Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Presidio-605520.pdf

Overview

General Information

Sample name:Presidio-605520.pdf
Analysis ID:1431810
MD5:78475d805c24eb83d0160f43f179feac
SHA1:4c01010796b1d35a7362f78ea0aea8e18d452ad7
SHA256:7cf1ffa5a46a07f96c0a56ab4f3fe986c0611d3afae41a4efedc80d8eb246342
Infos:

Detection

Score:22
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Suspicious PDF detected (based on various text indicators)
IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 5900 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Presidio-605520.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 5452 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 4244 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1732,i,4167328604085593503,12386720638169524665,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Suspicious PDF detected (based on various text indicators)
Source: Adobe Acrobat PDFOCR Text: DocuSign You have a secured Documents to review and sign. SCAN TO REVIEW SECURED DOCUMENTS Dear Sstewart, A Secured Documents has been shared with sstewart@presidio.com Please sign at your earliest convenience. To review and electronically sign the pending document, proceed to scan the QR code with your mobile device camera and follow the secured link that pop up. When DocuSign is applied there is no requirment for a paper copy to be produced. Thank you!
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 184.31.48.185:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 184.31.48.185:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 184.31.48.185:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 184.31.48.185:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 184.31.48.185:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 184.31.48.185:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 184.31.48.185:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 184.31.48.185:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 184.31.48.185:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 184.31.48.185:443
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 54.227.187.23:443 -> 192.168.2.7:49708
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 54.227.187.23:443 -> 192.168.2.7:49708
Source: global trafficTCP traffic: 54.227.187.23:443 -> 192.168.2.7:49708
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 54.227.187.23:443 -> 192.168.2.7:49708
Source: global trafficTCP traffic: 54.227.187.23:443 -> 192.168.2.7:49708
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 54.227.187.23:443 -> 192.168.2.7:49708
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 54.227.187.23:443 -> 192.168.2.7:49708
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 54.227.187.23:443 -> 192.168.2.7:49708
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 54.227.187.23:443 -> 192.168.2.7:49708
Source: global trafficTCP traffic: 54.227.187.23:443 -> 192.168.2.7:49708
Source: global trafficTCP traffic: 54.227.187.23:443 -> 192.168.2.7:49708
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 192.168.2.7:49708 -> 54.227.187.23:443
Source: global trafficTCP traffic: 54.227.187.23:443 -> 192.168.2.7:49708
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 184.31.48.185:443
Source: global trafficTCP traffic: 184.31.48.185:443 -> 192.168.2.7:49710
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 184.31.48.185:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 184.31.48.185:443
Source: global trafficTCP traffic: 184.31.48.185:443 -> 192.168.2.7:49710
Source: global trafficTCP traffic: 184.31.48.185:443 -> 192.168.2.7:49710
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 184.31.48.185:443
Source: global trafficTCP traffic: 184.31.48.185:443 -> 192.168.2.7:49710
Source: global trafficTCP traffic: 184.31.48.185:443 -> 192.168.2.7:49710
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 184.31.48.185:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 184.31.48.185:443
Source: global trafficTCP traffic: 184.31.48.185:443 -> 192.168.2.7:49710
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 184.31.48.185:443
Source: global trafficTCP traffic: 184.31.48.185:443 -> 192.168.2.7:49710
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 184.31.48.185:443
Source: global trafficTCP traffic: 184.31.48.185:443 -> 192.168.2.7:49710
Source: global trafficTCP traffic: 184.31.48.185:443 -> 192.168.2.7:49710
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 184.31.48.185:443
Source: global trafficTCP traffic: 192.168.2.7:49710 -> 184.31.48.185:443
Source: global trafficTCP traffic: 184.31.48.185:443 -> 192.168.2.7:49710
Source: Joe Sandbox ViewIP Address: 54.227.187.23 54.227.187.23
Source: global trafficHTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01x-adobe-uuid: c583ad55-e27a-405e-ae1a-c48b4361aa9dx-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 54.227.187.23
Source: unknownTCP traffic detected without corresponding DNS query: 54.227.187.23
Source: unknownTCP traffic detected without corresponding DNS query: 54.227.187.23
Source: unknownTCP traffic detected without corresponding DNS query: 54.227.187.23
Source: unknownTCP traffic detected without corresponding DNS query: 54.227.187.23
Source: unknownTCP traffic detected without corresponding DNS query: 54.227.187.23
Source: unknownTCP traffic detected without corresponding DNS query: 54.227.187.23
Source: unknownTCP traffic detected without corresponding DNS query: 54.227.187.23
Source: unknownTCP traffic detected without corresponding DNS query: 54.227.187.23
Source: unknownTCP traffic detected without corresponding DNS query: 54.227.187.23
Source: unknownTCP traffic detected without corresponding DNS query: 54.227.187.23
Source: unknownTCP traffic detected without corresponding DNS query: 54.227.187.23
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.48.185
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.48.185
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.48.185
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.48.185
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.48.185
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.48.185
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.48.185
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.48.185
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.48.185
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.48.185
Source: global trafficHTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01x-adobe-uuid: c583ad55-e27a-405e-ae1a-c48b4361aa9dx-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: ReaderMessages.0.drString found in binary or memory: https://www.adobe.co
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: classification engineClassification label: sus22.phis.winPDF@14/46@0/2
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 20-06-30-921.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Presidio-605520.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1732,i,4167328604085593503,12386720638169524665,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1732,i,4167328604085593503,12386720638169524665,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Presidio-605520.pdfInitial sample: PDF keyword /JS count = 0
Source: Presidio-605520.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Presidio-605520.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive12
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1431810 Sample: Presidio-605520.pdf Startdate: 25/04/2024 Architecture: WINDOWS Score: 22 18 Suspicious PDF detected (based on various text indicators) 2->18 7 Acrobat.exe 18 73 2->7         started        process3 process4 9 AcroCEF.exe 107 7->9         started        process5 11 AcroCEF.exe 6 9->11         started        dnsIp6 14 54.227.187.23, 443, 49708 AMAZON-AESUS United States 11->14 16 184.31.48.185, 443, 49710 AKAMAI-ASUS United States 11->16

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.adobe.co0%URL Reputationsafe
https://www.adobe.co0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://www.adobe.coReaderMessages.0.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
54.227.187.23
unknownUnited States
14618AMAZON-AESUSfalse
184.31.48.185
unknownUnited States
16625AKAMAI-ASUSfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1431810
Start date and time:2024-04-25 20:05:33 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 20s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:22
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:Presidio-605520.pdf
Detection:SUS
Classification:sus22.phis.winPDF@14/46@0/2
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 23.63.204.182, 172.64.41.3, 162.159.61.3, 54.144.73.197, 107.22.247.231, 34.193.227.236, 18.207.85.246, 96.7.224.59, 96.7.224.48, 96.7.224.9
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, time.windows.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
54.227.187.23http://damarltda.cl/certificado.phpGet hashmaliciousUnknownBrowse
    Payment advice.xlsGet hashmaliciousUnknownBrowse
      Order for new Project ECG EGYPT.xlsGet hashmaliciousUnknownBrowse
        https://acrobat.adobe.com/id/urn:aaid:sc:US:b1c915de-7158-4dd9-aa63-db461c226178Get hashmaliciousHTMLPhisherBrowse
          MT103_SWIFT.xlsGet hashmaliciousUnknownBrowse
            http://img1.wsimg.com/blobby/go/94e1955e-c7d2-4e11-a6ac-7a5ec652d6cd/downloads/90285909290.pdfGet hashmaliciousUnknownBrowse
              http://irp.cdn-website.com/67bd4330/files/uploaded/formula_to_annualize_quarterly_returns.pdfGet hashmaliciousUnknownBrowse
                RE Southernstaircase Contract Document Today Mon July 24 2023.msgGet hashmaliciousHTMLPhisherBrowse
                  BGL-guide-des-impots-2023.7zGet hashmaliciousCobaltStrikeBrowse
                    http://static1.squarespace.com/static/6454de2abdf5da02e854b2d1/t/645b30ea9fd5103d33c09870/1683697901963/36104440321.pdfGet hashmaliciousUnknownBrowse
                      184.31.48.185phish_alert_iocp_v1.4.48 (23).emlGet hashmaliciousSTRRATBrowse
                        RR1-733859-11972-Transmissora_Alianca_de_Energia_Eletrica_S_A__time_10022023204823.pdf.7zGet hashmaliciousUnknownBrowse

                          Domains

                          No context

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          AMAZON-AESUShttp://www.mh3solaroh.com/Get hashmaliciousHTMLPhisherBrowse
                          • 23.20.165.17
                          https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==Get hashmaliciousHTMLPhisherBrowse
                          • 34.196.110.25
                          ZcOjro0Chh.elfGet hashmaliciousMiraiBrowse
                          • 34.207.187.66
                          https://runrun.it/share/portal/x1pWDYC5l2f72kuwGet hashmaliciousHTMLPhisherBrowse
                          • 3.214.248.84
                          https://app.robly.com/sites/1550c67c312457e2bb58457f78fda912/f774d7ddfffc8f1d429cd55a95adr852dGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                          • 34.231.99.77
                          https://runrun.it/share/portal/x1pWDYC5l2f72kuwGet hashmaliciousHTMLPhisherBrowse
                          • 3.219.101.117
                          [EXTERNAL] New file received.emlGet hashmaliciousHTMLPhisherBrowse
                          • 107.22.247.231
                          https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/o76fri/enpmZG9tbF9zdXBlcnZpc29yMXN0X2Fzc2lzdGFudEBmZC5vcmc=Get hashmaliciousHTMLPhisherBrowse
                          • 23.23.165.157
                          https://functional-adhesive-titanium.glitch.me/Get hashmaliciousUnknownBrowse
                          • 18.235.65.101
                          https://boardmbza.info/fGet hashmaliciousUnknownBrowse
                          • 52.21.33.16
                          AKAMAI-ASUShttp://email.wantyourfeedback.com/ls/click?upn=u001.PD4nPnyJUo8oiEzSkSGLgaBNAMtLp9U5nstWElDmnpXtySPOXSs4GxXhEZNYegDWlOpy_1gt1aDjd5mPVItYgazWgABkVm-2FZUH6kt1lIvkdtkRWsfoyQV18ixDvOX-2B0tU4ZH6SMN7PC0YJjM3gcvFPvh6CbZuFXlOBXf3FWLiJkpKJ7Hjba3S4-2FzhpmkR8VdprfK8GO3qSu-2BzqpIaLLC-2Bva9kOn7HY5B7OIgz5EOl88o1lnRSRpayTzqRzTSFhtg2Bi-2BI4dAZ7qHRbJ3vb9lcrxBKqAk13I-2BCAvndhSK1Vi4ubCjlp2xQlrXIHfzqmLiSPjl7tEmTsLYr99h3esBOPv8ASLIpf873P512I7xYEOjogT1gQCerfZNqh6K2IdWU6lDJ2r3wpU6ug02vU9Zslw4DYpuNNZQNVtap5mqv9Xf8D1PYQxYI5BK4owXOV2wEXeRIjST24XAw6EO9D1tdiGoHDRaxW2QofayefCuiW9Z191aML90svJWojHiQp1Fq-2BXFLiyEx8V1eLa7dixfJ23RRWtHvg1jOrHp7lqvXRA7dobs-3DGet hashmaliciousHTMLPhisherBrowse
                          • 23.59.235.214
                          dwn1cGHIbV.elfGet hashmaliciousMiraiBrowse
                          • 104.73.199.214
                          https://bushelman-my.sharepoint.com/:b:/p/lance/ESXtc6Laa05KpaC4W3rpMEMBfLSUU1GZhgfhBL8opRqFHg?e=Wrw3leGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                          • 23.223.31.42
                          [EXTERNAL] New file received.emlGet hashmaliciousHTMLPhisherBrowse
                          • 23.47.176.131
                          https://www.bing.com/////////////////////ck/a?!&&p=0533e94aab0b2a6eJmltdHM9MTcxMzQ4NDgwMCZpZ3VpZD0xNDE4NDZmNi1iZWY1LTY4NjUtMjQ0YS01MjkwYmYwZTY5ODQmaW5zaWQ9NTIyMA&ptn=3&ver=2&hsh=3&fclid=141846f6-bef5-6865-244a-5290bf0e6984&u=a1aHR0cHM6Ly9reDRrc3IuYXJ0aWNsZXdyaXRpbmdnZW5lcmF0b3IueHl6Lw#vds2aa29aYmRldmluc0B3ZS13b3JsZHdpZGUuY29tGet hashmaliciousHTMLPhisherBrowse
                          • 23.209.84.186
                          lzShU2RYJa.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                          • 96.17.209.196
                          https://app.frame.io/presentations/da0e116a-d15f-430f-8c37-0aa7d783720f?component_clicked=digest_call_to_action&email_id=8abc710c-c18f-47f5-a884-e927cb8dcfaa&email_type=pending-reviewer-inviteGet hashmaliciousHTMLPhisherBrowse
                          • 23.199.47.148
                          n8XBpFdVFU.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                          • 96.17.209.196
                          R5391762lf.exeGet hashmaliciousClipboard Hijacker, Djvu, VidarBrowse
                          • 23.66.133.162
                          file.exeGet hashmaliciousVidarBrowse
                          • 96.17.209.196

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):297
                          Entropy (8bit):5.228025074906233
                          Encrypted:false
                          SSDEEP:6:3uUB+q2PcNwi2nKuAl9OmbnIFUt8M7c5Zmw+MIiVkwOcNwi2nKuAl9OmbjLJ:rMvLZHAahFUt8K4/+La54ZHAaSJ
                          MD5:0C425F46B5BBFC672856F307A35373BF
                          SHA1:CFD553C064D3C0537AEDA25AE08168F61AFA13C6
                          SHA-256:FEABF9AB16C73E977B83C2D35E554EB8C589FE84BC49DD44CAF7BEE75CFF93A8
                          SHA-512:284E0272A402AA785E90B98BC1A0EA22447DC13D4B993041816D5AA61F9FEE9F582882F7C51C556244E16FA5D80645A29EAB516AF3D0D86D10B0C41645D70333
                          Malicious:false
                          Reputation:low
                          Preview:2024/04/25-20:06:28.904 168 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/25-20:06:28.905 168 Recovering log #3.2024/04/25-20:06:28.906 168 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):297
                          Entropy (8bit):5.228025074906233
                          Encrypted:false
                          SSDEEP:6:3uUB+q2PcNwi2nKuAl9OmbnIFUt8M7c5Zmw+MIiVkwOcNwi2nKuAl9OmbjLJ:rMvLZHAahFUt8K4/+La54ZHAaSJ
                          MD5:0C425F46B5BBFC672856F307A35373BF
                          SHA1:CFD553C064D3C0537AEDA25AE08168F61AFA13C6
                          SHA-256:FEABF9AB16C73E977B83C2D35E554EB8C589FE84BC49DD44CAF7BEE75CFF93A8
                          SHA-512:284E0272A402AA785E90B98BC1A0EA22447DC13D4B993041816D5AA61F9FEE9F582882F7C51C556244E16FA5D80645A29EAB516AF3D0D86D10B0C41645D70333
                          Malicious:false
                          Reputation:low
                          Preview:2024/04/25-20:06:28.904 168 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/25-20:06:28.905 168 Recovering log #3.2024/04/25-20:06:28.906 168 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):344
                          Entropy (8bit):5.2480759689950816
                          Encrypted:false
                          SSDEEP:6:3rfIkQ+q2PcNwi2nKuAl9Ombzo2jMGIFUt8Mr5+QgZmw+MrTlQVkwOcNwi2nKuAv:DPvLZHAa8uFUt8t5/+ku54ZHAa8RJ
                          MD5:A8AB331971FBF86DFB76DE4EB7983BA9
                          SHA1:9EF87357A976BDA91590C28F3D0BA65D2F5A84A8
                          SHA-256:A41A4F6ADC4E201969E1238FFA45E666B48BA4379058327CF7156983823C6AAC
                          SHA-512:F9CD43DD1360FED1108F96A56195E84F52BB591FA6FD044778F6BE717F10FB8E7B1D7DD31D468EF9F5681047E2B02EBF800D933FF14F3C0D844C9AA864FA7AAD
                          Malicious:false
                          Reputation:low
                          Preview:2024/04/25-20:06:29.173 14f8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/25-20:06:29.175 14f8 Recovering log #3.2024/04/25-20:06:29.177 14f8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):344
                          Entropy (8bit):5.2480759689950816
                          Encrypted:false
                          SSDEEP:6:3rfIkQ+q2PcNwi2nKuAl9Ombzo2jMGIFUt8Mr5+QgZmw+MrTlQVkwOcNwi2nKuAv:DPvLZHAa8uFUt8t5/+ku54ZHAa8RJ
                          MD5:A8AB331971FBF86DFB76DE4EB7983BA9
                          SHA1:9EF87357A976BDA91590C28F3D0BA65D2F5A84A8
                          SHA-256:A41A4F6ADC4E201969E1238FFA45E666B48BA4379058327CF7156983823C6AAC
                          SHA-512:F9CD43DD1360FED1108F96A56195E84F52BB591FA6FD044778F6BE717F10FB8E7B1D7DD31D468EF9F5681047E2B02EBF800D933FF14F3C0D844C9AA864FA7AAD
                          Malicious:false
                          Reputation:low
                          Preview:2024/04/25-20:06:29.173 14f8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/25-20:06:29.175 14f8 Recovering log #3.2024/04/25-20:06:29.177 14f8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):475
                          Entropy (8bit):4.96930632548093
                          Encrypted:false
                          SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4TX:Y2sRdsRdMHSOL3QYhbSpDa7n7
                          MD5:FBDCC2772AA26D64959F72A60AEED4DF
                          SHA1:65DC55AD8E6AF60BDBDD0E6F3BCA306D1B4706A3
                          SHA-256:6C648B6773C99F25E60A691E688BE640F52738A14D94F8FADC01AE9E9EF81C05
                          SHA-512:036D6EC84050006D1B725801BC5A70C4DAB1CFBFA5DC114D33BF66DA4BA362C4AD22E5DF5742BB5319A01434B5451162030B50828D20A72BB418824F5555D9E1
                          Malicious:false
                          Reputation:low
                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF67413a.TMP (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):475
                          Entropy (8bit):4.96930632548093
                          Encrypted:false
                          SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4TX:Y2sRdsRdMHSOL3QYhbSpDa7n7
                          MD5:FBDCC2772AA26D64959F72A60AEED4DF
                          SHA1:65DC55AD8E6AF60BDBDD0E6F3BCA306D1B4706A3
                          SHA-256:6C648B6773C99F25E60A691E688BE640F52738A14D94F8FADC01AE9E9EF81C05
                          SHA-512:036D6EC84050006D1B725801BC5A70C4DAB1CFBFA5DC114D33BF66DA4BA362C4AD22E5DF5742BB5319A01434B5451162030B50828D20A72BB418824F5555D9E1
                          Malicious:false
                          Reputation:low
                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b0f37ebf-c4c4-4df9-a3d8-516b90946cce.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:modified
                          Size (bytes):475
                          Entropy (8bit):4.975316331738347
                          Encrypted:false
                          SSDEEP:12:YH/um3RA8sqZLsBdOg2H/gcaq3QYiubSpDyP7E4TX:Y2sRds3dMHD3QYhbSpDa7n7
                          MD5:D65998002F76139C63C65111CFEC14FF
                          SHA1:F10FB40A9C5B5A539AEF5B537D0E1934B92EFCBE
                          SHA-256:1226CE36B6D1126B4A35708C78439B3AF87A9F105BEA90ACF7484F67FEC12149
                          SHA-512:BD1410E0125170474A4188C2752A901AA5CA7380CB19988F6B1AB5DDC14C3081EDDDCD7FF7F3D9D2E38A73D09CBAC4F34230F64BDA129538FCE3C2CB2059B5F5
                          Malicious:false
                          Reputation:low
                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358628400425330","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":119768},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\df283f39-3d9b-43ec-a494-94d841e01eaf.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):475
                          Entropy (8bit):4.96930632548093
                          Encrypted:false
                          SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4TX:Y2sRdsRdMHSOL3QYhbSpDa7n7
                          MD5:FBDCC2772AA26D64959F72A60AEED4DF
                          SHA1:65DC55AD8E6AF60BDBDD0E6F3BCA306D1B4706A3
                          SHA-256:6C648B6773C99F25E60A691E688BE640F52738A14D94F8FADC01AE9E9EF81C05
                          SHA-512:036D6EC84050006D1B725801BC5A70C4DAB1CFBFA5DC114D33BF66DA4BA362C4AD22E5DF5742BB5319A01434B5451162030B50828D20A72BB418824F5555D9E1
                          Malicious:false
                          Reputation:low
                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):4509
                          Entropy (8bit):5.235063356054403
                          Encrypted:false
                          SSDEEP:96:CwNwpDGHqPySfkcr2smSX8I2OQCDh28wDtP3akE0/moZ:CwNw1GHqPySfkcigoO3h28ytP3akE0/H
                          MD5:6D2031945276D9B04AD88B6D6DF3A89C
                          SHA1:04F62A25D2B34111E390F447E17BE69616992D9B
                          SHA-256:4901A5BB7560CFDBC255A056EB6B48B28168BCA7F7B571C16E10D66E9FF5536C
                          SHA-512:836B347374930E8C9B46AE99F48A9700955AEC7C4CA67E0D1A94F56B70F6570A0B88DB34DC8AA6702AAFCF5BD28DEC96B07D9366A957387F70F34805F3440773
                          Malicious:false
                          Preview:*...#................version.1..namespace-.aw.o................next-map-id.1.Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.0I.$.r................next-map-id.2.Snamespace-9a9aa6d6_c307_4dda_b6c0_dc91084c8e68-https://rna-v2-resource.acrobat.com/.1!...r................next-map-id.3.Snamespace-1fbd9dc5_70a3_4975_91b4_966e0915c27a-https://rna-v2-resource.acrobat.com/.2..N.o................next-map-id.4.Pnamespace-0e0aed8d_6d6f_4be0_b28f_8e02158bc792-https://rna-resource.acrobat.com/.3*.z.o................next-map-id.5.Pnamespace-52652c26_09c2_43f2_adf7_da56a1f00d32-https://rna-resource.acrobat.com/.4.{.^...............Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.C..r................next-map-id.6.Snamespace-3a89c6b0_72b9_411a_9e44_fa247f34ac91-https://rna-v2-resource.acrobat.com/.5.q._r................next-map-id.7.Snamespace-02b23955_9103_42e0_ba64_3f8683969652-https://rna-v2-resource.acrobat.com/.6..d.o..............

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):332
                          Entropy (8bit):5.224505049465682
                          Encrypted:false
                          SSDEEP:6:3LQQ+q2PcNwi2nKuAl9OmbzNMxIFUt8MvQgZmw+M0FQVkwOcNwi2nKuAl9OmbzNq:7ovLZHAa8jFUt82/++54ZHAa84J
                          MD5:5D60B68E51B6094232C821432D2A4E12
                          SHA1:1EE4AA2ED6974AF98A5019D6B9C4F4989311B8C0
                          SHA-256:04F21FD2E0F00810B1E2F8E42DE33E22A12EB0469005E3FFCAC4408012A9134A
                          SHA-512:73FD08B7F190F41D497B30CE0ED1C20FEA1B1130FFF4DB4794039C1DDDD66F17626EE261232DF0F640F01C11736816A1D7670E8B8C8582552D0EDB9F1A6F175E
                          Malicious:false
                          Preview:2024/04/25-20:06:29.455 14f8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/25-20:06:29.518 14f8 Recovering log #3.2024/04/25-20:06:29.608 14f8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):332
                          Entropy (8bit):5.224505049465682
                          Encrypted:false
                          SSDEEP:6:3LQQ+q2PcNwi2nKuAl9OmbzNMxIFUt8MvQgZmw+M0FQVkwOcNwi2nKuAl9OmbzNq:7ovLZHAa8jFUt82/++54ZHAa84J
                          MD5:5D60B68E51B6094232C821432D2A4E12
                          SHA1:1EE4AA2ED6974AF98A5019D6B9C4F4989311B8C0
                          SHA-256:04F21FD2E0F00810B1E2F8E42DE33E22A12EB0469005E3FFCAC4408012A9134A
                          SHA-512:73FD08B7F190F41D497B30CE0ED1C20FEA1B1130FFF4DB4794039C1DDDD66F17626EE261232DF0F640F01C11736816A1D7670E8B8C8582552D0EDB9F1A6F175E
                          Malicious:false
                          Preview:2024/04/25-20:06:29.455 14f8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/25-20:06:29.518 14f8 Recovering log #3.2024/04/25-20:06:29.608 14f8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240425180634Z-191.bmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                          Category:dropped
                          Size (bytes):71190
                          Entropy (8bit):1.5658976655218964
                          Encrypted:false
                          SSDEEP:192:lbbbbjVHUtVa7/CGaLH3/HA9mwnbnFKZfiiQ1+ULNwfwnR:5VHsa7LaLHPNwbFafiiQ1+yNwf8
                          MD5:64D65139BE4DA3CE79125F6CC7F314A0
                          SHA1:F475F38752D76C918FCCF171036A7B249A1DBBAF
                          SHA-256:600C6D2BC20D62B27A4A737D5FD28BB11CA5FDB5A31E6BDA8DE85AC789C14F3E
                          SHA-512:1B92F9D2BAD88A4C7E06ED39945F1E175E0279E3C846F1074DCAB0143BCBB9CB6ECD6A7307C3EBCD55BD9A2B9731B28C577B153EFE9F4D95101DCD624038CB4C
                          Malicious:false
                          Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                          Category:dropped
                          Size (bytes):86016
                          Entropy (8bit):4.438912927531947
                          Encrypted:false
                          SSDEEP:384:yeaci5GYiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:10urVgazUpUTTGt
                          MD5:AC03DE5662F2949C632C5B8BF8DAF91F
                          SHA1:42545CF47749D5AA30A469815C167DB4FC2324BE
                          SHA-256:3FE7270DA75B851401D0584BBFE30CE654786E492D0F0FD95831ECEDF508732B
                          SHA-512:137DAF3C834B8D0C77BC1D2B5E6EB01B4BC30710CB6E77720FB857438B168C7B2000784A1FCA336505D4A250039F689007372D229B739AD932F1ED16BAA52B6A
                          Malicious:false
                          Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite Rollback Journal
                          Category:dropped
                          Size (bytes):8720
                          Entropy (8bit):3.7760442152261398
                          Encrypted:false
                          SSDEEP:48:7Mkp/E2ioyVBioy3DoWoy1CABoy1tKOioy1noy1AYoy1Wioy1hioybioyloy1no4:7TpjuB0iArXKQgNb9IVXEBodRBk5X
                          MD5:40A358434C6C3C93E63822BCBF360B6C
                          SHA1:98E3A45AAD4A2655DF7E1CFD1257681911B4BDB8
                          SHA-256:FF31B7F8263ABC3ED90F75C701B37345973DB4A07AB6232AC040B0C24F797E00
                          SHA-512:658EAE7F7EB2328A29C8A85454DB17F7A4B2863668737392AEEFF85C7E0B426C2B8D5A650BC289E1DDC2D7D7B17DA2CCBF7DE16B15281056F20FE25859B7BC8F
                          Malicious:false
                          Preview:.... .c.....X..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4456

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):185099
                          Entropy (8bit):5.182478651346149
                          Encrypted:false
                          SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                          MD5:94185C5850C26B3C6FC24ABC385CDA58
                          SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                          SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                          SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                          Malicious:false
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):185099
                          Entropy (8bit):5.182478651346149
                          Encrypted:false
                          SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                          MD5:94185C5850C26B3C6FC24ABC385CDA58
                          SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                          SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                          SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                          Malicious:false
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):227002
                          Entropy (8bit):3.392780893644728
                          Encrypted:false
                          SSDEEP:1536:qMKP+iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:FKPoJ/3AYvYwglFoL+sn
                          MD5:C11248DE3EDEB5F39EE8D1E2C1FFE7D8
                          SHA1:7EC6B85BDB7C99BA691BB08A051EF7C4D4A43231
                          SHA-256:57612AEEE8F8E8471B730963F8E111C9890F83D8120380A6FF0676A3814A4B41
                          SHA-512:E13FD658A42EE8BA3CDE3DE5912C3BF3F1A5D720D6C47C3FBCB9C529208DC2860A64B3C41F08660A76CAF5482CF8FDA5EEB62ACC719860AE05EE5C8369C24D9F
                          Malicious:false
                          Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):295
                          Entropy (8bit):5.358823121898299
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJM3g98kUwPeUkwRe9:YvXKXMRU51bsdTeOvrwGMbLUkee9
                          MD5:E16038FC1826BE0C67353D3944987233
                          SHA1:FDD31CC48F6195A7ED08DD6AB7B8C302C8652E65
                          SHA-256:3A302D80A8EBE1038E9B74EDE920A477CC8A3FB1FCE4F7DE9829184A1F4C1C55
                          SHA-512:4FE212A34ECF80B16E6764506FDC8ECE4CB8D58EFE67568DD05FB1AE85D0C2D6AA1903BFAB157CA296CA3D6E1DDF6CEDB0B61B3F853C8F8B00CEDAE92F85BDF2
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"b8ba883a-20b0-48cd-916e-9a72142aba34","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714243746601,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.296855007140867
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJfBoTfXpnrPeUkwRe9:YvXKXMRU51bsdTeOvrwGWTfXcUkee9
                          MD5:4B45CA50BE7F22D8BF3DEFA7C3F9D12F
                          SHA1:88E3A6C1A9451135B0B7482409379EE1561D2DC5
                          SHA-256:006034FBDC91ED586530EEE8E695349B17700CA145FEBF0B9BBA41F7D6A86F67
                          SHA-512:5892F070E6D28A07E6D87A71A0E6DFC940B159AA347C0F85BEFD36B3C0D99C05B6FFC4F5AAE0A7395587A6BEF4FC69FE9435EF77025A18E3499B98D7C29EBC8D
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"b8ba883a-20b0-48cd-916e-9a72142aba34","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714243746601,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.275561221367746
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJfBD2G6UpnrPeUkwRe9:YvXKXMRU51bsdTeOvrwGR22cUkee9
                          MD5:84EBB05E49F973F191D78CD7C351C1E4
                          SHA1:55B6F590D005DC483FCF9F43AF6CC5BBA23E9F01
                          SHA-256:BC30A52348DAAF8342B663270D5AFC9E5DADDC2A0D6550498223929EB7B35AA8
                          SHA-512:C3168187C2D81FDC7988C416767006DC6F478C6BDB986945211790040447BA7505BAA83EC2859DC7C2C1E5482F5EC8E2AC24755475D6C3A7B4FE9EDB1C82E8AF
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"b8ba883a-20b0-48cd-916e-9a72142aba34","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714243746601,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):285
                          Entropy (8bit):5.345542117529644
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJfPmwrPeUkwRe9:YvXKXMRU51bsdTeOvrwGH56Ukee9
                          MD5:25EB3F72C3110CB81CE07DBB67F1FEDA
                          SHA1:203E8BCD6EBA47114EE1F044898BA2E8CE8A2D9F
                          SHA-256:A645829BDA636D52D78F8D4AC9733BE6C5A9EA699F82089F669AADFF15195420
                          SHA-512:A85079BB753C205D07051F05CDE55E1D664C1995A320EE6950F0B3D3821743BB6E573A99F98E522CE85967A7F8ED2A63B29E20F4E1F703E0127A2D506BF971AC
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"b8ba883a-20b0-48cd-916e-9a72142aba34","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714243746601,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):292
                          Entropy (8bit):5.295898991343751
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJfJWCtMdPeUkwRe9:YvXKXMRU51bsdTeOvrwGBS8Ukee9
                          MD5:AD6277FBCC9100B7E1DE70D8A3B5CEA4
                          SHA1:CE23FA033B898B9E46BA84F1BC839E7C4AB1BF3F
                          SHA-256:D79AFDA1398068546638C348166E33F6CDB21572140951D7ABB0046D5A8EE62F
                          SHA-512:AA9C44189D956795D4A21349EEC3CE66B28ED37DF064CD920F95B72DB2038CD1037C81879EB3E5C968B31F2819330BB07CA0C55B2736E3E12F97CDB80443E962
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"b8ba883a-20b0-48cd-916e-9a72142aba34","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714243746601,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):289
                          Entropy (8bit):5.282219619801114
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJf8dPeUkwRe9:YvXKXMRU51bsdTeOvrwGU8Ukee9
                          MD5:7A38901B83BE6512A5189930BD7DB93E
                          SHA1:44AB44099A6DD746284BB3E0A6517970C4D94F0F
                          SHA-256:217C46ACB72EDB8B1D8C9CB015A9FED75E6C11342CE782456A158133A140C641
                          SHA-512:A4F1BF931D6699B27C746A503C2262EA4D7D13CBC4EB3A1127E1F22D02FFD54FAF4B7D77541032A91C408166A36D578796931DAC691F904FC533E0018AF8F175
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"b8ba883a-20b0-48cd-916e-9a72142aba34","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714243746601,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):292
                          Entropy (8bit):5.2874193150319915
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJfQ1rPeUkwRe9:YvXKXMRU51bsdTeOvrwGY16Ukee9
                          MD5:3DBFF70C68BB1D5D91ED4C4F48B0BF2F
                          SHA1:993780D4124AB3BA943FCBADF2B06EA9A531384F
                          SHA-256:D733B4F934BA1DDA6A8BF2D86CD6A6F7C71BDFC933FC82C697BC6BE692E3EF13
                          SHA-512:F091C08F3193AB89D125F16228327E1C9B5A49F5A320977C600F1F60047183C79065867EA01CF597D466A500E46E7EDA8F9B4326DD26797F4A1774AC8C46ED5D
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"b8ba883a-20b0-48cd-916e-9a72142aba34","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714243746601,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):289
                          Entropy (8bit):5.302185956816162
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJfFldPeUkwRe9:YvXKXMRU51bsdTeOvrwGz8Ukee9
                          MD5:3CDB8FEF54BB56864F4A654FB5AC48BC
                          SHA1:9D94D7DB77FC274B81EA6964FC2A60B4E5D2D1F7
                          SHA-256:37ED53B1502D14D3DA49955A0195213648F2099D8606D03A1FFECAABC73A4CC0
                          SHA-512:97F380AD0602010292D7561ED13F6A8B0AFCC21F509ED3DE8A3381B318C97FD31DE222894BCB98E04D7C25923329B8ED7EF00979D5DC2DE2816D4525AA68E2C5
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"b8ba883a-20b0-48cd-916e-9a72142aba34","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714243746601,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1372
                          Entropy (8bit):5.739254528722231
                          Encrypted:false
                          SSDEEP:24:Yv6XrmeOvroKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNm:YvLeQoEgigrNt0wSJn+ns8cvFJA
                          MD5:61BA06613C337E0D48A058C394533DC1
                          SHA1:DDE2679F0D29C47FAD9294B55BD3FA152ABFC158
                          SHA-256:1233B4A608D3BABE1EC08DC8DCB8D0EF566DC707E9E969C36857B97F72361341
                          SHA-512:A0F18ECFA6CF930F531780D4F0C65EB9567A515312487B7BAFDDC9F96F5AF67EEC9EF9120BFACAE95DD6BF12B02EF15B95D3DD6F1DBAE8F05C02FFC47E603D90
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"b8ba883a-20b0-48cd-916e-9a72142aba34","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714243746601,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):289
                          Entropy (8bit):5.288929719258341
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJfYdPeUkwRe9:YvXKXMRU51bsdTeOvrwGg8Ukee9
                          MD5:DA69792004D7183B6F1AA37A75468391
                          SHA1:4635273EEC67D4B4DA81204F59CF0C635DAF6C4C
                          SHA-256:04E322DC4CC7C4AA100D8D2BDD5D43923D73A243A59E3A1336C15316A46794E0
                          SHA-512:82DAEDB151EE4BA2D56BAFB3BB1D3F922359A4134D6A8CA74B1B1663F3067F5C853BF72B2C52D78F3D20D08D9326432913F2DA07A126C7ADA86B8B608B38F690
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"b8ba883a-20b0-48cd-916e-9a72142aba34","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714243746601,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1395
                          Entropy (8bit):5.774891275578397
                          Encrypted:false
                          SSDEEP:24:Yv6XrmeOvrHrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNe:YvLeQHHgDv3W2aYQfgB5OUupHrQ9FJs
                          MD5:81CFFB8CF1E55160E9169C27D9F70411
                          SHA1:6575C36A341AA8C9540C971D9016E4BA8EA9B494
                          SHA-256:9EDB21703EFDAFB3D50784ED2C7083602F92A1B00795683FF53AE7E73FFB8EFA
                          SHA-512:E2C01A54A8169EA5B6C36075FE111BB99656F485C81619069A7E06AAAFC6D8F84B05BE40510CFCAE103EA17B633D56AA41B89E68585EF44C59E2A470959A7153
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"b8ba883a-20b0-48cd-916e-9a72142aba34","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714243746601,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):291
                          Entropy (8bit):5.272552901335929
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJfbPtdPeUkwRe9:YvXKXMRU51bsdTeOvrwGDV8Ukee9
                          MD5:E5931D3A7938AFA1658DBFB81ED2E6B9
                          SHA1:B623E4B9FB12CC064EC9F627B700ED875D7AE088
                          SHA-256:9D7927E1AC42FAB4123E7167F623E2430CF74436429BB0AEB968A3F8230B1820
                          SHA-512:5B2B446AEC3D59AD026F725C772E61CF164366375AC4691296E7E9809E1668612AE754AF3A74AB69AD346C4E1DE7FB35B4D583C611F7EA42E63208277FB5AFEC
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"b8ba883a-20b0-48cd-916e-9a72142aba34","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714243746601,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):287
                          Entropy (8bit):5.2778910928422285
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJf21rPeUkwRe9:YvXKXMRU51bsdTeOvrwG+16Ukee9
                          MD5:F4E9902BEA4A4C61078231C8FC3D22C9
                          SHA1:0019B2E2580E035742726ACA333221765133F8F8
                          SHA-256:4968DE3D06E44080E19C0806E5942DBD7AE527B2BBFABF0EBFE1179D406D0B2A
                          SHA-512:DE50DF287E0666C37A7BD3C2AF901FA2A03F1E7599ECAF02E1D94628C608302734919C6DAB220A88FEC1BA2DE97AD68E28B61C26703987E26CBF6DA1810700E2
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"b8ba883a-20b0-48cd-916e-9a72142aba34","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714243746601,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):289
                          Entropy (8bit):5.295471029942267
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJfbpatdPeUkwRe9:YvXKXMRU51bsdTeOvrwGVat8Ukee9
                          MD5:40168B3B0615CCC01E5C8749BB94FDFB
                          SHA1:BC133D498DF3CD011980185651712B8C17F04188
                          SHA-256:F178E4B518F97E18B28E7F6D463A2943FB2E3DBFC27CFA1085EE4D119CFBE9F0
                          SHA-512:00F71896057105757C61EB9A856DD93514E3F02F257D3126F8567BAAB9D9531B7E5F8DE57684100EFB694FCE01D130A61C5C3CE8B3F0E893D558A36F71E80FFF
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"b8ba883a-20b0-48cd-916e-9a72142aba34","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714243746601,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):286
                          Entropy (8bit):5.253372307121607
                          Encrypted:false
                          SSDEEP:6:YEQXJ2HXZjKgURUHZ14WsGiIPEeOF0Y/nR9PoAvJfshHHrPeUkwRe9:YvXKXMRU51bsdTeOvrwGUUUkee9
                          MD5:1CD00395549F0EE4AE082425A85A3F0F
                          SHA1:5D84034DFE1F1386C9C7AD00F06857E824428FEF
                          SHA-256:7DC3FB0CB004BAA2DFEDD79BB338AB5AFCC27E41E2A3953B3101DA38422FFA74
                          SHA-512:D3A30F52AB5DC6B87EFD2FC6C68D098B707E25C6F2E8AF2E186FF70183218B9A471FD53DC6DCB46D4DE50BEB50A6C3C26E6D1D7E77E5DCB9EE4249C4C7952522
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"b8ba883a-20b0-48cd-916e-9a72142aba34","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714243746601,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):782
                          Entropy (8bit):5.373150342229787
                          Encrypted:false
                          SSDEEP:12:YvXKXMRU51bsdTeOvrwGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWYt:Yv6XrmeOvrm168CgEXX5kcIfANhb
                          MD5:18033EEDBEBFC30B517B757A2D700104
                          SHA1:5E4F0BF71CC625090A1F6F360D55192474DD922F
                          SHA-256:8D116FBB2ADCD5A33D6C5F69A5E020F8FBA9AA8B18FFF703B144984A9FBB635E
                          SHA-512:1E59B6083386879AECFEF6B3F36C0BE0320450051ABB4FA4A696F579289B8F022BD76B72DEEB750412A2AD43CC0D61C39AC6BB9419F0CE4D2F69E40ABF4F787F
                          Malicious:false
                          Preview:{"analyticsData":{"responseGUID":"b8ba883a-20b0-48cd-916e-9a72142aba34","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1714243746601,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1714068396639}}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):4
                          Entropy (8bit):0.8112781244591328
                          Encrypted:false
                          SSDEEP:3:e:e
                          MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                          SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                          SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                          SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                          Malicious:false
                          Preview:....

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):2814
                          Entropy (8bit):5.149340714951943
                          Encrypted:false
                          SSDEEP:24:Y161o4tCDGXAOpQTBea3ayudG2tPktn2qjZXnEJj0S+p0Ue2AW2LSom0Md5R19cY:Y16LxJpqMdnGn1ZXnE9foem0Md19cY
                          MD5:715B8EE2727EB2EEA08ECA520ED94C2A
                          SHA1:8F73E41EEC07486EDAE8880534BBFC6AC4F46819
                          SHA-256:CAAA53C14DC1123B11D46ACEC98CC0DE4142B5F7F43C67D1B86201D40FCA69F0
                          SHA-512:C2FFE87DC8D28196BE37A0B3A1352ECE4DFFFE551DF2BC5A81B279393D796811A1BB924DB5D39897F66E9F0F0752BC1D0A744FABC3191AB28733D8DED7D381D7
                          Malicious:false
                          Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"8cacd71f878f9bddcc09b9824593ccee","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1714068396000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"5ff346b9d74836f649cbdf053b025907","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1714068396000},{"id":"Edit_InApp_Aug2020","info":{"dg":"52fca349c45d154855039b9d6b41c8d3","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1714068396000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"39487476be51445b063981a4faf798b1","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1714068396000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"4209022c07b2526eab4b3c34e179c959","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1714068396000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"2321f91225e6f6bc27c0591f1a5486d5","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1714068396000},

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                          Category:dropped
                          Size (bytes):12288
                          Entropy (8bit):1.453619448592534
                          Encrypted:false
                          SSDEEP:48:TGufl2GL7msCvrBd6dHtbGIbPe0K3+fDy2dsWlP:lNVmsw3SHtbDbPe0K3+fDZd9
                          MD5:E398217FF8747788AE87A6DDC5341DDF
                          SHA1:C86305CEFF5689F3D9444F23F26D4F7BAA4227E6
                          SHA-256:B1981BA02C8C327808A17A3172F6C3C2B60E4A21E01F62A1CC3EC8A07CB6534E
                          SHA-512:DC0E1710BF92FAD66103AC036C52DF506438861424199A67ACFC6E9111245E082CF12B13D904B1914E8E19EB6C5B03F8988CED7B0B64A879D9E2311DE37B704D
                          Malicious:false
                          Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite Rollback Journal
                          Category:dropped
                          Size (bytes):8720
                          Entropy (8bit):1.9583791591955912
                          Encrypted:false
                          SSDEEP:48:7MxrvrBd6dHtbGIbPe0K3+fDy2dsHJqFl2GL7ms6:783SHtbDbPe0K3+fDZdwKVms6
                          MD5:14A74A518F553D6F9DB27BD1191AF9A6
                          SHA1:52867AD4ED81CCC04896B70D8E084802DE8B03C5
                          SHA-256:B42A82A8AB46CD806F66E9D496D00D8D1E199C137D409096E4CCAD2056CC18A6
                          SHA-512:28D8910B4AD51C6300B27975B7CCD43A717CCC93625ABCCBB01566032FF57A920680858AA40EDDE5F46EEED6DC7C6AEEF5D05613DBE0D3C89F90F585E2E61764
                          Malicious:false
                          Preview:.... .c.......q.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Temp\MSI701b0.LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):246
                          Entropy (8bit):3.5274671434738973
                          Encrypted:false
                          SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8+uwle:Qw946cPbiOxDlbYnuRK2ww
                          MD5:ED9F3E55EADCD78098092B80E98F3D3D
                          SHA1:C76C959447C2BA232AAEBCBF85234651B65AD444
                          SHA-256:2864CD31DA254CE9A88EEA0BD35545522050D0F88F5F0FD37C7DC3BA3848AD64
                          SHA-512:32429D6E3DA13E74E90E1D4FE50ADDE8F51DBEE8C751A6EDB85545F85388888795525FFAB61AD7CA06C9FA944C3843789DBE93B538F6D50222FC0D1D280CB49A
                          Malicious:false
                          Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.5./.0.4./.2.0.2.4. . .2.0.:.0.6.:.3.6. .=.=.=.....

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 20-06-30-921.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with very long lines (393)
                          Category:dropped
                          Size (bytes):16525
                          Entropy (8bit):5.386483451061953
                          Encrypted:false
                          SSDEEP:384:A2+jkjVj8jujXj+jPjghjKj0jLjmF/FRFO7t75NsXNsbNsgNssNsNNsaNsliNsTY:AXg5IqTS7Mh+oXChrYhFiQHXiz1W60ID
                          MD5:F49CA270724D610D1589E217EA78D6D1
                          SHA1:22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3
                          SHA-256:D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D
                          SHA-512:181B42465DE41E298329CBEB80181CBAB77CFD1701DBA31E61B2180B483BC35E2EFAFFA14C98F1ED0EDDE67F997EE4219C5318CE846BB0116A908FB2EAB61D29
                          Malicious:false
                          Preview:SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:808+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig:

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 21-57-09-897.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with very long lines (393)
                          Category:dropped
                          Size (bytes):15280
                          Entropy (8bit):5.3416235163326595
                          Encrypted:false
                          SSDEEP:384:szRM1MIMtM5MsMFMgZDZ7ZOTZcZIZGZIZpB2BwBO0Abhb5beb9biye/erLNL39IG:s9GhuIXYv5hoTyWwizoCwjdtS5nogpTP
                          MD5:6B23462DDF77AB5D1279EDF58CCBBF7A
                          SHA1:8178595A4C4D507050FF2558EECD047D248C5A5D
                          SHA-256:E8F7EAA43D14B8EAE3AEB1F5EC4237A0C352733DD12E03F949B106C8EF09FB90
                          SHA-512:FE9871A6CF604D0F0F8412B66CE2B4671AC93D23C8540BC9994A79333B05F685093784DA691303634E5879B0477EA38176A58AE7EE6913E3C77CDDE591578ACE
                          Malicious:false
                          Preview:SessionID=a220cf5e-3454-43b1-9757-c78031c34a45.1714068390945 Timestamp=2024-04-25T20:06:30:945+0200 ThreadID=7400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=a220cf5e-3454-43b1-9757-c78031c34a45.1714068390945 Timestamp=2024-04-25T20:06:30:946+0200 ThreadID=7400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=a220cf5e-3454-43b1-9757-c78031c34a45.1714068390945 Timestamp=2024-04-25T20:06:30:946+0200 ThreadID=7400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=a220cf5e-3454-43b1-9757-c78031c34a45.1714068390945 Timestamp=2024-04-25T20:06:30:946+0200 ThreadID=7400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=a220cf5e-3454-43b1-9757-c78031c34a45.1714068390945 Timestamp=2024-04-25T20:06:30:946+0200 ThreadID=7400 Component=ngl-lib_NglAppLib Description="SetConfig:

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1255
                          Entropy (8bit):5.262850447326338
                          Encrypted:false
                          SSDEEP:24:slktzWvZOF/lBzWN82jlBSylBtmlB0wLlBn8Zvn:sG6vUz6N8czFzkz0wLzs
                          MD5:FA69A6D8A6C13F61F50E9AF82F63E8B6
                          SHA1:E4C8355E5BABE96E33841C152AB5ABB8A290F202
                          SHA-256:461157F6E53428E92A1E5EE33B5AA1239F75C494DD74112900E91E64F230014D
                          SHA-512:34F071306D37C2C7D6B65B31A470CA488D0B1ACDF069501F57F61E509D2A2B8CA89A7585CF44968AB81D72196F98A611F4A35B97031DDC586D2C570E001E9844
                          Malicious:false
                          Preview:SessionID=a220cf5e-3454-43b1-9757-c78031c34a45.1714068390945 Timestamp=2024-04-25T21:57:09:910+0200 ThreadID=6676 Component=ngl-lib_ NglIngestManager Description="ProcessSpecialEventBeforeClose : Ingest - Checking & Processing for Special Events"..SessionID=a220cf5e-3454-43b1-9757-c78031c34a45.1714068390945 Timestamp=2024-04-25T21:57:09:911+0200 ThreadID=6676 Component=ngl-lib_ NglIngestManager Description="ProcessNglIngestEvents : Ingest Process - Finished"..SessionID=a220cf5e-3454-43b1-9757-c78031c34a45.1714068390945 Timestamp=2024-04-25T21:57:09:911+0200 ThreadID=6708 Component=ngl-lib_ NglIngestManager Description="CleanEventQ : Cleared Ingest Event"..SessionID=a220cf5e-3454-43b1-9757-c78031c34a45.1714068390945 Timestamp=2024-04-25T21:57:09:911+0200 ThreadID=6708 Component=ngl-lib_ NglIngestManager Description="Shutdown : Ingest manager shutdown."..SessionID=a220cf5e-3454-43b1-9757-c78031c34a45.1714068390945 Timestamp=2024-04-25T21:57:09:911+0200 ThreadID=6708 Component=ngl-lib_Ht

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):35814
                          Entropy (8bit):5.41169885098447
                          Encrypted:false
                          SSDEEP:768:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRldy0+AyxkHBDgRh9gRs:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRW
                          MD5:8D8FDC3E148D44EC21E936E845B4A777
                          SHA1:9EF12135F77B9887292495C47D8F86467BBA8ECD
                          SHA-256:9D941401929DC7F451936DEB84E93DDD5A4E2EF94CC79BF2E1DE23C0F5B2FC23
                          SHA-512:9F778D35C99E6825169CA4C65D76E9EEE831CC4666CFD4240BF7308B9F2BDC6C56E56CF892C875A0A191A8B4E72D95E97EAAD7EA25447E4EA54FC1D4F347E3FE
                          Malicious:false
                          Preview:05-10-2023 08:41:17:.---2---..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:41:17:.Closing File..05-10-

                          C:\Users\user\AppData\Local\Temp\acrocef_low\09fe93f2-94fa-4ca7-ac3a-ab5d0ff599b7.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                          Category:dropped
                          Size (bytes):1419751
                          Entropy (8bit):7.976496077007677
                          Encrypted:false
                          SSDEEP:24576:/xA7owWLkwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLkwZGuGZn3mlind9i4ufFXpAXkru
                          MD5:CA6B0D9F8DDC295DACE8157B69CA7CF6
                          SHA1:6299B4A49AB28786E7BF75E1481D8011E6022AF4
                          SHA-256:A933C727CE6547310A0D7DAD8704B0F16DB90E024218ACE2C39E46B8329409C7
                          SHA-512:9F150CDA866D433BD595F23124E369D2B797A0CA76A69BA98D30DF462F0A95D13E3B0834887B5CD2A032A55161A0DC8BB30C16AA89663939D6DCF83FAC056D34
                          Malicious:false
                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                          C:\Users\user\AppData\Local\Temp\acrocef_low\0da73c0e-13f9-4422-8ea0-d6d114743d8b.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                          Category:dropped
                          Size (bytes):1407294
                          Entropy (8bit):7.97605879016224
                          Encrypted:false
                          SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                          MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                          SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                          SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                          SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                          Malicious:false
                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                          C:\Users\user\AppData\Local\Temp\acrocef_low\c861637f-5269-4efe-9106-17943f7097bd.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                          Category:dropped
                          Size (bytes):386528
                          Entropy (8bit):7.9736851559892425
                          Encrypted:false
                          SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                          MD5:5C48B0AD2FEF800949466AE872E1F1E2
                          SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                          SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                          SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                          Malicious:false
                          Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                          C:\Users\user\AppData\Local\Temp\acrocef_low\ddc27109-e9fa-45ce-b105-8f2e98e3fb9c.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                          Category:dropped
                          Size (bytes):758601
                          Entropy (8bit):7.98639316555857
                          Encrypted:false
                          SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                          MD5:3A49135134665364308390AC398006F1
                          SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                          SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                          SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                          Malicious:false
                          Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                          Static File Info

                          General

                          File type:PDF document, version 1.4, 1 pages
                          Entropy (8bit):7.8966414940614005
                          TrID:
                          • Adobe Portable Document Format (5005/1) 100.00%
                          File name:Presidio-605520.pdf
                          File size:44'716 bytes
                          MD5:78475d805c24eb83d0160f43f179feac
                          SHA1:4c01010796b1d35a7362f78ea0aea8e18d452ad7
                          SHA256:7cf1ffa5a46a07f96c0a56ab4f3fe986c0611d3afae41a4efedc80d8eb246342
                          SHA512:c9d803ee4cdd51119c3af8e27652e3dfc42c14a70b3423eadaf87d300787da5cd0886661da94bf479f0e5661b0f3d95f6d95bfff3de01908315feffac7db75f5
                          SSDEEP:768:nZaXMWO8Qt8odAs7ajxN0FXyxaJVSLlSHDt8W/qa4H2nQ95aGdd2i:nAs8Q56sOMbVel8N/q1uQ9wq4i
                          TLSH:C413E10EA9957D9DFCF2C3873042AD9D898D7A0077C469C231341A19BA9D940DDF27BB
                          File Content Preview:%PDF-1.4.1 0 obj.<<./Title (..)./Creator (..)./Producer (...Q.t. .5...5...1)./CreationDate (D:20240425150502).>>.endobj.2 0 obj.<<./Type /Catalog./Pages 3 0 R.>>.endobj.4 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>

                          File Icon

                          Icon Hash:62cc8caeb29e8ae0

                          Static PDF Info

                          General

                          Header:%PDF-1.4
                          Total Entropy:7.896641
                          Total Bytes:44716
                          Stream Entropy:7.932157
                          Stream Bytes:41730
                          Entropy outside Streams:5.091830
                          Bytes outside Streams:2986
                          Number of EOF found:1
                          Bytes after EOF:

                          Keywords Statistics

                          NameCount
                          obj24
                          endobj24
                          stream6
                          endstream5
                          xref1
                          trailer1
                          startxref1
                          /Page1
                          /Encrypt0
                          /ObjStm0
                          /URI0
                          /JS0
                          /JavaScript0
                          /AA0
                          /OpenAction0
                          /AcroForm0
                          /JBIG2Decode0
                          /RichMedia0
                          /Launch0
                          /EmbeddedFile0

                          Image Streams

                          IDDHASHMD5Preview
                          8aa694bd9a7cccd955e0ff853ebf97f13aedcd8fb041215e8

                          Network Behavior

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Apr 25, 2024 20:06:36.146053076 CEST49708443192.168.2.754.227.187.23
                          Apr 25, 2024 20:06:36.146100044 CEST4434970854.227.187.23192.168.2.7
                          Apr 25, 2024 20:06:36.146153927 CEST49708443192.168.2.754.227.187.23
                          Apr 25, 2024 20:06:36.146892071 CEST49708443192.168.2.754.227.187.23
                          Apr 25, 2024 20:06:36.146907091 CEST4434970854.227.187.23192.168.2.7
                          Apr 25, 2024 20:06:36.396867037 CEST4434970854.227.187.23192.168.2.7
                          Apr 25, 2024 20:06:36.397423029 CEST49708443192.168.2.754.227.187.23
                          Apr 25, 2024 20:06:36.397444963 CEST4434970854.227.187.23192.168.2.7
                          Apr 25, 2024 20:06:36.398499966 CEST4434970854.227.187.23192.168.2.7
                          Apr 25, 2024 20:06:36.398575068 CEST49708443192.168.2.754.227.187.23
                          Apr 25, 2024 20:06:36.398601055 CEST4434970854.227.187.23192.168.2.7
                          Apr 25, 2024 20:06:36.398658991 CEST49708443192.168.2.754.227.187.23
                          Apr 25, 2024 20:06:36.399058104 CEST49708443192.168.2.754.227.187.23
                          Apr 25, 2024 20:06:36.399121046 CEST4434970854.227.187.23192.168.2.7
                          Apr 25, 2024 20:06:36.399857044 CEST49708443192.168.2.754.227.187.23
                          Apr 25, 2024 20:06:36.399878979 CEST4434970854.227.187.23192.168.2.7
                          Apr 25, 2024 20:06:36.487539053 CEST49708443192.168.2.754.227.187.23
                          Apr 25, 2024 20:06:36.706373930 CEST4434970854.227.187.23192.168.2.7
                          Apr 25, 2024 20:06:36.706394911 CEST4434970854.227.187.23192.168.2.7
                          Apr 25, 2024 20:06:36.706451893 CEST4434970854.227.187.23192.168.2.7
                          Apr 25, 2024 20:06:36.706460953 CEST49708443192.168.2.754.227.187.23
                          Apr 25, 2024 20:06:36.706497908 CEST49708443192.168.2.754.227.187.23
                          Apr 25, 2024 20:06:36.709419012 CEST49708443192.168.2.754.227.187.23
                          Apr 25, 2024 20:06:36.709443092 CEST4434970854.227.187.23192.168.2.7
                          Apr 25, 2024 20:06:40.892203093 CEST49710443192.168.2.7184.31.48.185
                          Apr 25, 2024 20:06:40.892242908 CEST44349710184.31.48.185192.168.2.7
                          Apr 25, 2024 20:06:40.892344952 CEST49710443192.168.2.7184.31.48.185
                          Apr 25, 2024 20:06:40.892498970 CEST49710443192.168.2.7184.31.48.185
                          Apr 25, 2024 20:06:40.892527103 CEST44349710184.31.48.185192.168.2.7
                          Apr 25, 2024 20:06:41.229233027 CEST44349710184.31.48.185192.168.2.7
                          Apr 25, 2024 20:06:41.229597092 CEST49710443192.168.2.7184.31.48.185
                          Apr 25, 2024 20:06:41.229612112 CEST44349710184.31.48.185192.168.2.7
                          Apr 25, 2024 20:06:41.231051922 CEST44349710184.31.48.185192.168.2.7
                          Apr 25, 2024 20:06:41.231120110 CEST49710443192.168.2.7184.31.48.185
                          Apr 25, 2024 20:06:41.233402967 CEST49710443192.168.2.7184.31.48.185
                          Apr 25, 2024 20:06:41.233489037 CEST44349710184.31.48.185192.168.2.7
                          Apr 25, 2024 20:06:41.233624935 CEST49710443192.168.2.7184.31.48.185
                          Apr 25, 2024 20:06:41.233635902 CEST44349710184.31.48.185192.168.2.7
                          Apr 25, 2024 20:06:41.276891947 CEST49710443192.168.2.7184.31.48.185
                          Apr 25, 2024 20:06:41.343797922 CEST44349710184.31.48.185192.168.2.7
                          Apr 25, 2024 20:06:41.343880892 CEST44349710184.31.48.185192.168.2.7
                          Apr 25, 2024 20:06:41.343993902 CEST49710443192.168.2.7184.31.48.185
                          Apr 25, 2024 20:06:41.344433069 CEST49710443192.168.2.7184.31.48.185
                          Apr 25, 2024 20:06:41.344455004 CEST44349710184.31.48.185192.168.2.7

                          HTTP Request Dependency Graph

                          • https:
                            • p13n.adobe.io
                          • armmf.adobe.com

                          HTTPS Proxied Packets

                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.74970854.227.187.234434244C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          TimestampBytes transferredDirectionData
                          2024-04-25 18:06:36 UTC1473OUTGET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1
                          Host: p13n.adobe.io
                          Connection: keep-alive
                          sec-ch-ua: "Chromium";v="105"
                          sec-ch-ua-mobile: ?0
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                          Accept: application/json, text/javascript, */*; q=0.01
                          x-adobe-uuid: c583ad55-e27a-405e-ae1a-c48b4361aa9d
                          x-adobe-uuid-type: visitorId
                          x-api-key: AdobeReader9
                          sec-ch-ua-platform: "Windows"
                          Origin: https://rna-resource.acrobat.com
                          Accept-Language: en-US,en;q=0.9
                          Sec-Fetch-Site: cross-site
                          Sec-Fetch-Mode: cors
                          Sec-Fetch-Dest: empty
                          Referer: https://rna-resource.acrobat.com/
                          Accept-Encoding: gzip, deflate, br
                          2024-04-25 18:06:36 UTC544INHTTP/1.1 200
                          Server: openresty
                          Date: Thu, 25 Apr 2024 18:06:36 GMT
                          Content-Type: application/json;charset=UTF-8
                          Content-Length: 3120
                          Connection: close
                          x-request-id: SUv8vyDgOnAKqigdVPi45uH8EKLK2CFU
                          vary: accept-encoding
                          Access-Control-Allow-Origin: *
                          Access-Control-Allow-Methods: GET, OPTIONS
                          Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id
                          Access-Control-Allow-Credentials: true
                          Access-Control-Expose-Headers: x-request-id
                          2024-04-25 18:06:36 UTC3120INData Raw: 7b 22 73 75 72 66 61 63 65 73 22 3a 7b 22 44 43 5f 52 65 61 64 65 72 5f 52 48 50 5f 42 61 6e 6e 65 72 22 3a 7b 22 63 6f 6e 74 61 69 6e 65 72 73 22 3a 5b 7b 22 63 6f 6e 74 61 69 6e 65 72 49 64 22 3a 31 2c 22 63 6f 6e 74 61 69 6e 65 72 4c 61 62 65 6c 22 3a 22 4a 53 4f 4e 20 66 6f 72 20 52 65 61 64 65 72 20 44 43 20 52 48 50 20 42 61 6e 6e 65 72 22 2c 22 64 61 74 61 54 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 2c 22 64 61 74 61 22 3a 22 65 79 4a 6a 64 47 45 69 4f 6e 73 69 64 48 6c 77 5a 53 49 36 49 6d 4a 31 64 48 52 76 62 69 49 73 49 6e 52 6c 65 48 51 69 4f 69 4a 47 63 6d 56 6c 49 44 63 74 52 47 46 35 49 46 52 79 61 57 46 73 49 69 77 69 5a 32 39 66 64 58 4a 73 49 6a 6f 69 61 48 52 30 63 48 4d 36 4c 79 39 68 59 33 4a 76 59 6d 46 30
                          Data Ascii: {"surfaces":{"DC_Reader_RHP_Banner":{"containers":[{"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","dataType":"application/json","data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          1192.168.2.749710184.31.48.1854434244C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          TimestampBytes transferredDirectionData
                          2024-04-25 18:06:41 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                          Host: armmf.adobe.com
                          Connection: keep-alive
                          Accept-Language: en-US,en;q=0.9
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                          Sec-Fetch-Site: same-origin
                          Sec-Fetch-Mode: no-cors
                          Sec-Fetch-Dest: empty
                          Accept-Encoding: gzip, deflate, br
                          If-None-Match: "78-5faa31cce96da"
                          If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                          2024-04-25 18:06:41 UTC198INHTTP/1.1 304 Not Modified
                          Content-Type: text/plain; charset=UTF-8
                          Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                          ETag: "78-5faa31cce96da"
                          Date: Thu, 25 Apr 2024 18:06:41 GMT
                          Connection: close


                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:0
                          Start time:20:06:27
                          Start date:25/04/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Presidio-605520.pdf"
                          Imagebase:0x7ff702560000
                          File size:5'641'176 bytes
                          MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:moderate
                          Has exited:true

                          General

                          Target ID:2
                          Start time:20:06:28
                          Start date:25/04/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                          Imagebase:0x7ff6c3ff0000
                          File size:3'581'912 bytes
                          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:moderate
                          Has exited:true

                          General

                          Target ID:4
                          Start time:20:06:28
                          Start date:25/04/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1732,i,4167328604085593503,12386720638169524665,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                          Imagebase:0x7ff6c3ff0000
                          File size:3'581'912 bytes
                          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:moderate
                          Has exited:true

                          Disassembly

                          No disassembly