Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
cen03-2018-rrb-notification.pdf

Overview

General Information

Sample name:cen03-2018-rrb-notification.pdf
Analysis ID:1500273
MD5:666f1e7ce43dca40014d716ed5f8f86f
SHA1:067f7c26c169440ae03d4cd2c22bc0285659760c
SHA256:ca1271cdf8397b064bda6ba3cf89ae0f50564ee32bfd2e4d984fd1873a36a76b
Tags:pdf
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 1784 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\cen03-2018-rrb-notification.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 940 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7320 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2040 --field-trial-handle=1676,i,2509119813639347335,536631791624859120,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49723
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49723
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49723
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49723
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49723
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49723
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49723
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49723
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49723
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49723
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49723 -> 23.47.168.24:443
Source: Joe Sandbox ViewIP Address: 23.47.168.24 23.47.168.24
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.2.drString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: cen03-2018-rrb-notification.pdfString found in binary or memory: http://www.color.org)
Source: cen03-2018-rrb-notification.pdfString found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: classification engineClassification label: clean2.winPDF@14/42@0/1
Source: cen03-2018-rrb-notification.pdfInitial sample: http://www.color.org
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-28 01-13-05-455.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\cen03-2018-rrb-notification.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2040 --field-trial-handle=1676,i,2509119813639347335,536631791624859120,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2040 --field-trial-handle=1676,i,2509119813639347335,536631791624859120,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: cen03-2018-rrb-notification.pdfStatic file information: File size 7048365 > 6291456
Source: cen03-2018-rrb-notification.pdfInitial sample: PDF keyword /JS count = 0
Source: cen03-2018-rrb-notification.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: cen03-2018-rrb-notification.pdfInitial sample: PDF keyword /Page count = 63
Source: cen03-2018-rrb-notification.pdfInitial sample: PDF keyword stream count = 127
Source: cen03-2018-rrb-notification.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: cen03-2018-rrb-notification.pdfInitial sample: PDF keyword /AA count = 2
Source: cen03-2018-rrb-notification.pdfInitial sample: PDF keyword endstream count = 127
Source: cen03-2018-rrb-notification.pdfInitial sample: PDF keyword obj count = 191
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Spearphishing Link		2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive12
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1500273 Sample: cen03-2018-rrb-notification.pdf Startdate: 28/08/2024 Architecture: WINDOWS Score: 2 6 Acrobat.exe 20 62 2->6         started        process3 8 AcroCEF.exe 107 6->8         started        process4 10 AcroCEF.exe 2 8->10         started        dnsIp5 13 23.47.168.24, 443, 49723 AKAMAI-ASUS United States 10->13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
cen03-2018-rrb-notification.pdf0%ReversingLabs
cen03-2018-rrb-notification.pdf0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.color.org)0%Avira URL Cloudsafe
http://www.npes.org/pdfx/ns/id/0%Avira URL Cloudsafe
http://www.npes.org/pdfx/ns/id/1%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://www.color.org)cen03-2018-rrb-notification.pdffalse
  • Avira URL Cloud: safe
unknown
http://www.npes.org/pdfx/ns/id/cen03-2018-rrb-notification.pdffalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
23.47.168.24
unknownUnited States
16625AKAMAI-ASUSfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1500273
Start date and time:2024-08-28 07:12:05 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 20s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:9
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:cen03-2018-rrb-notification.pdf
Detection:CLEAN
Classification:clean2.winPDF@14/42@0/1
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 104.115.88.161, 34.193.227.236, 18.207.85.246, 107.22.247.231, 54.144.73.197, 172.64.41.3, 162.159.61.3, 95.101.54.195, 2.16.202.123, 2.19.126.143, 2.19.126.149
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, identrust.edgesuite.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, a1952.dscq.akamai.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, apps.identrust.com

Simulations

Behavior and APIs

TimeTypeDescription
01:13:16API Interceptor1x Sleep call for process: AcroCEF.exe modified

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
23.47.168.24Mary Fleming-bonus benefit and retirement plans.pdfGet hashmaliciousHTMLPhisherBrowse
    1.exeGet hashmaliciousUnknownBrowse
      Review_Aonoro.pdfGet hashmaliciousUnknownBrowse
        Remittance Advice.pdfGet hashmaliciousUnknownBrowse
          CDMS User Manual.pdfGet hashmaliciousUnknownBrowse
            http://vobamobile.comGet hashmaliciousUnknownBrowse
              Pilatus-aircraft Complete Document - 774384.pdfGet hashmaliciousUnknownBrowse
                https://dl.dropboxusercontent.com/scl/fi/4mhppt9446w16rxyp8wch/ATDKM0-019002993PDF.zip?rlkey=bolgaypwmfsk0ve6n3zskuk1w&st=655ymbiy&dl=0Get hashmaliciousUnknownBrowse
                  Payment_EFT_Receipt3-For-Clc.pdfGet hashmaliciousUnknownBrowse
                    Recent_Changes_in_our_Benefits_Policy.zipGet hashmaliciousUnknownBrowse

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      AKAMAI-ASUShttps://www.unitek-products.com/products/1-5m-hdmi-v2-1-cableGet hashmaliciousUnknownBrowse
                      • 23.216.205.249
                      https://newbostondentalcare-my.sharepoint.com/:b:/g/personal/maryellen_newbostondental_com/ERDvxS5UJSxPtXyWuklCyAMBDYWal6mJXrTJHUf_OfHqfg?e=5l0sTuGet hashmaliciousPhisherBrowse
                      • 96.17.207.26
                      file.exeGet hashmaliciousLummaC, VidarBrowse
                      • 23.192.247.89
                      DOC-80697077.pdfGet hashmaliciousHTMLPhisherBrowse
                      • 104.78.188.188
                      San Xavier District of the Tohono O#U2019odham Nation.pdfGet hashmaliciousUnknownBrowse
                      • 104.78.188.188
                      San Xavier District of the Tohono O#U2019odham Nation.pdfGet hashmaliciousUnknownBrowse
                      • 2.16.184.207
                      https://aka.ms/LearnAboutSenderIdentificationGet hashmaliciousHTMLPhisherBrowse
                      • 23.211.9.234
                      Madisonwellsmedia546.pdfGet hashmaliciousHTMLPhisherBrowse
                      • 23.203.104.175
                      https://12dec6c2-3c78-e425-b87e-b20197f5da10.powerappsportals.com/Get hashmaliciousUnknownBrowse
                      • 23.38.98.96
                      Madisonwellsmedia546.pdfGet hashmaliciousUnknownBrowse
                      • 23.56.162.185

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):291
                      Entropy (8bit):5.119387372150541
                      Encrypted:false
                      SSDEEP:6:NFTIq2P92nKuAl9OmbnIFUt88YZmw+8AkwO92nKuAl9OmbjLJ:NFTIv4HAahFUt88Y/+8A5LHAaSJ
                      MD5:F16B48DF11FE78C8B0F7B3AEB082E3BA
                      SHA1:8B6B15C9707382E86A2FF057BE876BE02B0E4E34
                      SHA-256:73D7AADB4A6361B48062E4A73BBD3F46E0A6AA6CC60C13A54703859FE2B03A03
                      SHA-512:C03A190F8A2D46D98421EF18B4DE8D5FEC09C9498CC173904F69C9A5859575B8FD3AC2A964F9683D06027577428E0C9A2A69C95398B8B2CBCC676D55905F5D4F
                      Malicious:false
                      Reputation:low
                      Preview:2024/08/28-01:13:03.223 b04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/08/28-01:13:03.233 b04 Recovering log #3.2024/08/28-01:13:03.233 b04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):291
                      Entropy (8bit):5.119387372150541
                      Encrypted:false
                      SSDEEP:6:NFTIq2P92nKuAl9OmbnIFUt88YZmw+8AkwO92nKuAl9OmbjLJ:NFTIv4HAahFUt88Y/+8A5LHAaSJ
                      MD5:F16B48DF11FE78C8B0F7B3AEB082E3BA
                      SHA1:8B6B15C9707382E86A2FF057BE876BE02B0E4E34
                      SHA-256:73D7AADB4A6361B48062E4A73BBD3F46E0A6AA6CC60C13A54703859FE2B03A03
                      SHA-512:C03A190F8A2D46D98421EF18B4DE8D5FEC09C9498CC173904F69C9A5859575B8FD3AC2A964F9683D06027577428E0C9A2A69C95398B8B2CBCC676D55905F5D4F
                      Malicious:false
                      Reputation:low
                      Preview:2024/08/28-01:13:03.223 b04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/08/28-01:13:03.233 b04 Recovering log #3.2024/08/28-01:13:03.233 b04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):338
                      Entropy (8bit):5.139499458628959
                      Encrypted:false
                      SSDEEP:6:Nqcq2P92nKuAl9Ombzo2jMGIFUt88XZmw+8pYkwO92nKuAl9Ombzo2jMmLJ:N/v4HAa8uFUt88X/+8i5LHAa8RJ
                      MD5:5BC2C99F854960E7BD5A8B6A79AA2CFB
                      SHA1:B28369E388C5C41A738A5C98A80765ECA92850FD
                      SHA-256:E4F15BB7548917005494596F018CB80369B73A3B304C90AF0A29F6291068FF12
                      SHA-512:9EB23CE2DB5A22777FE2A35FD903D58B3C446151122D1248F0B9CB3A1B61F6114EBAB0838D4EBEBCE59C3C517E1D115733785DF59C9D670AABE83497D4A99EBA
                      Malicious:false
                      Reputation:low
                      Preview:2024/08/28-01:13:03.382 1ce4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/08/28-01:13:03.385 1ce4 Recovering log #3.2024/08/28-01:13:03.386 1ce4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):338
                      Entropy (8bit):5.139499458628959
                      Encrypted:false
                      SSDEEP:6:Nqcq2P92nKuAl9Ombzo2jMGIFUt88XZmw+8pYkwO92nKuAl9Ombzo2jMmLJ:N/v4HAa8uFUt88X/+8i5LHAa8RJ
                      MD5:5BC2C99F854960E7BD5A8B6A79AA2CFB
                      SHA1:B28369E388C5C41A738A5C98A80765ECA92850FD
                      SHA-256:E4F15BB7548917005494596F018CB80369B73A3B304C90AF0A29F6291068FF12
                      SHA-512:9EB23CE2DB5A22777FE2A35FD903D58B3C446151122D1248F0B9CB3A1B61F6114EBAB0838D4EBEBCE59C3C517E1D115733785DF59C9D670AABE83497D4A99EBA
                      Malicious:false
                      Reputation:low
                      Preview:2024/08/28-01:13:03.382 1ce4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/08/28-01:13:03.385 1ce4 Recovering log #3.2024/08/28-01:13:03.386 1ce4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\089b63cb-a0c1-4678-ad8c-d9b2eb2a5e0a.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:modified
                      Size (bytes):508
                      Entropy (8bit):5.056751691114228
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqkMDsBdOg2Htcaq3QYiubxnP7E4T3OF+:Y2sRdsgEdMHc3QYhbxP7nbI+
                      MD5:B9F668C06E0198C450CB18D499842A50
                      SHA1:56C650985915FDF15EB746C06C105EC3C74F1956
                      SHA-256:68A632B3C1C88EACDCC86D20C8E83989376622445CA3F0ECE72874E844E54890
                      SHA-512:455E188BE3DEA1780C4B1B17D4E801E5C508AE7338AFAE23364457C2D8776564E340BF4B486C3F7B124F7B3554EB6247DFD7D1AD476E6ACA3197FBE7AF917596
                      Malicious:false
                      Reputation:low
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369381995889557","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":127908},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):508
                      Entropy (8bit):5.056751691114228
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqkMDsBdOg2Htcaq3QYiubxnP7E4T3OF+:Y2sRdsgEdMHc3QYhbxP7nbI+
                      MD5:B9F668C06E0198C450CB18D499842A50
                      SHA1:56C650985915FDF15EB746C06C105EC3C74F1956
                      SHA-256:68A632B3C1C88EACDCC86D20C8E83989376622445CA3F0ECE72874E844E54890
                      SHA-512:455E188BE3DEA1780C4B1B17D4E801E5C508AE7338AFAE23364457C2D8776564E340BF4B486C3F7B124F7B3554EB6247DFD7D1AD476E6ACA3197FBE7AF917596
                      Malicious:false
                      Reputation:low
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369381995889557","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":127908},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4509
                      Entropy (8bit):5.239521930852188
                      Encrypted:false
                      SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUgulD2zH8zHr/Z:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLK
                      MD5:F8CB54FB19D32FFB7BC4B4B3FE3FE4EC
                      SHA1:B88E019D6644966B9031E6B2755714156E0D2508
                      SHA-256:985AF77A12C755F4ED16FA654AA3F557D99C4900972A7C03FDA89C7B0BFEE049
                      SHA-512:14CCA428CB89D7FDCE2E6A86D9AF7CE0DDD11EED3AFBCFAAC132CE8E9195F8EC08B6BF7F4CC5932D316F23F3893DE5417D08AFA282859B85AD2ECB8F917C4860
                      Malicious:false
                      Reputation:low
                      Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):326
                      Entropy (8bit):5.143182635650951
                      Encrypted:false
                      SSDEEP:6:NSkMq2P92nKuAl9OmbzNMxIFUt88oZmw+8HkwO92nKuAl9OmbzNMFLJ:NrMv4HAa8jFUt88o/+8H5LHAa84J
                      MD5:3524B93A649669C9445D17D33B02163B
                      SHA1:C35DE119AB3939AB47E021AEB2D21CD84B5694ED
                      SHA-256:83C7AAD5284B5A55C8F869761250992CCAC359C6D968F3E489E9492AFEFB3BC8
                      SHA-512:DB62EDB9F65E04AC8403EC831EF0C87B28ED4A05958227F4F1220977B511688B06CB867AF879D1E9F2F76DCC248C289FC7C8BAC631E441AB5EFC9BCDB15A9018
                      Malicious:false
                      Reputation:low
                      Preview:2024/08/28-01:13:04.094 1ce4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/08/28-01:13:04.105 1ce4 Recovering log #3.2024/08/28-01:13:04.106 1ce4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):326
                      Entropy (8bit):5.143182635650951
                      Encrypted:false
                      SSDEEP:6:NSkMq2P92nKuAl9OmbzNMxIFUt88oZmw+8HkwO92nKuAl9OmbzNMFLJ:NrMv4HAa8jFUt88o/+8H5LHAa84J
                      MD5:3524B93A649669C9445D17D33B02163B
                      SHA1:C35DE119AB3939AB47E021AEB2D21CD84B5694ED
                      SHA-256:83C7AAD5284B5A55C8F869761250992CCAC359C6D968F3E489E9492AFEFB3BC8
                      SHA-512:DB62EDB9F65E04AC8403EC831EF0C87B28ED4A05958227F4F1220977B511688B06CB867AF879D1E9F2F76DCC248C289FC7C8BAC631E441AB5EFC9BCDB15A9018
                      Malicious:false
                      Reputation:low
                      Preview:2024/08/28-01:13:04.094 1ce4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/08/28-01:13:04.105 1ce4 Recovering log #3.2024/08/28-01:13:04.106 1ce4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240828051307Z-181.bmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                      Category:dropped
                      Size (bytes):65110
                      Entropy (8bit):5.502149931547509
                      Encrypted:false
                      SSDEEP:768:xVdN9GudoTxd3yHFKj9GY7vqxwTbpfph/atOxqfCW+Vr:xTN9GudoVd377PBHatOxq6vVr
                      MD5:D8633DDEE4E2B978AC07F3C951C639C3
                      SHA1:4AE1522C054F40BCC320A2A7D51EDE049ACD41E6
                      SHA-256:E6E83C282E27AF8E293B0075F71425B534A6C4A5D2B0E15AC8FD9E65EF6D7364
                      SHA-512:A0C3C07C616611A96B0F879D35BAA8D3F1C3078C01D8FC2B3F9609E5B89961958713DF515ED2D499F4403525519A7094D3CF5D14528B3654A8E1F4E94A53F2AC
                      Malicious:false
                      Reputation:low
                      Preview:BMV.......6...(...k...h..... ..............................b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...b...........................................................................................................................................................................................................................................................................................................................................................................................................................................b.......................................................................................

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):893
                      Entropy (8bit):7.366016576663508
                      Encrypted:false
                      SSDEEP:24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
                      MD5:D4AE187B4574036C2D76B6DF8A8C1A30
                      SHA1:B06F409FA14BAB33CBAF4A37811B8740B624D9E5
                      SHA-256:A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
                      SHA-512:1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
                      Malicious:false
                      Preview:0..y..*.H.........j0..f...1.0...*.H.........N0..J0..2.......D....'..09...@k0...*.H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0...*.H.............0..........P..W..be......,k0.[...}.@......3vI*.?!I..N..>H.e...!.e.*.2....w..{........s.z..2..~..0....*8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.*....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i....*.)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0...*.H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..|.Wv..(9..e...w.j..w.......)...55.1.

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):252
                      Entropy (8bit):3.026467887142631
                      Encrypted:false
                      SSDEEP:3:kkFkl0hlltfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7ln3:kKLnxliBAIdQZV7I7kc3
                      MD5:823CCCF1320B144A19DA9542A012ADD4
                      SHA1:FBC443E6D51EA2F4BD8C562B8675CD0C23F123A8
                      SHA-256:3E5D673A41341EAC1121B97D99D775EBE3EF82F8C8C928BB81215F88BB885D2B
                      SHA-512:AB1C30370298AD90377C106FA877EF59AA5D897CC898664BD5DAB83D66241C1398A1A8FCFE73BFB77033F2EE9D30E5406F4F514007950B87358AD1B19BEBBA4E
                      Malicious:false
                      Preview:p...... ....`...{.......(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):228339
                      Entropy (8bit):3.3972512438712084
                      Encrypted:false
                      SSDEEP:1536:IKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:BPCaJ/3AYvYwglFoL+sn
                      MD5:EDBFF1C61821480EE31E20FC731C9FBB
                      SHA1:EDA0AD2D3807C999C8665C9AC696F0DDF998AD9C
                      SHA-256:D509C5391DE4EAE2DBC22204C803205221E6C263EFD250687BAC29E09C3E219A
                      SHA-512:2DBF1F9B0BE0E33F431D0AAAE4371E5C784033A5CA3516E17B367C8FC84D9A5BE94DFD9F39D66910088D6694EDAFDEE4461B0C27262CC38788034357A3273434
                      Malicious:false
                      Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):295
                      Entropy (8bit):5.3398027158176395
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX5HMMFuWOx+FIbRI6XVW7+0YKqcvxoAvJM3g98kUwPeUkwRe9:YvXKX5hZOUYpW7gc2GMbLUkee9
                      MD5:77DDA039CCAE04015A5BD1042C87FBFF
                      SHA1:C2A9239A8B8FA436BB468B61B8A289FC10A53C34
                      SHA-256:C881F2FB636CBCBF4E4A7EBACC3869C84AB9E60205E80DFA6F22B1AEEFD79B1B
                      SHA-512:5B589016F85EBAA6CEADBC533B8B0E015EC93F6D875B78B94126334CDEC5EE70BB086D8B80FA225AD3E16BF8CB42483532CC0D29EB0E4E0939A45E941C55AE85
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"75017e21-ec5c-45c2-8e43-dc9588ebf726","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724995269670,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.275925586903718
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX5HMMFuWOx+FIbRI6XVW7+0YKqcvxoAvJfBoTfXpnrPeUkwRe9:YvXKX5hZOUYpW7gc2GWTfXcUkee9
                      MD5:BD374ED2579A281ED39A928CA6E9A012
                      SHA1:A037FA9370B2A3659913C84A7F2DF761FCA3B00B
                      SHA-256:4B601C28354E7734412144D67A3C6FA1136005E128F86254CAD87F88CC7D794C
                      SHA-512:5DF32AFDC328E50E96A94BFDEA15719CBECD823AFB0E3F5F453A4EEF28EC197AAB251474A87D81003CB25CC3CF55231A149E9804D75A1A3DAD9F57841991AD71
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"75017e21-ec5c-45c2-8e43-dc9588ebf726","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724995269670,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.2542178049545
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX5HMMFuWOx+FIbRI6XVW7+0YKqcvxoAvJfBD2G6UpnrPeUkwRe9:YvXKX5hZOUYpW7gc2GR22cUkee9
                      MD5:F44C6CDA1C442307E27B9ACDE4DD8639
                      SHA1:3101114A77CED1770183FA58E89CB5E5997DBE8D
                      SHA-256:316770F41C59E2B4CB3DAF778F6900A60AC5EC09A67C3CA6CA4E53C3BE2B3E9C
                      SHA-512:96361F57EB75EA496ACA668AB7DE8DDAF2011A4B4AA8F939EAF3771FAA2239BA0A663736D1F5C7017F46C9E994B7198EAABBD7E1FC5A82E978EC97996ECF7D45
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"75017e21-ec5c-45c2-8e43-dc9588ebf726","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724995269670,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):285
                      Entropy (8bit):5.317868903278609
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX5HMMFuWOx+FIbRI6XVW7+0YKqcvxoAvJfPmwrPeUkwRe9:YvXKX5hZOUYpW7gc2GH56Ukee9
                      MD5:892972268E12A91C9DEE9A2CD41C0B0B
                      SHA1:F333B2CF02709A0EAF07F3A53518985C946C808C
                      SHA-256:9D12EAA7436D64A637CD07E642C257499337344ECF0D8CE293E3C053B9172279
                      SHA-512:288C8FA269B5EE33455B5A342F1C40DB69887B098A64C069C6F7D0ADA0D5369399C7A12D7EFEDECA03A8A05582CFE980979F0AB615A3018B53C195A9F269344E
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"75017e21-ec5c-45c2-8e43-dc9588ebf726","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724995269670,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1063
                      Entropy (8bit):5.6637239816320655
                      Encrypted:false
                      SSDEEP:24:Yv6XpOFiZjpLgEFqciGennl0RCmK8czOCY4w2nO:YvEZhgLtaAh8cvYvKO
                      MD5:488A306CE17836AADD92E6830937B7B3
                      SHA1:39AFD97DB1855CF2FF631E1CCDBE4D8C43CF0E0B
                      SHA-256:27D6769F99AFF83D8FD4F77D09717ADE5254F2C146BD8EE7F84B3BA945228800
                      SHA-512:C49535DD78590E4B468708A8D54822DBD12E8D9C70859DDEF8BD2BC55B062240809AC215250A9F4255AA3ADCDF9C819F7BD4BFC504E642691D454F386D42D331
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"75017e21-ec5c-45c2-8e43-dc9588ebf726","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724995269670,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1050
                      Entropy (8bit):5.648997533453793
                      Encrypted:false
                      SSDEEP:24:Yv6XpOFiZ/VLgEF0c7sbnl0RCmK8czOCYHflEpwiVnO:YvEVFg6sGAh8cvYHWpwcO
                      MD5:D39113837F3C87A586158D6DB12D6676
                      SHA1:8EB2EF635E103A9DB3E84CB249E76E1FC1760F7E
                      SHA-256:3700F8D82FBEA05846B916C750F297322A0542D5EEC7A04943B9C7A2747D6730
                      SHA-512:BECB84E2E689052DA11C2657E70175908F75D3FB5BDA636EE948D8A867F889E4443DDAE101FBBE75AAC4EABBDA7B50A4BBE82F95C9556D39CC6A288140C48E97
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"75017e21-ec5c-45c2-8e43-dc9588ebf726","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724995269670,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.262285835874067
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX5HMMFuWOx+FIbRI6XVW7+0YKqcvxoAvJfQ1rPeUkwRe9:YvXKX5hZOUYpW7gc2GY16Ukee9
                      MD5:0981BAB1A1019289F0A9A1AD860A3413
                      SHA1:CFFDB069925A34DFB342C29C018575B3964B0176
                      SHA-256:1AC49893B0668F199757D5C068248DF8702997C9D26F66EDD1F77A9F266033BA
                      SHA-512:965342849C00E5966DC8AF01B20A85A22133FF2FD21046022C854B09AA84FEE1C0DF60298EDDD19C51527866A3F5C6743A6EC5F1A385DD5955ACB429298DB17E
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"75017e21-ec5c-45c2-8e43-dc9588ebf726","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724995269670,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1038
                      Entropy (8bit):5.645236394281104
                      Encrypted:false
                      SSDEEP:24:Yv6XpOFiZO2LgEF7cciAXs0nl0RCmK8czOCAPtciBnO:YvE0ogc8hAh8cvA5O
                      MD5:9D548FE6158AC38E13E0D5FBDB53C258
                      SHA1:28BDE333F4DB4717F08FFAE1119FC4940849861A
                      SHA-256:0A7B0F8F45EFD304D3DB3E60BA4DE030C1726B493A607EE28A67B6B7BE58BDC2
                      SHA-512:C97D3725477D410B658254181B96DF8CD92508A9E922D4160A42B71CE78CB3DA3FE43541D11C710D79D93FBF233C90756D9EDC5C470FA9258291F19E422817BF
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"75017e21-ec5c-45c2-8e43-dc9588ebf726","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724995269670,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1164
                      Entropy (8bit):5.696326997140974
                      Encrypted:false
                      SSDEEP:24:Yv6XpOFiZCKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5nO:YvEEEgqprtrS5OZjSlwTmAfSK1O
                      MD5:1A97535BCD50A757798E518A7842816E
                      SHA1:0AC5291294392EB1BB3AC051EE65ABD0381CA9D2
                      SHA-256:F54F966E3290B1852A1294882C336B47E7CCC85ACE7FEBA0EC0547C9798D096D
                      SHA-512:7A9EB3EE0253EAA10E65D225DEB7B0D678697817140F89617189638A93A858E8D514206D79CFAD866A0D2C326940D742D7FE2AA9447F9B9FEAC06125AA784321
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"75017e21-ec5c-45c2-8e43-dc9588ebf726","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724995269670,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.270399194724087
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX5HMMFuWOx+FIbRI6XVW7+0YKqcvxoAvJfYdPeUkwRe9:YvXKX5hZOUYpW7gc2Gg8Ukee9
                      MD5:66F4A6178704A8DF3F3EA5E67731D752
                      SHA1:7C551EAB5176D62F73C75506B9C43EE69320AE3E
                      SHA-256:398A7FE2BCFEEF037F1A708FF097A305E4C0371DA3AAD5DF3A486FBE5361FDB2
                      SHA-512:7303E4D7786C7CA33A51F685CF2E3D641B7FCB7AAAD3BA9D814CA64C39A36C4F72164F53BD9DBE9E2B89149ABB6EF88778D7206337AF8E901CB8E6C07701CF44
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"75017e21-ec5c-45c2-8e43-dc9588ebf726","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724995269670,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1395
                      Entropy (8bit):5.772545628430304
                      Encrypted:false
                      SSDEEP:24:Yv6XpOFiZBrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNPO:YvErHgDv3W2aYQfgB5OUupHrQ9FJ1O
                      MD5:F08BCC1F8AA5DB4A9798655C9AB09514
                      SHA1:F1B47D595AB70DFCDAB7A76E2A104C1025221819
                      SHA-256:BB1328F8FBE686BCAD33D4BBB7031951DFE061AEADEC8394059B361BF8BD5E2D
                      SHA-512:71D64E15CD72C0BF9F50FCC6E789E24F47D88670F1C294F35E07E28FB7B66D1462B188CB9946DFD759063B734609679E8FFCB87932BB5D44222F6C77B56B40FB
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"75017e21-ec5c-45c2-8e43-dc9588ebf726","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724995269670,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):291
                      Entropy (8bit):5.25414973435861
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX5HMMFuWOx+FIbRI6XVW7+0YKqcvxoAvJfbPtdPeUkwRe9:YvXKX5hZOUYpW7gc2GDV8Ukee9
                      MD5:C8D6B40A95D17649291285642F766231
                      SHA1:81E4E50A0A13E6D63AE8AB56E154D6113162DF26
                      SHA-256:F60FFF1646AC0FDEC91046CAD43709E01BB23369BBE1CCD03FD0EE72D8D3DF25
                      SHA-512:DB43A5E9B8FC9F3E7D54D145D99A5F9D0C7AFEEB64D79C67C59DB226333242C952098EA89E02EA8FCD7C29596C00E3D829596E7174996FBACB00C85FBF6AC954
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"75017e21-ec5c-45c2-8e43-dc9588ebf726","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724995269670,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):287
                      Entropy (8bit):5.254763484202261
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX5HMMFuWOx+FIbRI6XVW7+0YKqcvxoAvJf21rPeUkwRe9:YvXKX5hZOUYpW7gc2G+16Ukee9
                      MD5:9B91AA3900AC07DE2E3658A7ED77173B
                      SHA1:F9DB6A8835A49DD02D4100D17A082913489B230D
                      SHA-256:EE85296F08BB52E363DB9CE14EAD439D98E15D06E7C1FACDFBCE5A7025CAE358
                      SHA-512:125FAC3EBB046EE880BC4E49DDEF6C8A14CE18E9D3AD37EC5FFE8BEA6F6481D1E1B2AE268EACE68F6768FFD3E158C1F08206C6F6DDF52FAFE4556FFA425EB1C8
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"75017e21-ec5c-45c2-8e43-dc9588ebf726","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724995269670,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1058
                      Entropy (8bit):5.6524400276029505
                      Encrypted:false
                      SSDEEP:24:Yv6XpOFiZTamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BnO:YvE1BguOAh8cv+NKCO
                      MD5:565AB73C25EA3126AC334EA5B721BE00
                      SHA1:1D0A321C58242E0F8A7BBA401B53714B4CD1D94C
                      SHA-256:A48AB7CD3E4E8DCF4FFF6816F8E1FADD7F51AD59D03DD7B1ACD9632985A781F6
                      SHA-512:2C4832E5A7A667C013B0244CB1436B31D1BDE3DC974DB3CDCD9C954B30EB80F3D2442F1EB7998483A9E4DD3D2F82EF1009D4A1449FBC2D764A957207B686FBE7
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"75017e21-ec5c-45c2-8e43-dc9588ebf726","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724995269670,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):286
                      Entropy (8bit):5.23148595125775
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX5HMMFuWOx+FIbRI6XVW7+0YKqcvxoAvJfshHHrPeUkwRe9:YvXKX5hZOUYpW7gc2GUUUkee9
                      MD5:12891DC195BD351CC77F4EA135E8C3F6
                      SHA1:B9944B2FE2C23F9C2D6F42C1F99E52830FB9238B
                      SHA-256:EC34FDC98E041785938F742E6705DAFAC9DEB7AF482B9A0CF11140FCB7D2C3F4
                      SHA-512:66703D9D26997A7BD4134A932D293A029FC7E0A990BFCB2EAF1FC0447739BEB79FCB8556C6AA341C437AFE39E33AD752497B464CB64694836A13F7BA291D85D4
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"75017e21-ec5c-45c2-8e43-dc9588ebf726","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724995269670,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):782
                      Entropy (8bit):5.356493456172849
                      Encrypted:false
                      SSDEEP:12:YvXKX5hZOUYpW7gc2GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWzO:Yv6XpOFiZQ168CgEXX5kcIfANhcO
                      MD5:EADBFB6E5D5320E3F301DC89D6058AB5
                      SHA1:8F089045347F65978EB34F20FFBFF7D8669AE7B4
                      SHA-256:302B8A756A7F00CCC303EAC0D2C0C683FDC23D455BDE41936EB91C6D0F09D58B
                      SHA-512:33C6BC3B2CF917CE661ECF9162A6DB2219C43C78A58EAF01ECA91F59602A81A876DC5DF0121A6C305E9CC52EDD4F40C184FEC9C63B196A5F93F52927D9B929B0
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"75017e21-ec5c-45c2-8e43-dc9588ebf726","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724995269670,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1724821989701}}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4
                      Entropy (8bit):0.8112781244591328
                      Encrypted:false
                      SSDEEP:3:e:e
                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                      Malicious:false
                      Preview:....

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2818
                      Entropy (8bit):5.132457084151802
                      Encrypted:false
                      SSDEEP:48:YcxPzdM+O9gTHUF1nXGS9x+/2VYjp3NB9EkVfpLR9XWZH:zLdMJ9oHuRGS9x+/2Sjp9rEyfpvXWZH
                      MD5:9593E0395F11023FB1ED1907CDB9E02A
                      SHA1:8BD2043CBC4ED3EEA0AD05A38894E2B27BCA87CA
                      SHA-256:A7FFF4D96DBEFD0F36EAFADB30C5646A912FCD32860540C89AD1D6136CD9A095
                      SHA-512:421EBA74DB06E8E44702304AF6F2E35D056188526A5AD469F138EC3682148889782EC5AF915A91564F5068E8A71DD50F87648888483924474ADAB7D9FBF5D553
                      Malicious:false
                      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"946d7215692e2bb6c62c165f5e1c3708","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1724821989000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"17fa14a17df2244f70cf2be728315c11","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1724821989000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"2809fe6a7991701e830271e560df24e8","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1724821989000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"919cb2e58e2004379c54117628958bc7","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1724821989000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"10003e3186d707ca642ad7f4ef54cb66","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1724821989000},{"id":"Edit_InApp_Aug2020","info":{"dg":"83bec9ddf1d1a75571f5e5f2ed10e319","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                      Category:dropped
                      Size (bytes):12288
                      Entropy (8bit):0.9846271206357214
                      Encrypted:false
                      SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpXD24zJwtNBwtNbRZ6bRZ4+D2F:TVl2GL7ms6ggOVpzBzutYtp6P5O
                      MD5:A8EC7406DAFA14B79E8A3BD96D3CF4BC
                      SHA1:3899B2D07EA1E3326498E2D766EC8C90AF0012AD
                      SHA-256:C064BC363579C2CFBF47B299529070C2E83FEF942D4E0B100A3CD9E4C408B208
                      SHA-512:B4B08969A1B4633A9219C8A82BEDA128C501163E9F0A91703D43FB75FF5B1A554650D90C39401728C6CEDB1ED295F623AC93324664C6669B1DB4817C799E0588
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):1.339078949280979
                      Encrypted:false
                      SSDEEP:24:7+t/AD1RZKHs/Ds/SpXD2PzJwtNBwtNbRZ6bRZWf1RZKIaqLBx/XYKQvGJF7ursr:7M/GgOVpzazutYtp6PMQqll2GL7msr
                      MD5:77F4773EA141F2E5AD3A4BB65C151CEA
                      SHA1:0F5861F815C34ADCE779F678BF4C0708EAADAB93
                      SHA-256:F79B64AE5A78504266BAFF3AA25BBE8BC66A713E9DF42B8789E28DE2B8D76681
                      SHA-512:1D61F48D2F419097A33AF7D4409A5BC811FD696FD8AD443805F6032F36EE208149DE352EEA5D171C62437EFB2DE4A027E32C5A63FBC7AC911E52A12D310066F0
                      Malicious:false
                      Preview:.... .c......A........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\MSI96e1c.LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):246
                      Entropy (8bit):3.5085442896850614
                      Encrypted:false
                      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8dYVH:Qw946cPbiOxDlbYnuRK5
                      MD5:8123026BB517AC6A2B62B834AABF6049
                      SHA1:34F95A043B52319AD61E5FF915D60426A7BD4F3F
                      SHA-256:498B9FFEB8DF1C4D9381FB68886DB192763F2EF6C4356B8166440F28AEB51293
                      SHA-512:2BF6BA9BFE96A40BFB867153BFF724B1F4EADAE39B186E71E1370077EC9D85AE3FDA7758D9F66513A55BE5F414A5A820EF5DFC98D7589A779417C56ED61D85BE
                      Malicious:false
                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.8./.0.8./.2.0.2.4. . .0.1.:.1.3.:.1.1. .=.=.=.....

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91lesmc3_1xhxqam_1pw.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):925952
                      Entropy (8bit):2.3786648694914176
                      Encrypted:false
                      SSDEEP:3072:DoVEWBraUQ9M68Nl0O1RkVp3J2l/ZTt3hL1PCRM5KU2wCsOo6kGAd5F3RnFz2srb:uEUQ9RJkF1Cql3N
                      MD5:708DCF1D69BBDA2E584DFA7A88B7C073
                      SHA1:596ECBEBC72C1BCB50B1E3503912B7647F977F8C
                      SHA-256:EEF54488D69336F4B70B455841AC4767E406866946BB4237E33D9644361D26F0
                      SHA-512:773C558DF31028F666FB34B6D2E60680987AC39CFC7FC44819CCE1A1FCFEC7C74920E1AEC7044739519A805B3562B0D8D3F86C11E521D95AC422A13CA047F6E1
                      Malicious:false
                      Preview:............................................................................................................................................................................-...)...A12_acrobat_multiFile_generic_dark_32.pdf...................................................................................................8...........................................................................................................%...!...A12_acrobat_parcel_generic_64.pdf...........................................................................................................9...........................................................................................................*...&...A12_acrobat_parcel_generic_dark_32.pdf......................................................................................................:...........................................................................................................*...&...A12_acrobat_parcel_generic_dark_64.pdf..............

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-28 01-13-05-455.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393)
                      Category:dropped
                      Size (bytes):16525
                      Entropy (8bit):5.376360055978702
                      Encrypted:false
                      SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
                      MD5:1336667A75083BF81E2632FABAA88B67
                      SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
                      SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
                      SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
                      Malicious:false
                      Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393), with CRLF line terminators
                      Category:dropped
                      Size (bytes):15114
                      Entropy (8bit):5.339181133080072
                      Encrypted:false
                      SSDEEP:384:v79CVLg5Zlhz5AWpVzzSpTvqOFtVZz7NcLGgaCwg11AoSDND2DnDfDxVbYvYRs6l:NZx
                      MD5:ACCDACB3DA913FA67A07E49B7AF61BCB
                      SHA1:926280258C20210C8705084D707E973293A8FF85
                      SHA-256:0527137E0F78A529B88804D7418BB7161E203902FC4B0E00EB910FBBA71BE911
                      SHA-512:72168FF2977C08F81D6D34407188EFEFD9B6B8656E347F059292060AFF089CF0A4AF150FE232F38333DDF719C9DC9737C791114E7F752632961912ED4A9A3CD8
                      Malicious:false
                      Preview:SessionID=95041894-7013-4c00-80de-0f396cea13bc.1724821985473 Timestamp=2024-08-28T01:13:05:473-0400 ThreadID=7832 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=95041894-7013-4c00-80de-0f396cea13bc.1724821985473 Timestamp=2024-08-28T01:13:05:474-0400 ThreadID=7832 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=95041894-7013-4c00-80de-0f396cea13bc.1724821985473 Timestamp=2024-08-28T01:13:05:474-0400 ThreadID=7832 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=95041894-7013-4c00-80de-0f396cea13bc.1724821985473 Timestamp=2024-08-28T01:13:05:474-0400 ThreadID=7832 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=95041894-7013-4c00-80de-0f396cea13bc.1724821985473 Timestamp=2024-08-28T01:13:05:474-0400 ThreadID=7832 Component=ngl-lib_NglAppLib Description="SetConf

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):29752
                      Entropy (8bit):5.39606217828831
                      Encrypted:false
                      SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbR:t
                      MD5:CCC9EB0A066D758A77E76D4B383FEC47
                      SHA1:4404AB81A2FC3E852B1C64AEE8C1D1447D93A0A4
                      SHA-256:33875D8F9BD639C851DFA4620FA6FDE2204C3727B66E4DD87C51D6E7CFB8FCCF
                      SHA-512:A8445A89DC8399B2C85D3F845BC2684941B830F45FD4CD760564979991C09C6B6FED650D1D7995887A9E9B454A108672E6C03CFE762C733CB4ADC12D199AA6EE
                      Malicious:false
                      Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

                      C:\Users\user\AppData\Local\Temp\acrocef_low\667f5688-3f7c-4f5d-abb6-a3905d47e4ae.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                      Category:dropped
                      Size (bytes):1407294
                      Entropy (8bit):7.97605879016224
                      Encrypted:false
                      SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
                      MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
                      SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
                      SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
                      SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      C:\Users\user\AppData\Local\Temp\acrocef_low\6caa52cc-9829-426f-ae54-e700c92a0320.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                      Category:dropped
                      Size (bytes):1419751
                      Entropy (8bit):7.976496077007677
                      Encrypted:false
                      SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                      MD5:18E3D04537AF72FDBEB3760B2D10C80E
                      SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                      SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                      SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      C:\Users\user\AppData\Local\Temp\acrocef_low\7d984333-500e-482c-8e9c-674d153f6c7c.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                      Category:dropped
                      Size (bytes):758601
                      Entropy (8bit):7.98639316555857
                      Encrypted:false
                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                      MD5:3A49135134665364308390AC398006F1
                      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                      Malicious:false
                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                      C:\Users\user\AppData\Local\Temp\acrocef_low\e5c546d0-4ef0-45d4-b2e6-c0d426313c52.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                      Category:dropped
                      Size (bytes):386528
                      Entropy (8bit):7.9736851559892425
                      Encrypted:false
                      SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                      MD5:5C48B0AD2FEF800949466AE872E1F1E2
                      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                      Malicious:false
                      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                      Static File Info

                      General

                      File type:PDF document, version 1.6
                      Entropy (8bit):7.9891612747410035
                      TrID:
                      • Adobe Portable Document Format (5005/1) 100.00%
                      File name:cen03-2018-rrb-notification.pdf
                      File size:7'048'365 bytes
                      MD5:666f1e7ce43dca40014d716ed5f8f86f
                      SHA1:067f7c26c169440ae03d4cd2c22bc0285659760c
                      SHA256:ca1271cdf8397b064bda6ba3cf89ae0f50564ee32bfd2e4d984fd1873a36a76b
                      SHA512:b5381d64dae3bb9c64764ef841b6af9e1bf8bf69400f4b67056e9da76d8a6471cde28624d024fc8c16e9ec01dd12f72150d0ff6634a8019869b7f46e6895a29e
                      SSDEEP:98304:veVVeoF83xlJM6wrmz2EIjuZLS0Z2Pwhly:2VEoS3xPM6w7CP/y
                      TLSH:9A661275D2684C38F1218C3FAF3E650A5E31F4E24D496E54773B628B7D62BB01E798A0
                      File Content Preview:%PDF-1.6..%......1 0 obj..<</CropBox[ 0 0 595.276 841.89]/Parent 231 0 R /Contents 2 0 R /Rotate 0/BleedBox[ 0 0 595.276 841.89]/MediaBox[ 0 0 595.276 841.89]/TrimBox[ 0 0 595.276 841.89]/Resources<</XObject<</Im0 3 0 R /Im1 4 0 R /Im2 5 0 R /Im3 6 0 R /I

                      File Icon

                      Icon Hash:62cc8caeb29e8ae0

                      Static PDF Info

                      General

                      Header:%PDF-1.6
                      Total Entropy:7.989161
                      Total Bytes:7048365
                      Stream Entropy:7.989348
                      Stream Bytes:7014941
                      Entropy outside Streams:5.233887
                      Bytes outside Streams:33424
                      Number of EOF found:1
                      Bytes after EOF:

                      Keywords Statistics

                      NameCount
                      obj191
                      endobj191
                      stream127
                      endstream127
                      xref0
                      trailer0
                      startxref1
                      /Page63
                      /Encrypt0
                      /ObjStm1
                      /URI0
                      /JS0
                      /JavaScript0
                      /AA2
                      /OpenAction0
                      /AcroForm1
                      /JBIG2Decode0
                      /RichMedia0
                      /Launch0
                      /EmbeddedFile0

                      Image Streams

                      IDDHASHMD5Preview
                      30000000000000000a0f5b6cb024abba70bf4d43dde4bd652
                      400000000000000000d98d5752f798633ca780aa081d4225d
                      50000000000000000af54f47b6a216720dc08c9e1854e3155
                      60000000000000000abddd9fb9618c3bb4ab3c8261d5a16ed
                      770c4c45068c8e4e475cb9590cf1d288c4db82ac32a4a08ed

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Aug 28, 2024 07:13:16.468389034 CEST49723443192.168.2.523.47.168.24
                      Aug 28, 2024 07:13:16.468420029 CEST4434972323.47.168.24192.168.2.5
                      Aug 28, 2024 07:13:16.468529940 CEST49723443192.168.2.523.47.168.24
                      Aug 28, 2024 07:13:16.468728065 CEST49723443192.168.2.523.47.168.24
                      Aug 28, 2024 07:13:16.468739033 CEST4434972323.47.168.24192.168.2.5
                      Aug 28, 2024 07:13:17.028461933 CEST4434972323.47.168.24192.168.2.5
                      Aug 28, 2024 07:13:17.028774977 CEST49723443192.168.2.523.47.168.24
                      Aug 28, 2024 07:13:17.028786898 CEST4434972323.47.168.24192.168.2.5
                      Aug 28, 2024 07:13:17.029936075 CEST4434972323.47.168.24192.168.2.5
                      Aug 28, 2024 07:13:17.030014992 CEST49723443192.168.2.523.47.168.24
                      Aug 28, 2024 07:13:17.036331892 CEST49723443192.168.2.523.47.168.24
                      Aug 28, 2024 07:13:17.036392927 CEST4434972323.47.168.24192.168.2.5
                      Aug 28, 2024 07:13:17.036520958 CEST49723443192.168.2.523.47.168.24
                      Aug 28, 2024 07:13:17.036525965 CEST4434972323.47.168.24192.168.2.5
                      Aug 28, 2024 07:13:17.079474926 CEST49723443192.168.2.523.47.168.24
                      Aug 28, 2024 07:13:17.135411978 CEST4434972323.47.168.24192.168.2.5
                      Aug 28, 2024 07:13:17.135610104 CEST4434972323.47.168.24192.168.2.5
                      Aug 28, 2024 07:13:17.135701895 CEST49723443192.168.2.523.47.168.24
                      Aug 28, 2024 07:13:17.135895967 CEST49723443192.168.2.523.47.168.24
                      Aug 28, 2024 07:13:17.135911942 CEST4434972323.47.168.24192.168.2.5
                      Aug 28, 2024 07:13:17.135920048 CEST49723443192.168.2.523.47.168.24
                      Aug 28, 2024 07:13:17.136015892 CEST49723443192.168.2.523.47.168.24

                      HTTP Request Dependency Graph

                      • armmf.adobe.com

                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.54972323.47.168.244437320C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      TimestampBytes transferredDirectionData
                      2024-08-28 05:13:17 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                      Host: armmf.adobe.com
                      Connection: keep-alive
                      Accept-Language: en-US,en;q=0.9
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                      Sec-Fetch-Site: same-origin
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      Accept-Encoding: gzip, deflate, br
                      If-None-Match: "78-5faa31cce96da"
                      If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                      2024-08-28 05:13:17 UTC198INHTTP/1.1 304 Not Modified
                      Content-Type: text/plain; charset=UTF-8
                      Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                      ETag: "78-5faa31cce96da"
                      Date: Wed, 28 Aug 2024 05:13:17 GMT
                      Connection: close


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:01:13:01
                      Start date:28/08/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\cen03-2018-rrb-notification.pdf"
                      Imagebase:0x7ff686a00000
                      File size:5'641'176 bytes
                      MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:2
                      Start time:01:13:03
                      Start date:28/08/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                      Imagebase:0x7ff6413e0000
                      File size:3'581'912 bytes
                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:4
                      Start time:01:13:03
                      Start date:28/08/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2040 --field-trial-handle=1676,i,2509119813639347335,536631791624859120,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                      Imagebase:0x7ff6413e0000
                      File size:3'581'912 bytes
                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      Disassembly

                      No disassembly