Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
September #35- J023196- Victoria College.pdf

Overview

General Information

Sample name:September #35- J023196- Victoria College.pdf
Analysis ID:1526108
MD5:c7c2dd45d9b3a57907e0bdf2e19616ea
SHA1:77c90fe83cb9324ac330e47f21d646286fb705e1
SHA256:a2815b649a15a457dc00c469ff6b3261f82461436947e15d5ad85c90cdf39424
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 5956 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\September #35- J023196- Victoria College.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 3624 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7260 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1520,i,2359972223169240925,15755556354658978647,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.4:49748
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.4:49748 -> 23.56.162.185:443
Source: Joe Sandbox ViewIP Address: 23.56.162.185 23.56.162.185
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: classification engineClassification label: clean2.winPDF@14/45@2/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3684Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-04 13-07-08-959.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\September #35- J023196- Victoria College.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1520,i,2359972223169240925,15755556354658978647,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1520,i,2359972223169240925,15755556354658978647,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: September #35- J023196- Victoria College.pdfInitial sample: PDF keyword /JS count = 0
Source: September #35- J023196- Victoria College.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: September #35- J023196- Victoria College.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1526108 Sample: September #35- J023196- Vic... Startdate: 04/10/2024 Architecture: WINDOWS Score: 2 14 x1.i.lencr.org 2->14 7 Acrobat.exe 17 74 2->7         started        process3 process4 9 AcroCEF.exe 107 7->9         started        process5 11 AcroCEF.exe 2 9->11         started        dnsIp6 16 23.56.162.185, 443, 49748 AKAMAI-ASUS United States 11->16

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
    • URL Reputation: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    23.56.162.185
    		unknownUnited States
    		16625AKAMAI-ASUSfalse

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1526108
    Start date and time:2024-10-04 19:06:06 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 4m 7s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowspdfcookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:10
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:September #35- J023196- Victoria College.pdf
    Detection:CLEAN
    Classification:clean2.winPDF@14/45@2/1
    Cookbook Comments:
    • Found application associated with file extension: .pdf
    • Found PDF document
    • Close Viewer

    Warnings

    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 184.28.88.176, 18.207.85.246, 54.144.73.197, 107.22.247.231, 34.193.227.236, 2.19.126.149, 2.19.126.143, 172.64.41.3, 162.159.61.3, 2.23.197.184
    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
    • Not all processes where analyzed, report is missing behavior information
    • VT rate limit hit for: September #35- J023196- Victoria College.pdf

    Simulations

    Behavior and APIs

    TimeTypeDescription
    13:07:19API Interceptor1x Sleep call for process: AcroCEF.exe modified

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    23.56.162.185https://app.collabow.io/d/GNgkdZO5gKluqEP3mMdbEwzWbgEyOeRe8sIh64SLMvsNGet hashmaliciousUnknownBrowse
      Refrence-Order#63729.pdfGet hashmaliciousAzorultBrowse
        DV2mrnfX2d.exeGet hashmaliciousRhysidaBrowse
          Xkci1BfrmX.lnkGet hashmaliciousLonePageBrowse
            Snc2ZNvAZP.pdfGet hashmaliciousUnknownBrowse
              Purchase Order IBT LPO-2320.emlGet hashmaliciousUnknownBrowse
                Final_Contract_Copy-532392974.pdfGet hashmaliciousUnknownBrowse
                  Cbequipment-Voice Audio Interface.pdfGet hashmaliciousHTMLPhisherBrowse
                    Runbook - Carolinas Animal Hospital - 2022-05-25 11.28 UTC -04.00.pdfGet hashmaliciousUnknownBrowse
                      Hajj_Advisory pdf lnk.lnkGet hashmaliciousUnknownBrowse

                        Domains

                        No context

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        AKAMAI-ASUShttps://s3.amazonaws.com/r3e1272/Rco.html#4eyOul3510eTKK19nejdimaazo189TBUDIERNFIMTFBQ264510CRSG907S11Get hashmaliciousPhisherBrowse
                        • 184.28.89.23
                        loader.exeGet hashmaliciousLummaCBrowse
                        • 104.102.49.254
                        file.exeGet hashmaliciousLummaC, VidarBrowse
                        • 104.102.49.254
                        a43486128347.exeGet hashmaliciousLummaCBrowse
                        • 104.102.49.254
                        7f3c2473d1e6.exeGet hashmaliciousLummaC, VidarBrowse
                        • 104.102.49.254
                        Hollandco-File-871871493.pdfGet hashmaliciousUnknownBrowse
                        • 104.78.188.188
                        https://jhansalazar.weebly.com/Get hashmaliciousUnknownBrowse
                        • 23.212.88.20
                        msvcp110.dllGet hashmaliciousLummaCBrowse
                        • 104.102.49.254
                        https://app.collabow.io/d/GNgkdZO5gKluqEP3mMdbEwzWbgEyOeRe8sIh64SLMvsNGet hashmaliciousUnknownBrowse
                        • 23.56.162.185
                        https://www.dropbox.com/l/scl/AACFGimR3EJt-RbOzI8FO3hUk-bWh7Zwq_kGet hashmaliciousUnknownBrowse
                        • 104.102.43.106

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):292
                        Entropy (8bit):5.215763469268171
                        Encrypted:false
                        SSDEEP:6:QalSQ+q2Pwkn2nKuAl9OmbnIFUt8HBSgZmw+HBSQVkwOwkn2nKuAl9OmbjLJ:QaoQ+vYfHAahFUt8HBSg/+HBSQV5JfHi
                        MD5:63C8C31081C90ADDC46FEE3C30F70391
                        SHA1:004F60A1A6F143552D9E545C05C8B13C96A7464A
                        SHA-256:EE4C370D417E7B20F7D17331853E3886E05F62DC9E063FA1276E07E1245B21D8
                        SHA-512:50B821F0FBDFD1C1791E831DB3F9B5B223AC2D46F79F2FA15FE9DBB223794AD93BCEE86CBA9D833F34B6B7058497937B411A9092CACDED20AD69F67BD994F67E
                        Malicious:false
                        Reputation:low
                        Preview:2024/10/04-13:07:06.749 15dc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/04-13:07:06.751 15dc Recovering log #3.2024/10/04-13:07:06.751 15dc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):292
                        Entropy (8bit):5.215763469268171
                        Encrypted:false
                        SSDEEP:6:QalSQ+q2Pwkn2nKuAl9OmbnIFUt8HBSgZmw+HBSQVkwOwkn2nKuAl9OmbjLJ:QaoQ+vYfHAahFUt8HBSg/+HBSQV5JfHi
                        MD5:63C8C31081C90ADDC46FEE3C30F70391
                        SHA1:004F60A1A6F143552D9E545C05C8B13C96A7464A
                        SHA-256:EE4C370D417E7B20F7D17331853E3886E05F62DC9E063FA1276E07E1245B21D8
                        SHA-512:50B821F0FBDFD1C1791E831DB3F9B5B223AC2D46F79F2FA15FE9DBB223794AD93BCEE86CBA9D833F34B6B7058497937B411A9092CACDED20AD69F67BD994F67E
                        Malicious:false
                        Reputation:low
                        Preview:2024/10/04-13:07:06.749 15dc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/04-13:07:06.751 15dc Recovering log #3.2024/10/04-13:07:06.751 15dc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):336
                        Entropy (8bit):5.177076771372189
                        Encrypted:false
                        SSDEEP:6:Qj+q2Pwkn2nKuAl9Ombzo2jMGIFUt8HaZZmw+HaNVkwOwkn2nKuAl9Ombzo2jMmd:Q6vYfHAa8uFUt8HaZ/+Haz5JfHAa8RJ
                        MD5:84602DFC67D84EE86B9F58FE03C30872
                        SHA1:C88C70EC9E7D00B55950D8F0D69C24381DC83807
                        SHA-256:DE67B491622013AA23EE642F556235F9F8461970D9899485AB079907E7321595
                        SHA-512:60382AF6A8D8B2E3F7B936BF543BA21738B7E9AB3A18AC40F1AF4A9576984A75EFE00A8FC48D5DC9900DB81423070B5E9BD10F23C860333FBBA1F2D69745E139
                        Malicious:false
                        Reputation:low
                        Preview:2024/10/04-13:07:06.833 1cb8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/04-13:07:06.834 1cb8 Recovering log #3.2024/10/04-13:07:06.834 1cb8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):336
                        Entropy (8bit):5.177076771372189
                        Encrypted:false
                        SSDEEP:6:Qj+q2Pwkn2nKuAl9Ombzo2jMGIFUt8HaZZmw+HaNVkwOwkn2nKuAl9Ombzo2jMmd:Q6vYfHAa8uFUt8HaZ/+Haz5JfHAa8RJ
                        MD5:84602DFC67D84EE86B9F58FE03C30872
                        SHA1:C88C70EC9E7D00B55950D8F0D69C24381DC83807
                        SHA-256:DE67B491622013AA23EE642F556235F9F8461970D9899485AB079907E7321595
                        SHA-512:60382AF6A8D8B2E3F7B936BF543BA21738B7E9AB3A18AC40F1AF4A9576984A75EFE00A8FC48D5DC9900DB81423070B5E9BD10F23C860333FBBA1F2D69745E139
                        Malicious:false
                        Reputation:low
                        Preview:2024/10/04-13:07:06.833 1cb8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/04-13:07:06.834 1cb8 Recovering log #3.2024/10/04-13:07:06.834 1cb8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\49dee721-1ea9-4765-bd8d-da72be44b7b8.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:JSON data
                        Category:modified
                        Size (bytes):475
                        Entropy (8bit):4.968694759048396
                        Encrypted:false
                        SSDEEP:12:YH/um3RA8sqZ6hsBdOg2HR2caq3QYiubInP7E4T3y:Y2sRdsARdMHRJ3QYhbG7nby
                        MD5:4FF001CFDF660618AC42A726ABE2C2A6
                        SHA1:6FDDEB030A56328311797A69D5BC18A00037601D
                        SHA-256:79057B0EFB3E18575C90F69B33700A5D0E1C1103C42BF2B5A37F73DBE3466D60
                        SHA-512:4775B93358B676FD87079DF203DE44655FC0E53DDE4AFC33093AD828E2C3E82B2C10505FA772DAB2148EC58ED1660E934E16A7CD47DFC1E66D04EC2600D124AF
                        Malicious:false
                        Reputation:low
                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372621639445594","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":159108},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):475
                        Entropy (8bit):4.968694759048396
                        Encrypted:false
                        SSDEEP:12:YH/um3RA8sqZ6hsBdOg2HR2caq3QYiubInP7E4T3y:Y2sRdsARdMHRJ3QYhbG7nby
                        MD5:4FF001CFDF660618AC42A726ABE2C2A6
                        SHA1:6FDDEB030A56328311797A69D5BC18A00037601D
                        SHA-256:79057B0EFB3E18575C90F69B33700A5D0E1C1103C42BF2B5A37F73DBE3466D60
                        SHA-512:4775B93358B676FD87079DF203DE44655FC0E53DDE4AFC33093AD828E2C3E82B2C10505FA772DAB2148EC58ED1660E934E16A7CD47DFC1E66D04EC2600D124AF
                        Malicious:false
                        Reputation:low
                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372621639445594","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":159108},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):4730
                        Entropy (8bit):5.256437120890034
                        Encrypted:false
                        SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo75spqTA8QsSqZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goB
                        MD5:7C9367A3CDC0B46652D8409775C03EEC
                        SHA1:8DC030DCBFFBCCED7AC78E7413AB8CA360ACC43C
                        SHA-256:05E38F169BFCE54323878DD960729E6F4A14484783B2CAC3FE189C5A5A6F8444
                        SHA-512:E8E6B5DCF5DDBB7E651AE2282959DCA9E0DC13D30945FAF5939CB0526D1DC6E1B45720256BFF59B6F191A47A61F0079F7E184329B6F7F01F470D616292E953CB
                        Malicious:false
                        Reputation:low
                        Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):324
                        Entropy (8bit):5.163316298696351
                        Encrypted:false
                        SSDEEP:6:Q0TN+q2Pwkn2nKuAl9OmbzNMxIFUt8H03FZZmw+H0oVkwOwkn2nKuAl9OmbzNMFd:QyIvYfHAa8jFUt8HMZ/+H95JfHAa84J
                        MD5:46498E3E999B2F634A4FB03579C91370
                        SHA1:DE3560E8378995B34C20D1B8ECF70DE49D4103A2
                        SHA-256:2CF89CCD69B6A3368CB26043953EB1D1A8347853E67D0B556405B0E55D72B9F6
                        SHA-512:6125DBED6AD20DBA721BCDA99EAF45E8453978195BD6E165243424B552D784FC7168DA2B299BB004432D092829DDE9C01E145A69788DA851ABE38EF48AF588D2
                        Malicious:false
                        Reputation:low
                        Preview:2024/10/04-13:07:07.714 1cb8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/04-13:07:07.716 1cb8 Recovering log #3.2024/10/04-13:07:07.717 1cb8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):324
                        Entropy (8bit):5.163316298696351
                        Encrypted:false
                        SSDEEP:6:Q0TN+q2Pwkn2nKuAl9OmbzNMxIFUt8H03FZZmw+H0oVkwOwkn2nKuAl9OmbzNMFd:QyIvYfHAa8jFUt8HMZ/+H95JfHAa84J
                        MD5:46498E3E999B2F634A4FB03579C91370
                        SHA1:DE3560E8378995B34C20D1B8ECF70DE49D4103A2
                        SHA-256:2CF89CCD69B6A3368CB26043953EB1D1A8347853E67D0B556405B0E55D72B9F6
                        SHA-512:6125DBED6AD20DBA721BCDA99EAF45E8453978195BD6E165243424B552D784FC7168DA2B299BB004432D092829DDE9C01E145A69788DA851ABE38EF48AF588D2
                        Malicious:false
                        Reputation:low
                        Preview:2024/10/04-13:07:07.714 1cb8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/04-13:07:07.716 1cb8 Recovering log #3.2024/10/04-13:07:07.717 1cb8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241004170710Z-157.bmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:PC bitmap, Windows 3.x format, 164 x -127 x 32, cbSize 83366, bits offset 54
                        Category:dropped
                        Size (bytes):83366
                        Entropy (8bit):2.731194433643919
                        Encrypted:false
                        SSDEEP:768:O61biYfemFvWauE8ogPZD0krsMF/jQ89aaY90N:OQDfrunogPl0CsOjQ89aaY90N
                        MD5:908A1FCB01119C7486995958AA95808B
                        SHA1:163ED0B1321B58D259FFB67FFEC017D44013B9C0
                        SHA-256:E80FDECCE5F9A6EF90CB012DE89B0CB0C6CBD24BDD2CD10A2C4EFC38783BCF01
                        SHA-512:55EA10A382688DF652BECC619F3B52359BA9F57C5B34FA8C350418A38E1E449F02C76C716F0249E600AFF08559BA1053FD3296152F2892688113B7C54B46CD91
                        Malicious:false
                        Preview:BM.E......6...(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                        Category:dropped
                        Size (bytes):86016
                        Entropy (8bit):4.444937311012448
                        Encrypted:false
                        SSDEEP:384:yezci5tOiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rhs3OazzU89UTTgUL
                        MD5:4E94E43BA6C89C20EC432E8363273967
                        SHA1:351C21454D8DD3987C117C596F4B14132A1DEE4D
                        SHA-256:1A2C590DAA4ACE6ACAB41AC1CCAB185DB9EB408171B01E9CE1EAF9B043B8E092
                        SHA-512:88EB0294782949F0AFF3D0DB905462FC3EBE99DEB77A9623D331B87A1782049BC1A5ED9B419FC7C4F41192C2FD78FE9EC11437ECA402F1B0DB0BA0F9DD8C3A4B
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite Rollback Journal
                        Category:dropped
                        Size (bytes):8720
                        Entropy (8bit):3.7718474437208402
                        Encrypted:false
                        SSDEEP:48:7MAWp/E2ioyVtioy9oWoy1Cwoy1FKOioy1noy1AYoy1Wioy1hioybioyhoy1noy/:7mpjutFUXKQUlb9IVXEBodRBkv
                        MD5:3B6FD825053611DFA40ECC4F3831D973
                        SHA1:FAC39B9405CA2F50BEED164F72CCF0769C2B794B
                        SHA-256:F83F01339BE6EBC45FD025FC28DACF1AE06230394A0E769FA00ED63071DA764F
                        SHA-512:5B07FF5CFDB04F545C66A0D8B4F236077DD5C9D7214C827D8B360EB892D156C0B35808A1209865F5AD7024B5D2536650EE37DF2AD82E35CAE539A0084E01348B
                        Malicious:false
                        Preview:.... .c.....j.r................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:Certificate, Version=3
                        Category:dropped
                        Size (bytes):1391
                        Entropy (8bit):7.705940075877404
                        Encrypted:false
                        SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                        MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                        SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                        SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                        SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                        Malicious:false
                        Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):192
                        Entropy (8bit):2.7425532007658724
                        Encrypted:false
                        SSDEEP:3:kkFklTUnz+MlXfllXlE/HT8kulzlXNNX8RolJuRdxLlGB9lQRYwpDdt:kKPnz+kIT837NMa8RdWBwRd
                        MD5:8A18FA4A4719C042BF314A1AA906172F
                        SHA1:E32796B8A1D455F4DFBBF94F32639A426173BF49
                        SHA-256:F2E411DA03FC62C3B76DE59FF00B096423F3E1EED7D62238B7294489A1A2B93E
                        SHA-512:5EF0AD66EF99ACBA351F7570579AD8151E1162B150ECF3A52231A2AF540C6398606854B4DDCA728B721485DDAA1903FF0AF4034EDEE0C1CA6CA7A354219DD3E8
                        Malicious:false
                        Preview:p...... ........ q......(....................................................... ..........W....'H..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3684

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:PostScript document text
                        Category:dropped
                        Size (bytes):185099
                        Entropy (8bit):5.182478651346149
                        Encrypted:false
                        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                        MD5:94185C5850C26B3C6FC24ABC385CDA58
                        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                        Malicious:false
                        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:PostScript document text
                        Category:dropped
                        Size (bytes):185099
                        Entropy (8bit):5.182478651346149
                        Encrypted:false
                        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                        MD5:94185C5850C26B3C6FC24ABC385CDA58
                        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                        Malicious:false
                        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):244540
                        Entropy (8bit):3.3415042960460593
                        Encrypted:false
                        SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwggErRo+RQn:yPClJ/3AYvYwgrFo+RQn
                        MD5:758B42992DDFC41CB5E57069C621B54A
                        SHA1:D0C28AF6CF1BD2208DA97DEDE57F6C78CEC98DCD
                        SHA-256:55DF75758DD6CA825ED2DC9380EDC8469351191308C34CACFC44205197ABD25D
                        SHA-512:437918372167A402005A728DCBBEF7B3A9580B794AD6A948A435C9D57C1672ACC1B7376E2A09113B66600EF5049D23625174256565BC639125A2F2BD07928926
                        Malicious:false
                        Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):295
                        Entropy (8bit):5.376728697444265
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXgEiDR6RsO9VoZcg1vRcR0YGXVPoAvJM3g98kUwPeUkwRe9:YvXKXgVDNZc0vTVwGMbLUkee9
                        MD5:C6554E9E44D733B02722D1799D624EC6
                        SHA1:0A5DD08142F7A9470E288FE268B73F07AF812418
                        SHA-256:733B807C14C5CBCE07025F0E228DC6536B110A3040EC0B75123F3EFB882F9726
                        SHA-512:14C5C23259BCECB7673D6B2A7FE775CCF0D9597E399BAA867C142D81494A8AFD4AEF541DE7B234A6F1A1E4AA80783C49CFFDD91325F1AF4E9E6CA78AD88AD88D
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"15c42af8-8adb-4f51-9ab3-0d4715adc4b9","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728234733069,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):294
                        Entropy (8bit):5.327495339910927
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXgEiDR6RsO9VoZcg1vRcR0YGXVPoAvJfBoTfXpnrPeUkwRe9:YvXKXgVDNZc0vTVwGWTfXcUkee9
                        MD5:98097718A4ADFAFC82B2AA9CB4B7A6BE
                        SHA1:9556711F9F161AE3DF2965CB46D636287FE630E3
                        SHA-256:8DAA7D224C6B3FB6871545E222911E76E048A28267122BF0B916C57767094C0E
                        SHA-512:4B68330821E52FFFB2571D0C885DD1A941E5DF22EC59CD7B2F785AD1CA93B636FDF832C16FB00BEB2DA57C79A7EE8DFCDE94F845DD4B946273CE59CB9AFFFC5C
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"15c42af8-8adb-4f51-9ab3-0d4715adc4b9","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728234733069,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):294
                        Entropy (8bit):5.3054479399102865
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXgEiDR6RsO9VoZcg1vRcR0YGXVPoAvJfBD2G6UpnrPeUkwRe9:YvXKXgVDNZc0vTVwGR22cUkee9
                        MD5:EB7DE02D85C52605F4BB273361D7E5D4
                        SHA1:CEBAF5B25ABC800170320F4C315C215C13246552
                        SHA-256:68346CA959A813B137D61E83B7FBB3D4E07D709A8330345BEE0769300FD77B26
                        SHA-512:EB2140CA1F32156093ED09412F65DDD88F471C1BE4780122EF659FBD5B10D098291B5358C52CF102DF813CAB0CA271ED2CFE560272390140C60AA11BE179595B
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"15c42af8-8adb-4f51-9ab3-0d4715adc4b9","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728234733069,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):285
                        Entropy (8bit):5.3642081619245845
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXgEiDR6RsO9VoZcg1vRcR0YGXVPoAvJfPmwrPeUkwRe9:YvXKXgVDNZc0vTVwGH56Ukee9
                        MD5:7EDE70C3BCC8A39EFA872262D6572AF0
                        SHA1:463E56FF291C77DD680FE7FADA1244B008D845CA
                        SHA-256:481A4D149FC21196873F395EC093D6701EAEE7B23E4202E41E1CE89A8FF1120F
                        SHA-512:889648D0D3078A3FABD0C76A25DCB65F4D3A5737FE9191D71F4CA21B763AB024B1A9EEDB32D6A5D6BF5B3867A0585D110340DBC0A954DE01E81FD85D26C98A32
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"15c42af8-8adb-4f51-9ab3-0d4715adc4b9","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728234733069,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1091
                        Entropy (8bit):5.6897390066315605
                        Encrypted:false
                        SSDEEP:24:Yv6XgVNzvTbpLgE7cgD6SOGtnnl0RCmK8czOCYvSwb:Yv1rbhgs6SraAh8cvYKwb
                        MD5:8C7EAB89BABBBDDFF2FD4DDA087D2B8E
                        SHA1:1C67FE7B8DB8805F94FAE7C4792C3194666593ED
                        SHA-256:2AAD695CB1B0BE95716633CF93F39656E3A2254E816DA54B24D09609DA78F537
                        SHA-512:644B8EEF43F3FEC8A7D423A18FA702A14906DC20A2F6D3E15F7E9749CD7710AABDACBE6D5D5C6E9AF9B90595C83523F08EAE40905569EDABFF09EC00D87D83F2
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"15c42af8-8adb-4f51-9ab3-0d4715adc4b9","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728234733069,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_2","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"67a3a874-888f-4d96-9f3d-26e70c3e0be1","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgUERGIGZpbGVzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjoiUkdTMDM1MS1FTlUtQ2hhbGxlbmdlcjIifQ==","dataType":"ap

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1050
                        Entropy (8bit):5.6531985418695845
                        Encrypted:false
                        SSDEEP:24:Yv6XgVNzvTXVLgEF0c7sbnl0RCmK8czOCYHflEpwiVXb:Yv1rXFg6sGAh8cvYHWpwwb
                        MD5:F1A1F26AA0B8523BB347F78A2B149B48
                        SHA1:265943879317213E1986B7CFEFEE8C763DCC1AA7
                        SHA-256:36B52670A21CF52D776AC70B9ADD49FE1FC963254B77BCB478F61A2E6CDCF427
                        SHA-512:4CF3A92E968BE9AC793C628C2CD741F559A052E7B07B2D53B82B051508DBE67B0CCA17B1A7AEF073A88ABFB8BBBCCE4EBD36CC2CA4FD08B561845D09BFEC1929
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"15c42af8-8adb-4f51-9ab3-0d4715adc4b9","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728234733069,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):292
                        Entropy (8bit):5.314624639703036
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXgEiDR6RsO9VoZcg1vRcR0YGXVPoAvJfQ1rPeUkwRe9:YvXKXgVDNZc0vTVwGY16Ukee9
                        MD5:C7B52FB389CF0875B34833F0B45D4A49
                        SHA1:835E2FFD2A497DD83CF5A0D978DC412BE6710152
                        SHA-256:E9A3C52004A551B2B35DFCE121C82AE205701ADB685E8A80FF2B68295DA0F3FA
                        SHA-512:0A87387B29180CC1908369090E4BDFB6C447439F37A72615BD95F9A8272BEEC37213ADB0021537F78E26DCBEB7697113008D732D4EA4F8B61DD7ED208DB49E49
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"15c42af8-8adb-4f51-9ab3-0d4715adc4b9","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728234733069,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1098
                        Entropy (8bit):5.688633172957139
                        Encrypted:false
                        SSDEEP:24:Yv6XgVNzvTG2LgEFcs2SOGt0nl0RCmK8czOCUaBtCrfSwb:Yv1rGogq2SrhAh8cvUgEmwb
                        MD5:63CD87B7D49C9F6CC525AD0E8B4FD7E7
                        SHA1:950079734D06A3ED85C03B997528DC9A3A1A95FB
                        SHA-256:88AD720307D3F490E55A7B261B88A9C636C4890B2F01F641976A6F4FD2C60CDD
                        SHA-512:6CD6C266B6796352C53B88317DDEA1475890770B76F69E45A3879885AE51C8C750E58F5A59ACD637C38157FFAED4B8EBABEBAA6AB018F04DEF5A99AB332BD9E1
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"15c42af8-8adb-4f51-9ab3-0d4715adc4b9","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728234733069,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_0","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"abdf1d9d-2114-4953-95a6-4eed783b9872","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlR1cm4gc2Nhbm5lZCBwYXBlciBkb2N1bWVudHNcbmludG8gaW5zdGFudGx5IGVkaXRhYmxlIFBERnMuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNoYWxsZW5nZXIyIn0=","dataTy

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1164
                        Entropy (8bit):5.699103502893798
                        Encrypted:false
                        SSDEEP:24:Yv6XgVNzvTqKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5Xb:Yv1rqEgqprtrS5OZjSlwTmAfSKZb
                        MD5:E1052A63B6EBE3C8ABF69A8A1FA7302E
                        SHA1:B0EA0C5B91CA5657627BD774187BC25B6BC54E30
                        SHA-256:CC3D9772C9B32F3E1E7B2F546D95F76DFD71B85D2241CE7F26C6CD13FF7413BF
                        SHA-512:FD1680FE4F293EFED13666105CABF0EBA533691B48AFC1107514803355384C3BE31C5313C2C6EB2B696F1DAF9DC0139984AD026AEF3F825EDD01CE2C517B4351
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"15c42af8-8adb-4f51-9ab3-0d4715adc4b9","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728234733069,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):289
                        Entropy (8bit):5.316554711194873
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXgEiDR6RsO9VoZcg1vRcR0YGXVPoAvJfYdPeUkwRe9:YvXKXgVDNZc0vTVwGg8Ukee9
                        MD5:67F18B5364E8CBBF676FC14E56F02490
                        SHA1:3022A6B3544FD28978218049587E63AFCF373355
                        SHA-256:2BFC8FFE35D0D1620A65286293A4290E328BC6FB2765723E3EB4789EB055175E
                        SHA-512:0E9843586F02B24103E16C4FB4BC9A8F6424E5788560D120C555305045AE436A5AF7B54DCB8D5782CF9CB3C9657E2498120F45AB04C5DC623BF95D6038AF98D6
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"15c42af8-8adb-4f51-9ab3-0d4715adc4b9","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728234733069,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1395
                        Entropy (8bit):5.776551493919431
                        Encrypted:false
                        SSDEEP:24:Yv6XgVNzvTZrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNfb:Yv1rZHgDv3W2aYQfgB5OUupHrQ9FJZb
                        MD5:C9F71FDE031833ABF6B046441615413A
                        SHA1:79DFF450A44252BDED65B6425BD915135CFDDE4F
                        SHA-256:2FDBE7A1FE21EBB8C0607263611E165D08CE8700B592541C4C0D2E5DA5C423D5
                        SHA-512:BBDFBE33D3E8481F23C294EFB1DFE96AAF07F88512051AAF25CDB70B433AA142CB582242CFE3B21D8338FD90F9D593F1480BC1C7C9E712CAEC1A1B926142B0F1
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"15c42af8-8adb-4f51-9ab3-0d4715adc4b9","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728234733069,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):291
                        Entropy (8bit):5.299988030784922
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXgEiDR6RsO9VoZcg1vRcR0YGXVPoAvJfbPtdPeUkwRe9:YvXKXgVDNZc0vTVwGDV8Ukee9
                        MD5:95ADD8B072E8E1380B281FCD9B3FD722
                        SHA1:26607632C9BEDDF02584A7AEFE09B93E86D652D4
                        SHA-256:BEA00FDA27719CCDF26CCF5714E4F758E24A97C6F248CBF8AA972EDB0CA55819
                        SHA-512:4439BF87F56B7CBCD1A8F7E70A81C70DBA45FB7F86D87D334893CED07726920049DD661599CF05FC481D7F352944A685238DE9CEAD2EB8BD4DBF5F2C7D289C59
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"15c42af8-8adb-4f51-9ab3-0d4715adc4b9","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728234733069,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):287
                        Entropy (8bit):5.305443902099387
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXgEiDR6RsO9VoZcg1vRcR0YGXVPoAvJf21rPeUkwRe9:YvXKXgVDNZc0vTVwG+16Ukee9
                        MD5:1425D737A27E77AEC15D93A0BE692C92
                        SHA1:0D1E4DF64514C56E7422DE0569ACACE6288C427B
                        SHA-256:E59F2ED52599462E714A090E8A7B8C4DF83287F6AF5B1A2788518863303DB4D8
                        SHA-512:CE12C99000B2691FFC8028571A6F5B988B5F49FE8FCF4264703586502A013D936965FAFBBCEA7C2AABE9C90B9AF17B1456700434EC37E87B73ABF6A952EEEBE4
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"15c42af8-8adb-4f51-9ab3-0d4715adc4b9","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728234733069,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1054
                        Entropy (8bit):5.667979707364383
                        Encrypted:false
                        SSDEEP:24:Yv6XgVNzvTbamXayLgE6cTg4QSOGtNaqnl0RCmK8czOC/CrfSwb:Yv1rrBgSXQSrOAh8cv6mwb
                        MD5:E6F6CD6F4740F4E8503F925F135520B9
                        SHA1:9031A7593BE1138DC3FDA94CB61BAF207EA2531E
                        SHA-256:7D43F1D37E4293EF666A675C59EC25EB8F3BF0A51A5A0186C0AC244C201E3DDD
                        SHA-512:F15ED3D881391F05D1B29F3E0BDF5DC7A850F91D57E79108E329B27B37E2225447097642DAEE2F75A86B80B9A74C8A0A7EE10916C7A8871372C6F5297AFD6117
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"15c42af8-8adb-4f51-9ab3-0d4715adc4b9","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728234733069,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_1","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"7fe39695-394c-4706-9b50-651e7499d428","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNoYWxsZW5nZXIyIn0=","dataType":"application\/json","encodingScheme":tru

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):286
                        Entropy (8bit):5.2791112108231255
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXgEiDR6RsO9VoZcg1vRcR0YGXVPoAvJfshHHrPeUkwRe9:YvXKXgVDNZc0vTVwGUUUkee9
                        MD5:ABA7590A44DED3D11845CD3509D53F55
                        SHA1:F587733D3D21B47F52B02DC4880139869FF67606
                        SHA-256:18721A94ED332559FEA8546B7B98FDD5A2A805160818264449578D6955B0AFB1
                        SHA-512:913A7EB5DFAAA70E7944A386031695245ED109D43BF56DA9C041B6F274551683B25EFFDBF3B2F121EDAEC3CE35BF89A4AA0A1466B172C4A81EF8FF052F5D6C4D
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"15c42af8-8adb-4f51-9ab3-0d4715adc4b9","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728234733069,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):782
                        Entropy (8bit):5.37250245406095
                        Encrypted:false
                        SSDEEP:12:YvXKXgVDNZc0vTVwGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW7b:Yv6XgVNzvT4168CgEXX5kcIfANhwb
                        MD5:040CB1F2708FC2DDF16EC69D109501D5
                        SHA1:922298C571E2B9477FCDBEB3778504D01BA98BFD
                        SHA-256:70E5FF95ECCAB81F245FCF0E8B924DCA62E4AFB9A039FE0B4F2F5B976F5FDACA
                        SHA-512:6E69F7DA3ECDE709F82096764C897E3907E5F55A0687F2A5A1CCF81C248CC1D9A6A11399513F29F1591759ECF9334E339F708F46C022DFF00E74F3DD91A8AF63
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"15c42af8-8adb-4f51-9ab3-0d4715adc4b9","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728234733069,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1728061633102}}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):4
                        Entropy (8bit):0.8112781244591328
                        Encrypted:false
                        SSDEEP:3:e:e
                        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                        Malicious:false
                        Preview:....

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):2818
                        Entropy (8bit):5.137900621997018
                        Encrypted:false
                        SSDEEP:24:YnkggkEa6Iay00JG3CAq8g0jiB+xxlsHx+5jZ5j0S/oL2FH2If2LSZxc5OG9Lb3H:Ykljxc0j0+xxsOZtEalT3xcAG9Lb3
                        MD5:43488125AD4F1A0D6F2BAF06CA28EA31
                        SHA1:600F9B3D9CAF85949D1C2406C3B4691CF7F74541
                        SHA-256:C1F88F2094C7C9B5BF7A9CE89E5EC519D58FD65127D4C32A940059E71F562DBC
                        SHA-512:EB9255CB18A04AC2BCD664AAFF996FB9BB21D3CFA5FCB9EBA9621669D38BDBC91E6E05F592D65EF1A7A640E337A87EAD63229FE70AE553E26E59BAEF8D365FE0
                        Malicious:false
                        Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"ded8721425f116b4db6802eaf1b3126d","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1728061632000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"9d4ac8fb4fe912104178c88aff4be558","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1728061632000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"f32b04eb3657c324f09271c226a24afa","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1054,"ts":1728061632000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"587c4588e518976552a43a987974b097","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1091,"ts":1728061632000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"33a04d68bb1dede18b03d948054dad47","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1098,"ts":1728061632000},{"id":"Edit_InApp_Aug2020","info":{"dg":"80c03b62f6c777c3c8e1bce46e232748","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                        Category:dropped
                        Size (bytes):12288
                        Entropy (8bit):1.1862100954597394
                        Encrypted:false
                        SSDEEP:48:TGufl2GL7msEHUUUUUUUUCSvR9H9vxFGiDIAEkGVvpJ:lNVmswUUUUUUUUC+FGSItF
                        MD5:5D8D5273523BA6B1BC4F7C463672F58D
                        SHA1:1F8117D0865F128C7C9189D9CB351EA449E025DA
                        SHA-256:46B4981001B1939334F037323C325474D4177552D3436D1B4BCF15C1B14F68F1
                        SHA-512:CF6FD39886B7801CB7EDF19499A33DE0707E30B23F73A6CDF69FC4734CEFD7143DA269023C06D52F2F78DB15F0693DD45F2D4F2374C3BC92774942C403BDF985
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite Rollback Journal
                        Category:dropped
                        Size (bytes):8720
                        Entropy (8bit):1.6041896602786403
                        Encrypted:false
                        SSDEEP:48:7MJKUUUUUUUUUUQvR9H9vxFGiDIAEkGVv1qFl2GL7ms4x:7bUUUUUUUUUUoFGSItzKVms8
                        MD5:588CB2F537F9ED5A230B4B3129BF1CB9
                        SHA1:E325EC675439E705BA4286BBC921430586EAE62A
                        SHA-256:A5B7FA53DB0D77ED076A6BAF040E50604D11616BDE61D251A0AA475874C074EB
                        SHA-512:82B6F69124765A70D038349AADDF87A231ADB14DC2A7D4301890B799DE05CF21E0435222226F355389C2BDBACE2DB150C51D46B68C8F0D84272663E42DC6BEE5
                        Malicious:false
                        Preview:.... .c.....}}d.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\MSI71930.LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):246
                        Entropy (8bit):3.5162684137903053
                        Encrypted:false
                        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K82RqRlDH:Qw946cPbiOxDlbYnuRK/+b
                        MD5:E469ADEEB5A40CD8F960205633CB3736
                        SHA1:908B686B82416031B0A7D198CFF772977AE6626B
                        SHA-256:B5A6C2E0238E5397BAB1852F6B445106DABF7168FC0232C281EFE35A0F6B49CF
                        SHA-512:453E622D2650E8025429CB630851B695F26E46C893D24FFCDA67F7154410E471A88142BEF859999B6AB5DC827685588D3E67FA0F5586413AAB5ABB24DDA77FB5
                        Malicious:false
                        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.4./.1.0./.2.0.2.4. . .1.3.:.0.7.:.1.5. .=.=.=.....

                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-04 13-07-08-959.log

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with very long lines (393)
                        Category:dropped
                        Size (bytes):16525
                        Entropy (8bit):5.345946398610936
                        Encrypted:false
                        SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                        MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                        SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                        SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                        SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                        Malicious:false
                        Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with very long lines (393), with CRLF line terminators
                        Category:dropped
                        Size (bytes):15108
                        Entropy (8bit):5.349606802944215
                        Encrypted:false
                        SSDEEP:384:atZ0JJwc2Uj8hL36qqYb1UfO2Jjs9dpgheoyU4inTm9v5XsmuJ/9QXQVI7dKEzTQ:vgK
                        MD5:F79304E94E9B1064B2D655B28076D90C
                        SHA1:9499EDCBC84D3CAF903771FA8E93D5B1D73CFC72
                        SHA-256:64C9C3FA458EC934C94B71608230010F0110A89690134867580F4411849D00F9
                        SHA-512:E1E5138BDC6D58E0441214BC1300CB9D2FC946B512AB8BD22503A1610F20CBF37D396EB848E052C528C865589559E6FA12C0DD66B822BC8134708EC6E9E8E3DB
                        Malicious:false
                        Preview:SessionID=99bf0b97-7979-472f-9fa8-b3a8f42336b9.1728061628970 Timestamp=2024-10-04T13:07:08:970-0400 ThreadID=1516 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=99bf0b97-7979-472f-9fa8-b3a8f42336b9.1728061628970 Timestamp=2024-10-04T13:07:08:971-0400 ThreadID=1516 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=99bf0b97-7979-472f-9fa8-b3a8f42336b9.1728061628970 Timestamp=2024-10-04T13:07:08:971-0400 ThreadID=1516 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=99bf0b97-7979-472f-9fa8-b3a8f42336b9.1728061628970 Timestamp=2024-10-04T13:07:08:971-0400 ThreadID=1516 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=99bf0b97-7979-472f-9fa8-b3a8f42336b9.1728061628970 Timestamp=2024-10-04T13:07:08:971-0400 ThreadID=1516 Component=ngl-lib_NglAppLib Description="SetConf

                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):29752
                        Entropy (8bit):5.383768512267008
                        Encrypted:false
                        SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rS:e
                        MD5:87D32B8BCE5EC8A2D2650ADF21EA043F
                        SHA1:6EC14FFE568E90128386B525F91206F37D9F9D16
                        SHA-256:5FB6F75563D057E777CA0A4AC47263323598BEE95FFE900E5CC1B49700F23664
                        SHA-512:C9FE774BF338B220DC00899801AD2323598E923FD796AF79FED044C8F9862C3023FA05C032DD92FF2203A71F48D4C86041CE1C8FEDED64A9D18694BEA0C5C051
                        Malicious:false
                        Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                        C:\Users\user\AppData\Local\Temp\acrocef_low\1520bab2-a727-4090-9cd1-92461f0e72e8.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                        Category:dropped
                        Size (bytes):758601
                        Entropy (8bit):7.98639316555857
                        Encrypted:false
                        SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                        MD5:3A49135134665364308390AC398006F1
                        SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                        SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                        SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                        Malicious:false
                        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                        C:\Users\user\AppData\Local\Temp\acrocef_low\76f67664-5588-4728-979c-92b517fd4e51.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                        Category:dropped
                        Size (bytes):386528
                        Entropy (8bit):7.9736851559892425
                        Encrypted:false
                        SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                        MD5:5C48B0AD2FEF800949466AE872E1F1E2
                        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                        Malicious:false
                        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                        C:\Users\user\AppData\Local\Temp\acrocef_low\935e4509-6e43-4bd3-a449-6a57347f7829.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                        Category:dropped
                        Size (bytes):1407294
                        Entropy (8bit):7.97605879016224
                        Encrypted:false
                        SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                        MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                        SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                        SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                        SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                        Malicious:false
                        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                        C:\Users\user\AppData\Local\Temp\acrocef_low\9ac16cf2-71e2-4546-a509-413dd75c8919.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                        Category:dropped
                        Size (bytes):1419751
                        Entropy (8bit):7.976496077007677
                        Encrypted:false
                        SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                        MD5:18E3D04537AF72FDBEB3760B2D10C80E
                        SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                        SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                        SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                        Malicious:false
                        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                        Static File Info

                        General

                        File type:PDF document, version 1.3, 1 pages
                        Entropy (8bit):7.823859399767755
                        TrID:
                        • Adobe Portable Document Format (5005/1) 100.00%
                        File name:September #35- J023196- Victoria College.pdf
                        File size:731'578 bytes
                        MD5:c7c2dd45d9b3a57907e0bdf2e19616ea
                        SHA1:77c90fe83cb9324ac330e47f21d646286fb705e1
                        SHA256:a2815b649a15a457dc00c469ff6b3261f82461436947e15d5ad85c90cdf39424
                        SHA512:cc9146c681b526ac80a731b48faae799b9d67cb7634cde12bb7e7d6736d0d23d433889eef446a3f20227980cdaa4befcc0dcd4dfe67b3508c7f693371a9efdaf
                        SSDEEP:12288:3WJZLU3Vnyl9183mZBGxYCplEm88BKbb0fQwyvYI1qXMQVS4h:36sVY9ye4xYc8WK0Y3vYI1ch
                        TLSH:CAF419179C4887C6911D82D4BD134EEC2F0A6B4CEA956EFF002A4FDB7D626275D8E01E
                        File Content Preview:%PDF-1.3.%.....1 0 obj.<< ./CreationDate (D:20240925101623-06'00').>> .endobj.2 0 obj.<< ./Pages 3 0 R ./Type /Catalog .>> .endobj.4 0 obj.<< /Type /XObject /Subtype /Image /Name /Obj4 /Width 2193 /Height 1703 ./BitsPerComponent 8 /ColorSpace /DeviceRGB./

                        File Icon

                        Icon Hash:62cc8caeb29e8ae0

                        Static PDF Info

                        General

                        Header:%PDF-1.3
                        Total Entropy:7.823859
                        Total Bytes:731578
                        Stream Entropy:7.825039
                        Stream Bytes:729127
                        Entropy outside Streams:4.961783
                        Bytes outside Streams:2451
                        Number of EOF found:2
                        Bytes after EOF:

                        Keywords Statistics

                        NameCount
                        obj19
                        endobj19
                        stream10
                        endstream10
                        xref2
                        trailer2
                        startxref2
                        /Page2
                        /Encrypt0
                        /ObjStm0
                        /URI0
                        /JS0
                        /JavaScript0
                        /AA0
                        /OpenAction0
                        /AcroForm0
                        /JBIG2Decode0
                        /RichMedia0
                        /Launch0
                        /EmbeddedFile0

                        Image Streams

                        IDDHASHMD5Preview
                        436336761614f7703705ce25fb32932aa503c01c3b389aff9
                        12e35655717515000017485bf39c64d4f3083190ef214a6dcf

                        Network Behavior

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Oct 4, 2024 19:07:20.514700890 CEST49748443192.168.2.423.56.162.185
                        Oct 4, 2024 19:07:20.514784098 CEST4434974823.56.162.185192.168.2.4
                        Oct 4, 2024 19:07:20.514878988 CEST49748443192.168.2.423.56.162.185
                        Oct 4, 2024 19:07:20.515086889 CEST49748443192.168.2.423.56.162.185
                        Oct 4, 2024 19:07:20.515120983 CEST4434974823.56.162.185192.168.2.4
                        Oct 4, 2024 19:07:21.083877087 CEST4434974823.56.162.185192.168.2.4
                        Oct 4, 2024 19:07:21.084211111 CEST49748443192.168.2.423.56.162.185
                        Oct 4, 2024 19:07:21.084275961 CEST4434974823.56.162.185192.168.2.4
                        Oct 4, 2024 19:07:21.085763931 CEST4434974823.56.162.185192.168.2.4
                        Oct 4, 2024 19:07:21.085843086 CEST49748443192.168.2.423.56.162.185
                        Oct 4, 2024 19:07:21.186745882 CEST49748443192.168.2.423.56.162.185
                        Oct 4, 2024 19:07:21.186933994 CEST4434974823.56.162.185192.168.2.4
                        Oct 4, 2024 19:07:21.187031984 CEST49748443192.168.2.423.56.162.185
                        Oct 4, 2024 19:07:21.187052011 CEST4434974823.56.162.185192.168.2.4
                        Oct 4, 2024 19:07:21.230413914 CEST49748443192.168.2.423.56.162.185
                        Oct 4, 2024 19:07:21.283310890 CEST4434974823.56.162.185192.168.2.4
                        Oct 4, 2024 19:07:21.283638000 CEST4434974823.56.162.185192.168.2.4
                        Oct 4, 2024 19:07:21.283694983 CEST49748443192.168.2.423.56.162.185
                        Oct 4, 2024 19:07:21.284096956 CEST49748443192.168.2.423.56.162.185
                        Oct 4, 2024 19:07:21.284117937 CEST4434974823.56.162.185192.168.2.4
                        Oct 4, 2024 19:07:21.284133911 CEST49748443192.168.2.423.56.162.185
                        Oct 4, 2024 19:07:21.284176111 CEST49748443192.168.2.423.56.162.185

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Oct 4, 2024 19:07:20.022653103 CEST5355553192.168.2.41.1.1.1
                        Oct 4, 2024 19:07:36.013010025 CEST5469153192.168.2.41.1.1.1

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Oct 4, 2024 19:07:20.022653103 CEST192.168.2.41.1.1.10xa684Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                        Oct 4, 2024 19:07:36.013010025 CEST192.168.2.41.1.1.10xf1e5Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Oct 4, 2024 19:07:20.030930042 CEST1.1.1.1192.168.2.40xa684No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                        Oct 4, 2024 19:07:36.021008968 CEST1.1.1.1192.168.2.40xf1e5No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

                        HTTP Request Dependency Graph

                        • armmf.adobe.com

                        HTTPS Proxied Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.44974823.56.162.1854437260C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        TimestampBytes transferredDirectionData
                        2024-10-04 17:07:21 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                        Host: armmf.adobe.com
                        Connection: keep-alive
                        Accept-Language: en-US,en;q=0.9
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                        Sec-Fetch-Site: same-origin
                        Sec-Fetch-Mode: no-cors
                        Sec-Fetch-Dest: empty
                        Accept-Encoding: gzip, deflate, br
                        If-None-Match: "78-5faa31cce96da"
                        If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                        2024-10-04 17:07:21 UTC198INHTTP/1.1 304 Not Modified
                        Content-Type: text/plain; charset=UTF-8
                        Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                        ETag: "78-5faa31cce96da"
                        Date: Fri, 04 Oct 2024 17:07:21 GMT
                        Connection: close


                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:13:07:05
                        Start date:04/10/2024
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\September #35- J023196- Victoria College.pdf"
                        Imagebase:0x7ff6bc1b0000
                        File size:5'641'176 bytes
                        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:1
                        Start time:13:07:06
                        Start date:04/10/2024
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                        Imagebase:0x7ff74bb60000
                        File size:3'581'912 bytes
                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:3
                        Start time:13:07:06
                        Start date:04/10/2024
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1520,i,2359972223169240925,15755556354658978647,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                        Imagebase:0x7ff74bb60000
                        File size:3'581'912 bytes
                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        Disassembly

                        No disassembly