715443192.168.2.5184.25.164.138
                      Apr 25, 2024 19:25:35.460079908 CEST44349715184.25.164.138192.168.2.5
                      Apr 25, 2024 19:25:35.461206913 CEST44349715184.25.164.138192.168.2.5
                      Apr 25, 2024 19:25:35.461302996 CEST49715443192.168.2.5184.25.164.138
                      Apr 25, 2024 19:25:35.463802099 CEST49715443192.168.2.5184.25.164.138
                      Apr 25, 2024 19:25:35.463922977 CEST44349715184.25.164.138192.168.2.5
                      Apr 25, 2024 19:25:35.463992119 CEST49715443192.168.2.5184.25.164.138
                      Apr 25, 2024 19:25:35.504117966 CEST44349715184.25.164.138192.168.2.5
                      Apr 25, 2024 19:25:35.508219957 CEST49715443192.168.2.5184.25.164.138
                      Apr 25, 2024 19:25:35.508249044 CEST44349715184.25.164.138192.168.2.5
                      Apr 25, 2024 19:25:35.555145025 CEST49715443192.168.2.5184.25.164.138
                      Apr 25, 2024 19:25:35.589359999 CEST44349715184.25.164.138192.168.2.5
                      Apr 25, 2024 19:25:35.589494944 CEST44349715184.25.164.138192.168.2.5
                      Apr 25, 2024 19:25:35.589629889 CEST49715443192.168.2.5184.25.164.138
                      Apr 25, 2024 19:25:35.590013981 CEST49715443192.168.2.5184.25.164.138
                      Apr 25, 2024 19:25:35.590032101 CEST44349715184.25.164.138192.168.2.5

                      HTTP Request Dependency Graph

                      • armmf.adobe.com

                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.549715184.25.164.1384437228C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      TimestampBytes transferredDirectionData
                      2024-04-25 17:25:35 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                      Host: armmf.adobe.com
                      Connection: keep-alive
                      Accept-Language: en-US,en;q=0.9
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                      Sec-Fetch-Site: same-origin
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      Accept-Encoding: gzip, deflate, br
                      If-None-Match: "78-5faa31cce96da"
                      If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                      2024-04-25 17:25:35 UTC198INHTTP/1.1 304 Not Modified
                      Content-Type: text/plain; charset=UTF-8
                      Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                      ETag: "78-5faa31cce96da"
                      Date: Thu, 25 Apr 2024 17:25:35 GMT
                      Connection: close


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:19:25:21
                      Start date:25/04/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\630081273.pdf"
                      Imagebase:0x7ff686a00000
                      File size:5'641'176 bytes
                      MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:true

                      General

                      Target ID:2
                      Start time:19:25:22
                      Start date:25/04/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                      Imagebase:0x7ff6413e0000
                      File size:3'581'912 bytes
                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:true

                      General

                      Target ID:4
                      Start time:19:25:22
                      Start date:25/04/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1564,i,18356397164535584762,3493887587701290198,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                      Imagebase:0x7ff6413e0000
                      File size:3'581'912 bytes
                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:true

                      Disassembly

                      No disassembly