Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Viking Culinary - Catalog.pdf

Overview

General Information

Sample name:Viking Culinary - Catalog.pdf
Analysis ID:1500445
MD5:8b1ca015ddd4cfbc27e92e4e4458d0f4
SHA1:35cf3dc2316ffd8ff97d187bd76fbc83cd6516db
SHA256:b30d51215ecf070eba0f2bce1f39cbd9073636af5ed4598fab4f5e58f7805392
Tags:pdf
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6764 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Viking Culinary - Catalog.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 2412 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 1812 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2068 --field-trial-handle=1668,i,11947070378232099584,9321973127914871344,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.5:49724
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49724 -> 23.56.162.185:443
Source: Joe Sandbox ViewIP Address: 23.56.162.185 23.56.162.185
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.2.drString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: classification engineClassification label: clean2.winPDF@14/42@0/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-28 07-44-07-745.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Viking Culinary - Catalog.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2068 --field-trial-handle=1668,i,11947070378232099584,9321973127914871344,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2068 --field-trial-handle=1668,i,11947070378232099584,9321973127914871344,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Viking Culinary - Catalog.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Viking Culinary - Catalog.pdfInitial sample: PDF keyword stream count = 392
Source: Viking Culinary - Catalog.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: Viking Culinary - Catalog.pdfInitial sample: PDF keyword endobj count = 394
Source: Viking Culinary - Catalog.pdfInitial sample: PDF keyword endstream count = 392
Source: Viking Culinary - Catalog.pdfInitial sample: PDF keyword obj count = 394
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive12
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1500445 Sample: Viking Culinary - Catalog.pdf Startdate: 28/08/2024 Architecture: WINDOWS Score: 2 6 Acrobat.exe 18 63 2->6         started        process3 8 AcroCEF.exe 107 6->8         started        process4 10 AcroCEF.exe 2 8->10         started        dnsIp5 13 23.56.162.185, 443, 49724 AKAMAI-ASUS United States 10->13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Viking Culinary - Catalog.pdf0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
23.56.162.185
unknownUnited States
16625AKAMAI-ASUSfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1500445
Start date and time:2024-08-28 13:43:05 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 14s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:10
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:Viking Culinary - Catalog.pdf
Detection:CLEAN
Classification:clean2.winPDF@14/42@0/1
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.227.187.23, 52.5.13.197, 23.22.254.206, 52.202.204.11, 162.159.61.3, 172.64.41.3, 95.101.54.195, 2.16.202.123, 2.19.126.149, 2.19.126.154, 2.19.126.142
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, identrust.edgesuite.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, a1952.dscq.akamai.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, apps.identrust.com
  • VT rate limit hit for: Viking Culinary - Catalog.pdf

Simulations

Behavior and APIs

TimeTypeDescription
07:44:18API Interceptor1x Sleep call for process: AcroCEF.exe modified

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
23.56.162.185Madisonwellsmedia546.pdfGet hashmaliciousUnknownBrowse
    signature.pdfGet hashmaliciousUnknownBrowse
      AG Uncorked IRMI Wine Mixer Invite.pdfGet hashmaliciousHTMLPhisherBrowse
        Gov Annual Salary + Employer - Provided Benefits2.pdfGet hashmaliciousPhisherBrowse
          Remittance 728 Norriselectric0032xslx.pdfGet hashmaliciousHTMLPhisherBrowse
            Secured Doc-[Rmz-67847].pdfGet hashmaliciousUnknownBrowse
              GONZALES, ALFREDO 0012104586, 0010640472 b .pdfGet hashmaliciousUnknownBrowse
                Corp.AcctPayable Payment Update.pdfGet hashmaliciousUnknownBrowse
                  2024AdoptionConference-WhovaDirections-Desktop.pdfGet hashmaliciousUnknownBrowse
                    https://dl.dropboxusercontent.com/scl/fi/i2zpknhy9u07fnzd16odr/Rechnungsnummer-DE230012940.zip?rlkey=so2rxiz6wbdl8wq5j881wuadq&st=f0ckmecz&dl=0Get hashmaliciousUnknownBrowse

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      AKAMAI-ASUShttps://iv1tm.ykrbkt.ru/iV1TM/#hans.wurst@us.comGet hashmaliciousHTMLPhisherBrowse
                      • 92.122.105.52
                      https://aka.ms/LearnAboutSenderIdentificationGet hashmaliciousHTMLPhisherBrowse
                      • 2.18.69.150
                      https://www.unitek-products.com/products/1-5m-hdmi-v2-1-cableGet hashmaliciousUnknownBrowse
                      • 23.216.205.249
                      https://newbostondentalcare-my.sharepoint.com/:b:/g/personal/maryellen_newbostondental_com/ERDvxS5UJSxPtXyWuklCyAMBDYWal6mJXrTJHUf_OfHqfg?e=5l0sTuGet hashmaliciousPhisherBrowse
                      • 96.17.207.26
                      file.exeGet hashmaliciousLummaC, VidarBrowse
                      • 23.192.247.89
                      DOC-80697077.pdfGet hashmaliciousHTMLPhisherBrowse
                      • 104.78.188.188
                      San Xavier District of the Tohono O#U2019odham Nation.pdfGet hashmaliciousUnknownBrowse
                      • 104.78.188.188
                      San Xavier District of the Tohono O#U2019odham Nation.pdfGet hashmaliciousUnknownBrowse
                      • 2.16.184.207
                      https://aka.ms/LearnAboutSenderIdentificationGet hashmaliciousHTMLPhisherBrowse
                      • 23.211.9.234
                      Madisonwellsmedia546.pdfGet hashmaliciousHTMLPhisherBrowse
                      • 23.203.104.175

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.2094944717478935
                      Encrypted:false
                      SSDEEP:6:N3eHm+q2P92nKuAl9OmbnIFUt883eH0Zmw+83eHJVkwO92nKuAl9OmbjLJ:N3eHv4HAahFUt883eU/+83eX5LHAaSJ
                      MD5:CBBC1F27BF0DAF205D7182266EDFBFB6
                      SHA1:00CC109BAEBE1AFF4FB0198E3A783E698C59BE84
                      SHA-256:935682E6BDFD4D94DF0C38D4C9A78DF2DD4C2ECD48D51AB6183E365AA0BBA93F
                      SHA-512:3E75CDB7AE36EB7D60890A1FCB51A654B1B04069CD3D982848027BF1D9416A7A703FC9CF582822902D2751D5E84A111D19EFE4141AF1E04DF7165F02B7CC96A3
                      Malicious:false
                      Reputation:low
                      Preview:2024/08/28-07:44:05.573 14e8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/08/28-07:44:05.575 14e8 Recovering log #3.2024/08/28-07:44:05.576 14e8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.2094944717478935
                      Encrypted:false
                      SSDEEP:6:N3eHm+q2P92nKuAl9OmbnIFUt883eH0Zmw+83eHJVkwO92nKuAl9OmbjLJ:N3eHv4HAahFUt883eU/+83eX5LHAaSJ
                      MD5:CBBC1F27BF0DAF205D7182266EDFBFB6
                      SHA1:00CC109BAEBE1AFF4FB0198E3A783E698C59BE84
                      SHA-256:935682E6BDFD4D94DF0C38D4C9A78DF2DD4C2ECD48D51AB6183E365AA0BBA93F
                      SHA-512:3E75CDB7AE36EB7D60890A1FCB51A654B1B04069CD3D982848027BF1D9416A7A703FC9CF582822902D2751D5E84A111D19EFE4141AF1E04DF7165F02B7CC96A3
                      Malicious:false
                      Reputation:low
                      Preview:2024/08/28-07:44:05.573 14e8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/08/28-07:44:05.575 14e8 Recovering log #3.2024/08/28-07:44:05.576 14e8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):335
                      Entropy (8bit):5.182750936703346
                      Encrypted:false
                      SSDEEP:6:N3ezs+q2P92nKuAl9Ombzo2jMGIFUt883eOZmw+83eKVkwO92nKuAl9Ombzo2jM4:N3eQ+v4HAa8uFUt883eO/+83eKV5LHAv
                      MD5:24D37288EEE9F7B338D22D3DF8806486
                      SHA1:E07F3AE260CD5119577E717A0834165AFB1848C8
                      SHA-256:E3163353D6C001BBC5121EA7135E82927422557706AC778B60879726F7A969AF
                      SHA-512:744B8BAE3AA530E903BC4F20B7EC5B8A471E1AC1933B525BDC48066E3CC9FE6C7D63BFDEFC2A96F9C07731A036A0925D616B0C52A70BA961E5295CA9637BD84B
                      Malicious:false
                      Reputation:low
                      Preview:2024/08/28-07:44:05.699 b4c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/08/28-07:44:05.701 b4c Recovering log #3.2024/08/28-07:44:05.701 b4c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):335
                      Entropy (8bit):5.182750936703346
                      Encrypted:false
                      SSDEEP:6:N3ezs+q2P92nKuAl9Ombzo2jMGIFUt883eOZmw+83eKVkwO92nKuAl9Ombzo2jM4:N3eQ+v4HAa8uFUt883eO/+83eKV5LHAv
                      MD5:24D37288EEE9F7B338D22D3DF8806486
                      SHA1:E07F3AE260CD5119577E717A0834165AFB1848C8
                      SHA-256:E3163353D6C001BBC5121EA7135E82927422557706AC778B60879726F7A969AF
                      SHA-512:744B8BAE3AA530E903BC4F20B7EC5B8A471E1AC1933B525BDC48066E3CC9FE6C7D63BFDEFC2A96F9C07731A036A0925D616B0C52A70BA961E5295CA9637BD84B
                      Malicious:false
                      Reputation:low
                      Preview:2024/08/28-07:44:05.699 b4c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/08/28-07:44:05.701 b4c Recovering log #3.2024/08/28-07:44:05.701 b4c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):508
                      Entropy (8bit):5.05473930140692
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqjEpIsBdOg2HwAcaq3QYiubxnP7E4T3OF+:Y2sRdswEpddMHwr3QYhbxP7nbI+
                      MD5:4D3A75E9D19F4379B812985914EBB105
                      SHA1:FB780A77021DB27B9094D5FDA52AD3B616BF4A96
                      SHA-256:E7E45038BD66845307E07F7054DFA6A7BBBC9F362FBFCE1E76BE6F750A4E5E8A
                      SHA-512:856C201D1831A68C9C6DC7369FDA0D2CED45A473BE510D63A4F6DBB6B24A1CE7CE409966C035A7D30F763F6E8D7CE2AF4A00EB3E5C534D1ED1212F2B0CD46FFF
                      Malicious:false
                      Reputation:low
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369405458142473","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":120383},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\cd6014bb-cd0e-448f-b7b8-e498db0bb490.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:modified
                      Size (bytes):508
                      Entropy (8bit):5.05473930140692
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqjEpIsBdOg2HwAcaq3QYiubxnP7E4T3OF+:Y2sRdswEpddMHwr3QYhbxP7nbI+
                      MD5:4D3A75E9D19F4379B812985914EBB105
                      SHA1:FB780A77021DB27B9094D5FDA52AD3B616BF4A96
                      SHA-256:E7E45038BD66845307E07F7054DFA6A7BBBC9F362FBFCE1E76BE6F750A4E5E8A
                      SHA-512:856C201D1831A68C9C6DC7369FDA0D2CED45A473BE510D63A4F6DBB6B24A1CE7CE409966C035A7D30F763F6E8D7CE2AF4A00EB3E5C534D1ED1212F2B0CD46FFF
                      Malicious:false
                      Reputation:low
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369405458142473","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":120383},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4509
                      Entropy (8bit):5.233728396682314
                      Encrypted:false
                      SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUpBxIvcc1vcXJZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNL6
                      MD5:38B6D7372482B4C7D0AD11606DD0297C
                      SHA1:F68593B10D9C5B68A5C62F0A1E567FFA11174A20
                      SHA-256:82460C0ECCC8E0E11F8704A3CC0CCA24137953995473732072C48BAED958ED34
                      SHA-512:061A2B3D8CC28B7550D10A7A74813E9B5077E1CA54301657E1B1846ED5DD6B6DA13DFA82B941386A8BC87509140424E91031DA344CB936C7152E7F5883792AC3
                      Malicious:false
                      Reputation:low
                      Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):323
                      Entropy (8bit):5.202000727491496
                      Encrypted:false
                      SSDEEP:6:N3a2i+q2P92nKuAl9OmbzNMxIFUt883rZmw+83fVkwO92nKuAl9OmbzNMFLJ:N3bi+v4HAa8jFUt883r/+83fV5LHAa8E
                      MD5:A3E2E09F6A1251A111479875A313477D
                      SHA1:F8B9BA87A8C3BD26740A1992F470F196B3649A3B
                      SHA-256:6840B94A90636C45462243632EFEB106A9BAD528CE7EF90EB5726FD17DBEF966
                      SHA-512:25C8B1D2600EDEDDCFEBDB5B3F35C99C36D8DF8085E9908E660F29097AECF69A2801B5AD1792FBEE1F768D848617D58B5095A5DBC03AEFAAA19BCDF5A3AC096F
                      Malicious:false
                      Reputation:low
                      Preview:2024/08/28-07:44:06.051 b4c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/08/28-07:44:06.111 b4c Recovering log #3.2024/08/28-07:44:06.159 b4c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):323
                      Entropy (8bit):5.202000727491496
                      Encrypted:false
                      SSDEEP:6:N3a2i+q2P92nKuAl9OmbzNMxIFUt883rZmw+83fVkwO92nKuAl9OmbzNMFLJ:N3bi+v4HAa8jFUt883r/+83fV5LHAa8E
                      MD5:A3E2E09F6A1251A111479875A313477D
                      SHA1:F8B9BA87A8C3BD26740A1992F470F196B3649A3B
                      SHA-256:6840B94A90636C45462243632EFEB106A9BAD528CE7EF90EB5726FD17DBEF966
                      SHA-512:25C8B1D2600EDEDDCFEBDB5B3F35C99C36D8DF8085E9908E660F29097AECF69A2801B5AD1792FBEE1F768D848617D58B5095A5DBC03AEFAAA19BCDF5A3AC096F
                      Malicious:false
                      Reputation:low
                      Preview:2024/08/28-07:44:06.051 b4c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/08/28-07:44:06.111 b4c Recovering log #3.2024/08/28-07:44:06.159 b4c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240828114409Z-157.bmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PC bitmap, Windows 3.x format, 164 x -92 x 32, cbSize 60406, bits offset 54
                      Category:dropped
                      Size (bytes):60406
                      Entropy (8bit):6.1988427915953155
                      Encrypted:false
                      SSDEEP:768:zukbf1euvgD/XeGyGYxcyG8nWQVQAcHN0Zsuid6f3d/V7DVfLUbFWy68hrS:NedmLEm7Jidk3ZV7JfLU0lJ
                      MD5:EB4FC72A29E3F382ADAA894D145F5950
                      SHA1:13334E1C72D4A9D5917933ACA5BF6B3E79648ABD
                      SHA-256:4A3CD2F26AE993E5309D0125991A47256D319EEF11BDFAC8CAB2B7BA85E9A75D
                      SHA-512:6D00F6879BF0907FFB752C43A8B0C1846A84233F093FF80110DC8C71AF4161B9B6C370C90B2BA2AA7776FAE6AC4144B5009C0AA367A78C46E13E96A4FE0793B6
                      Malicious:false
                      Reputation:low
                      Preview:BM........6...(............. .........................@l..@k..?j..?k..?k..?j..?j..?j..?j..?j..?j..@j..@j..Ak..Ak..?k..Ak..@k..?k..@l..@k..Ak..@l..@l..@l..@l..@l..@l..@l..@l..Am..Am..Am..Am..Am..Am..Al..Bl..Bl..@k..>j..?k..?k..?j..?j..?j..?j..?k..?k..?k..?k..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..@k..@k..@k..@k..@k..@k..@k..@k..@k..@k..@k..@k..?j..?j..?j..?j..?j..?j..?j..?h..@g..@g..@f..@f..?e..?d..>c..>c..=b..=a..=a..=`..<_..<_..<^..<^..<]..<]..<]..<]..<\..<\..<\..=]..=]..=]..=]..<]..=]..>]..>]..=]..>]..>]..?\..?\..>\..>\..>\..>[..>\..=[..>[..>Z..=Y..=Y..<Y..<Y..<Y..;Y..;Y..;Y..;Y..;Y..;Y..;Y..:X..:Y..:Y..:Y..:Y..:Y..9Y..8X..7W..7W..6V..6V..6V..5U..4T..@l..@k..?j..?k..?j..?j..?j..?j..?j..?j..?j..@k..?k..Ak..Ak..@l..@l..@l..@l..?k..?j..@k..@l..@l..@l..@l..@l..@l..@l..@l..@l..@l..Am..Am..Am..Am..Al..@l..Al..Ak..?k..?k..?k..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..?j..@k

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):893
                      Entropy (8bit):7.366016576663508
                      Encrypted:false
                      SSDEEP:24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
                      MD5:D4AE187B4574036C2D76B6DF8A8C1A30
                      SHA1:B06F409FA14BAB33CBAF4A37811B8740B624D9E5
                      SHA-256:A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
                      SHA-512:1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
                      Malicious:false
                      Preview:0..y..*.H.........j0..f...1.0...*.H.........N0..J0..2.......D....'..09...@k0...*.H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0...*.H.............0..........P..W..be......,k0.[...}.@......3vI*.?!I..N..>H.e...!.e.*.2....w..{........s.z..2..~..0....*8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.*....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i....*.)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0...*.H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..|.Wv..(9..e...w.j..w.......)...55.1.

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):252
                      Entropy (8bit):3.026467887142631
                      Encrypted:false
                      SSDEEP:3:kkFkl7c/kPtfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7l3:kK8lxliBAIdQZV7I7kc3
                      MD5:62D6D879B6601B6184972D6F991A816E
                      SHA1:9AF32C9E3E5920B34B89214786F2772908682404
                      SHA-256:925AB38A4253224EF2BE2C43A59639C3D57157EB759F5885FEE13790BF968A66
                      SHA-512:7F96F859B58DA725092A91B16058FA72B4E1472C7ADF10F2312FF6DE2ECDB9EA1A157A5E81C49CCE1A65230366B2BDB147ECABAAE220155D3FE3BC3F3D20626F
                      Malicious:false
                      Preview:p...... ....`......?...(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4332

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):185099
                      Entropy (8bit):5.182478651346149
                      Encrypted:false
                      SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                      MD5:94185C5850C26B3C6FC24ABC385CDA58
                      SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                      SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                      SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                      Malicious:false
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):185099
                      Entropy (8bit):5.182478651346149
                      Encrypted:false
                      SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                      MD5:94185C5850C26B3C6FC24ABC385CDA58
                      SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                      SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                      SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                      Malicious:false
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):295
                      Entropy (8bit):5.317804805028064
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX8fbQek7+FIbRI6XVW7+0YTUoAvJM3g98kUwPeUkwRe9:YvXKX8f00YpW7+GMbLUkee9
                      MD5:6D8CFA7A2D9F7FA38900BC58FD69D5FD
                      SHA1:976645EF4C13185B2C65B72A785C4F8EB69FDEAB
                      SHA-256:83B889F49712C426BAE967E551E82921CDCB78F1739C61B0C200F681C8780C54
                      SHA-512:576F1130ACA490B157613778F8BF334E69C6E8ABAD806835935B149A8881087CD2D79A752745952CE7EF3611DBBC2D8FA043B820E7DE21B52955DDA871C7FB60
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"a8aa232f-2130-4165-bb39-e7ace7610c31","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725018671656,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.2557577890022795
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX8fbQek7+FIbRI6XVW7+0YTUoAvJfBoTfXpnrPeUkwRe9:YvXKX8f00YpW7+GWTfXcUkee9
                      MD5:03015F11D71D35E2D65C5DFAB1D19071
                      SHA1:BA09C63841A4B814B9A004BC7CFA2203C724E389
                      SHA-256:00EE0D41660F7904B42BEF280A69F98ABB9DF6F38FBB80CDF22ECFC0D66A0AB2
                      SHA-512:700CF3386AE23353A2AD00575AE713D47A0B87AA44719EEB9B199CA5A7DB62D0DE447EF727FC3696EBBF4213F21D58B7B971B6FBF42DC81A55C6F7064890CE1D
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"a8aa232f-2130-4165-bb39-e7ace7610c31","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725018671656,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.234306105528285
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX8fbQek7+FIbRI6XVW7+0YTUoAvJfBD2G6UpnrPeUkwRe9:YvXKX8f00YpW7+GR22cUkee9
                      MD5:17DF09E73B5D0BF6992626C210754556
                      SHA1:8BE57F7904926E272DD2499D999F2B11D9464EFD
                      SHA-256:9FCD8F4AC5298E47EAEABEC733AAB5F464B95210FBA16773AB846544C1E240EB
                      SHA-512:6244308C57D2C6B29C0E1E2334276017ABAAF710BDA92B3358B49D91918C0124D29D87A3BD41113B1142F15C5374096748940A675E7E9C9343408CC750FE4D8C
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"a8aa232f-2130-4165-bb39-e7ace7610c31","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725018671656,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):285
                      Entropy (8bit):5.2950991359701005
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX8fbQek7+FIbRI6XVW7+0YTUoAvJfPmwrPeUkwRe9:YvXKX8f00YpW7+GH56Ukee9
                      MD5:3A2235CE8AE1B97302E5851E7F898CAE
                      SHA1:292B63B3AE671C207B2A502E59038C7057B64E28
                      SHA-256:F193A291B3B4B971BB8A52B5D19773A1D36F4A8151E49FC19A10219F42E91CB1
                      SHA-512:D7433FC881AEDBE7B2F9B3E498AB8E77D6801D56BCCBC13D7E5339E5E1660BB8EAD0A438376AFC894BC83240A8CC937E55609C2DCD7E279CA774CF0AE49914DB
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"a8aa232f-2130-4165-bb39-e7ace7610c31","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725018671656,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1063
                      Entropy (8bit):5.6614528619027835
                      Encrypted:false
                      SSDEEP:24:Yv6X8f0iLpLgEFqciGennl0RCmK8czOCY4w2qX:YvnfLLhgLtaAh8cvYv1X
                      MD5:683643543553B216329DB60C3636B7F4
                      SHA1:9AF86D5A9CF46A56532A6CC4851331A708E375A6
                      SHA-256:6836D6050D416AA39D41D35FAF786AC6B142C306B7BED8A98038A0F945E48EB4
                      SHA-512:A599C6B0EC599B42EE52BD1BFA808A9442F8338772CC90EF617DC1794EA9F478DA6BAA092EFC0710F4ECA19480E7D6FD921EDBE82B73D1F9AE229EACD3593B6B
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"a8aa232f-2130-4165-bb39-e7ace7610c31","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725018671656,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1050
                      Entropy (8bit):5.645564282119858
                      Encrypted:false
                      SSDEEP:24:Yv6X8f0inVLgEF0c7sbnl0RCmK8czOCYHflEpwiVqX:YvnfLnFg6sGAh8cvYHWpw7X
                      MD5:6C54AC6F39B84143F011B11247EF4EE9
                      SHA1:979ED46A7515EEDBF959D5B1BAB6F89C52E52522
                      SHA-256:0AE82AE371DFF7D772CCC28FF59CBF872B54461F5BE56164649A349D021BE739
                      SHA-512:E8DA1F416C05BB9120AA993B97D579B06F444CE24C28D28BAC98DCFC890D68656B107DBCD3178B27C07166067117A088EF9ADE44E43FC48415A9ED361AAD0262
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"a8aa232f-2130-4165-bb39-e7ace7610c31","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725018671656,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.243658755095472
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX8fbQek7+FIbRI6XVW7+0YTUoAvJfQ1rPeUkwRe9:YvXKX8f00YpW7+GY16Ukee9
                      MD5:8B6F6A0849044AB249CBBABA943EA1D1
                      SHA1:48571AB2BC04DEFED45389B26820CEBB3345A815
                      SHA-256:93DDA39783263C73535EA8F7279AD52FF0D3292793F78D3F19004A3A46B1ADE2
                      SHA-512:A8647BD284E80FAF001F799F86B680EDE602814C8DD7FA8B8E4C2D5193C4395FCCB6C163BDA1894C3D73571D0A00276F041B82F3503C0BBDAB47452E3D1E46CC
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"a8aa232f-2130-4165-bb39-e7ace7610c31","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725018671656,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1038
                      Entropy (8bit):5.641362757731418
                      Encrypted:false
                      SSDEEP:24:Yv6X8f0iW2LgEF7cciAXs0nl0RCmK8czOCAPtciBqX:YvnfLWogc8hAh8cvAwX
                      MD5:EA0F67CDC031219B1CDBB46FC3327076
                      SHA1:49F985F303EC2339BB9AB6F5D27C6733A38BF6EF
                      SHA-256:9506BC0031AF141C89F99932E9F999908CC9719865D8118B00E266BCB32D2C44
                      SHA-512:D0601713D28E6703D1AA4DED2A0560826A405EC414AF97664B7812B3C5842439F4A2F3CB6A198F27055C266C24256D3304B664E41FA6D622FAFC0EEACDB1AE36
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"a8aa232f-2130-4165-bb39-e7ace7610c31","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725018671656,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1164
                      Entropy (8bit):5.692622058233032
                      Encrypted:false
                      SSDEEP:24:Yv6X8f0i6KLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5qX:YvnfL6EgqprtrS5OZjSlwTmAfSKMX
                      MD5:9001811FD038C1966625A32B43A8DF8B
                      SHA1:AFBEBCFD8753C72A098234BCFF4643D9F9C09824
                      SHA-256:EC23EF55C8AD7B5872027EC0167EC14EFC141A8B74CDEC05592CF3C384A269FB
                      SHA-512:EF55847DC72DEC8556199AB7EA2C6FEC0F22261CEA255669665D5EA4D9950BFCD454FAA4D9581A1E1DECA7D123EF1A1FA54A3AC3A0983912E75307F7A6EB0452
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"a8aa232f-2130-4165-bb39-e7ace7610c31","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725018671656,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.24949127167032
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX8fbQek7+FIbRI6XVW7+0YTUoAvJfYdPeUkwRe9:YvXKX8f00YpW7+Gg8Ukee9
                      MD5:AAF7AD9AC1933D08746515DA981732DC
                      SHA1:810D7D21892FDC175A991E65B3FB25E5B346025B
                      SHA-256:98380BF7F7F4C9093344696913397D7F55121973E8EC356B82784C6C922FDDF8
                      SHA-512:31C74A78E8DCCF1779466449F7D458570BF15C5B197294920F9457377E0560AC93DEC6E05AEDC20954B855A1D0CF3E9C00A4A4AD21B9FF2BA010909B56CDAD77
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"a8aa232f-2130-4165-bb39-e7ace7610c31","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725018671656,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1395
                      Entropy (8bit):5.7743550553614496
                      Encrypted:false
                      SSDEEP:24:Yv6X8f0iprLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNiX:YvnfLpHgDv3W2aYQfgB5OUupHrQ9FJMX
                      MD5:33B68877D8E5340E0AEFABBD6E16EA40
                      SHA1:D568F159757BF4A373EEF637C9CB83E3FD358292
                      SHA-256:05E73A4F280DF073A85EB92E086187578A9696BBCB297EA53966ADBA4396AA5A
                      SHA-512:8D70002C5799CC100353D408BF6DC0274A1EC0A06FEFE05FF91D5CEE0C7853F915B37987B46670731088742EFAC88B01137E1BC347FDC02DBAC74DEBA4BAF1E6
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"a8aa232f-2130-4165-bb39-e7ace7610c31","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725018671656,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):291
                      Entropy (8bit):5.233385508370505
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX8fbQek7+FIbRI6XVW7+0YTUoAvJfbPtdPeUkwRe9:YvXKX8f00YpW7+GDV8Ukee9
                      MD5:69B8203C3C382E7A789E0A3D47EFA4DF
                      SHA1:7D1E87AE0B2B535D3E78C973B24D99E44876597E
                      SHA-256:365F75E3F4F1F9EE87F3CC061BC5793F311731430F3B652C38A49F36AD2A2CCF
                      SHA-512:60EBF066C94C55C0766711FBD6C7D14F800E3ABE7AB7E1941AC0A7461EA74AC81AECE991109A4A8A4450ED7CCF8FA8ED8A0D6C5D175C11BC574D715B86A40979
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"a8aa232f-2130-4165-bb39-e7ace7610c31","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725018671656,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):287
                      Entropy (8bit):5.234934888179984
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX8fbQek7+FIbRI6XVW7+0YTUoAvJf21rPeUkwRe9:YvXKX8f00YpW7+G+16Ukee9
                      MD5:B51D2F7D32AB37A66EC00DA3205421C1
                      SHA1:8E29CCD904C6E94E816B560CB732B1C815E42E08
                      SHA-256:F25843372851DD871E0B1B35C0718B59AEE1D592680BBA2A508FB453DCB530D6
                      SHA-512:FAD2699D5C8F9C6B2F8AF352A8331A7CC8F56350AC4FA53EEACAD1716E9413ADB6406E83941134BAD1910014BFA36ACF39653847AD00B5BC08F129590C2BCAF1
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"a8aa232f-2130-4165-bb39-e7ace7610c31","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725018671656,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1058
                      Entropy (8bit):5.65103201252883
                      Encrypted:false
                      SSDEEP:24:Yv6X8f0iramXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BqX:YvnfL7BguOAh8cv+NKdX
                      MD5:66A9F46DFC3571D0738DE1950BF93190
                      SHA1:F8C6D45F572C949D21BACDF1192176EB4B1FB927
                      SHA-256:8A84CFA8FD61F7D7077D4C3BB6A660804DC104985FD49207D018E748A47D4CE2
                      SHA-512:0F149DD710283CE43335ED8EEB76E66C65C1042CC80F5D1D3161EB2567FDC01DF6BA822F3E5B1BD22C8F4EC25FC1681B850051639AD43FDF5F847EBED2936D97
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"a8aa232f-2130-4165-bb39-e7ace7610c31","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725018671656,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):286
                      Entropy (8bit):5.211087282713863
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HX8fbQek7+FIbRI6XVW7+0YTUoAvJfshHHrPeUkwRe9:YvXKX8f00YpW7+GUUUkee9
                      MD5:EED20689D003985932E403DFB9F8B327
                      SHA1:67FEB5A475DA0C07EA0294F82492C9D50C8F74AF
                      SHA-256:B7754AFD4F7A48104D22557A4A3E508106D4933B16C0EC128AECFE7ECEF2B67D
                      SHA-512:498C57F2A1C860201B5784915574B2B884948C3FDAABF94F6C5F77EC42B03ED8AB23D5345C420B3A6A965BE1CF8476C8F3EC8A3410844EC06EC278200C77B07C
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"a8aa232f-2130-4165-bb39-e7ace7610c31","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725018671656,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):782
                      Entropy (8bit):5.359229534051959
                      Encrypted:false
                      SSDEEP:12:YvXKX8f00YpW7+GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWalXn:Yv6X8f0iI168CgEXX5kcIfANh7X
                      MD5:9739A7866FDDC27A3ACF69F7354BB2C9
                      SHA1:BB48CA60FF5680E4B89BE13AE5BFD7AF23AC3358
                      SHA-256:7E1CCE0305F5E21383E5BF7AF53747D8FC1ABCD2D2A951254BF5C25EF831CF87
                      SHA-512:AA000687DDCF43CEDA4E1D56C92DCF74C85444625005244DC8E7CD9CA20300F50B05790228C5D77A889D9A28D8E042E5E7A54BF9E688A914C4D948DA5070E64F
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"a8aa232f-2130-4165-bb39-e7ace7610c31","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725018671656,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1724845451684}}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4
                      Entropy (8bit):0.8112781244591328
                      Encrypted:false
                      SSDEEP:3:e:e
                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                      Malicious:false
                      Preview:....

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2818
                      Entropy (8bit):5.134917580543527
                      Encrypted:false
                      SSDEEP:24:Y7DaEdaAf33ayRWrDFcCsubCigOEwvTR22jkj0SyJ5G2tVP2LScT0A55M9z6Pubj:Ylf3y6VubHgfwbjGLcVP6IA5e91
                      MD5:3272B418BF3B2F6856EEFC82E3C6FFFF
                      SHA1:716131C4D52F9448D245C04BE8307204CCFAB7AD
                      SHA-256:C7B2D680ED7F165C89F0EC22B9B60BFB049452BF7BA25E41F92CBD6C855C7863
                      SHA-512:C26DEAB2CCDAD87B384FA4ED80F9B4F42D44635DE7295044AD7059F2A01CA240BF628B131C0C41DDC46D189374FABEAB584B31EA2C450F75C40875F1957B8CA6
                      Malicious:false
                      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"cc0219ef81ff5c777e911eb459cbebe6","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1724845451000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"870e281a7b00d4656c59324400adc26a","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1724845451000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"33c5ef03a7f131c21b0a37f1b1132975","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1724845451000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"f8feffe6332a4bf0b4891c4cc979c543","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1724845451000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"887ce9b38a6d7305eb3abc17b8e42b01","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1724845451000},{"id":"Edit_InApp_Aug2020","info":{"dg":"64661e7a7c21e625fad61db10e79eddb","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                      Category:dropped
                      Size (bytes):12288
                      Entropy (8bit):0.9845049256735938
                      Encrypted:false
                      SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Spjh4zJwtNBwtNbRZ6bRZ4QhF:TVl2GL7ms6ggOVp2zutYtp6PJ
                      MD5:FC2D10E47EE33448188BC5F766A33C10
                      SHA1:B19D8107F3BE27D759C1070621C5C588C6DEB93C
                      SHA-256:E312D23EAAF3D5C9C541EE55213A58E9D46CDA6380D128DD362E5D9B0C28A37D
                      SHA-512:297ABF08F84774E0510476AE71C4BA5224E96CE3D756A38BD651C301AF91A29860471021F34C146A5F2072699B791DE37CE6A623280EADA9A8D4299229869C35
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):1.3384608559395441
                      Encrypted:false
                      SSDEEP:24:7+t51AD1RZKHs/Ds/SpjhPzJwtNBwtNbRZ6bRZWf1RZKzisqLBx/XYKQvGJF7urL:7MnGgOVptzutYtp6PM+qll2GL7msu
                      MD5:0F986600219C8ACD369A9C3BD881B36D
                      SHA1:58D2F81621ED174902D0C59B7B5A9D9E61E0A834
                      SHA-256:A659FD793249FAE137D9E6779F5DA241F614914308B5436424323BF6A1796AD8
                      SHA-512:3E2ACB141AD7179BE57650E8222006C30D1EC7C83209CA75EAC20AAB72CA2F5B132EF152C0B25DBD7A2C595B7EC84227E70CCD6028D7B10FFC1040C517A1B42E
                      Malicious:false
                      Preview:.... .c.......x9......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\MSI4bfec.LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):246
                      Entropy (8bit):3.51161293806784
                      Encrypted:false
                      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8deOj:Qw946cPbiOxDlbYnuRK9g
                      MD5:734D8391C1889A8984914195B0321149
                      SHA1:BCDE6D07EEF9E28B55F39C069D1E4FB9717A9F3E
                      SHA-256:0685232B9857847D263741F6A663909317FDC82D0071E86438C61A3CD3FD0F6C
                      SHA-512:26E2D9F3EF8EF521E85E22F5FBD3D839E1EB09C1C7E392CBD4E8569DD5A6F41882568F4C589A8AB6F27BE7819179FED74F0BC1BE85E4B81EA74804D7CA8C7BDB
                      Malicious:false
                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.8./.0.8./.2.0.2.4. . .0.7.:.4.4.:.1.4. .=.=.=.....

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-28 07-44-07-745.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393)
                      Category:dropped
                      Size (bytes):16525
                      Entropy (8bit):5.376360055978702
                      Encrypted:false
                      SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
                      MD5:1336667A75083BF81E2632FABAA88B67
                      SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
                      SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
                      SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
                      Malicious:false
                      Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393), with CRLF line terminators
                      Category:dropped
                      Size (bytes):15114
                      Entropy (8bit):5.3240225045444385
                      Encrypted:false
                      SSDEEP:384:Os6Vis3Bmfa0qjbqPvRjjOiQGvzUt9+KudqR9PxfWYMGkOMf6F3icZHGHaLx+kHW:Abj+T
                      MD5:7D641EFD01DB2713BDB2CF4AACA9307E
                      SHA1:74E6686CFB7064EE445CD46A675A9939C72BA6E4
                      SHA-256:CDCD7C65AEE0D8B1E608E24D35BE5610736A577285DC3D86BB08B31CEDD9BE4E
                      SHA-512:09F65634F3B6C6C007BF07CDC0ABBBB782DBBE04E3D349E98B58B4758DCD54D5D707CBC0215747FD96C968ED63A184E7B569D4CDDD495323C253D380DFB303AC
                      Malicious:false
                      Preview:SessionID=16f484a8-6525-4d66-a692-4e2609417933.1724845447768 Timestamp=2024-08-28T07:44:07:768-0400 ThreadID=3340 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=16f484a8-6525-4d66-a692-4e2609417933.1724845447768 Timestamp=2024-08-28T07:44:07:769-0400 ThreadID=3340 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=16f484a8-6525-4d66-a692-4e2609417933.1724845447768 Timestamp=2024-08-28T07:44:07:769-0400 ThreadID=3340 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=16f484a8-6525-4d66-a692-4e2609417933.1724845447768 Timestamp=2024-08-28T07:44:07:769-0400 ThreadID=3340 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=16f484a8-6525-4d66-a692-4e2609417933.1724845447768 Timestamp=2024-08-28T07:44:07:769-0400 ThreadID=3340 Component=ngl-lib_NglAppLib Description="SetConf

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):29752
                      Entropy (8bit):5.395202568405588
                      Encrypted:false
                      SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbV:TbiAEs
                      MD5:C366993A1E30EC6B336D5A3033554366
                      SHA1:F32C4934AB50BAACF9A0435ACDC6AD582C7076D5
                      SHA-256:52FBB98ADB23E598E15274F5764163D9159FEB5CE4776C4C0DF1AC6004AC6A1C
                      SHA-512:765ECD2863F52F8628F7D011E48CD4B2612A0B04E1DA294A36A157118562DBC215C56D931891116724B690D9F5EB45A459005F7C61A4A69D4BCE47AE8053120A
                      Malicious:false
                      Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

                      C:\Users\user\AppData\Local\Temp\acrocef_low\0416c8f8-cd64-467f-9842-eb8c6945e02a.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                      Category:dropped
                      Size (bytes):1419751
                      Entropy (8bit):7.976496077007677
                      Encrypted:false
                      SSDEEP:24576:/xaWL07oXGZGwYIGNPJwdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JaWLxXGZGwZGM3mlind9i4ufFXpAXkru
                      MD5:0A347312E361322436D1AF1D5145D2AB
                      SHA1:1D6C06A274705F8A295F62AD90CF8CA27555C226
                      SHA-256:094501B3CA4E93F626ABFCAE800645C533B61409DC3D1D233F4D053CE6A124D7
                      SHA-512:9856C231513B47DD996488DF19EEE44DBB320E55432984C0C041EF568B6EC5C05F5340831132890D1D162E0505CA243D579582EDB9157CF722A86EC8CE2FEAFE
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      C:\Users\user\AppData\Local\Temp\acrocef_low\051f2b92-3171-44d4-8d2a-b898ff3ed2bc.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                      Category:dropped
                      Size (bytes):1407294
                      Entropy (8bit):7.97605879016224
                      Encrypted:false
                      SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
                      MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
                      SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
                      SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
                      SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      C:\Users\user\AppData\Local\Temp\acrocef_low\264e6473-55ab-4a38-98e8-2503f6893fb1.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                      Category:dropped
                      Size (bytes):386528
                      Entropy (8bit):7.9736851559892425
                      Encrypted:false
                      SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                      MD5:5C48B0AD2FEF800949466AE872E1F1E2
                      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                      Malicious:false
                      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                      C:\Users\user\AppData\Local\Temp\acrocef_low\9b75ee11-18ef-4107-9751-ba598b2cc50e.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                      Category:dropped
                      Size (bytes):758601
                      Entropy (8bit):7.98639316555857
                      Encrypted:false
                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                      MD5:3A49135134665364308390AC398006F1
                      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                      Malicious:false
                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                      Static File Info

                      General

                      File type:PDF document, version 1.7
                      Entropy (8bit):7.976889500241774
                      TrID:
                      • Adobe Portable Document Format (5005/1) 100.00%
                      File name:Viking Culinary - Catalog.pdf
                      File size:4'161'872 bytes
                      MD5:8b1ca015ddd4cfbc27e92e4e4458d0f4
                      SHA1:35cf3dc2316ffd8ff97d187bd76fbc83cd6516db
                      SHA256:b30d51215ecf070eba0f2bce1f39cbd9073636af5ed4598fab4f5e58f7805392
                      SHA512:dc3f331513e228c893f0aa382c230145a14d795efcfef06e5bbcda3b56258b94b8306e425d9a3476397f887aac899e78f3e6fd61294759bddb99cf8a856c3f92
                      SSDEEP:98304:xxemgjaLrJ5SIl4+g8ZFUryLXZnWhXDCMbVWttXsH:yVaXDSIS18zUrmXZ4XDCMJck
                      TLSH:E316237CDA2E4294CFB10530915C3B86EC98B5F2E49414E6A611899F3BEDD92E724CFC
                      File Content Preview:%PDF-1.7.%.....2 0 obj.<<./Metadata 4 0 R./Outlines 5 0 R./Pages 6 0 R./Type /Catalog./AcroForm 7 0 R.>>.endobj.4 0 obj.<<./Subtype /XML./Type /Metadata./Filter /FlateDecode./Length 576.>>.stream..x..WKn.0......i.R.H.....6.f."h..[...!.(H4..jY.H.B).ve.(.).

                      File Icon

                      Icon Hash:62cc8caeb29e8ae0

                      Static PDF Info

                      General

                      Header:%PDF-1.7
                      Total Entropy:7.976890
                      Total Bytes:4161872
                      Stream Entropy:7.977193
                      Stream Bytes:4129581
                      Entropy outside Streams:4.834052
                      Bytes outside Streams:32291
                      Number of EOF found:1
                      Bytes after EOF:

                      Keywords Statistics

                      NameCount
                      obj394
                      endobj394
                      stream392
                      endstream392
                      xref0
                      trailer0
                      startxref1
                      /Page0
                      /Encrypt0
                      /ObjStm1
                      /URI0
                      /JS1
                      /JavaScript0
                      /AA0
                      /OpenAction0
                      /AcroForm1
                      /JBIG2Decode0
                      /RichMedia0
                      /Launch0
                      /EmbeddedFile0

                      Image Streams

                      IDDHASHMD5Preview
                      66167c7a3ef8f8f6f626f6d011d72329e3019fb1e6ea591a1e
                      67224161132301419110519ebb880f0d3855a0210f57b1bce8
                      68aa236113031109a78da62501f015f9946be1d58ef0e97e18
                      69b83a2b37131123c6a584dd484cedb6adef193313630c3798
                      70ea03daadacf60fa018e8d598b6a0837a7216fdc9020d3c89

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Aug 28, 2024 13:44:18.698076010 CEST49724443192.168.2.523.56.162.185
                      Aug 28, 2024 13:44:18.698112011 CEST4434972423.56.162.185192.168.2.5
                      Aug 28, 2024 13:44:18.698200941 CEST49724443192.168.2.523.56.162.185
                      Aug 28, 2024 13:44:18.698375940 CEST49724443192.168.2.523.56.162.185
                      Aug 28, 2024 13:44:18.698385954 CEST4434972423.56.162.185192.168.2.5
                      Aug 28, 2024 13:44:19.274576902 CEST4434972423.56.162.185192.168.2.5
                      Aug 28, 2024 13:44:19.274868011 CEST49724443192.168.2.523.56.162.185
                      Aug 28, 2024 13:44:19.274890900 CEST4434972423.56.162.185192.168.2.5
                      Aug 28, 2024 13:44:19.275859118 CEST4434972423.56.162.185192.168.2.5
                      Aug 28, 2024 13:44:19.275918961 CEST49724443192.168.2.523.56.162.185
                      Aug 28, 2024 13:44:19.302179098 CEST49724443192.168.2.523.56.162.185
                      Aug 28, 2024 13:44:19.302248001 CEST4434972423.56.162.185192.168.2.5
                      Aug 28, 2024 13:44:19.302393913 CEST49724443192.168.2.523.56.162.185
                      Aug 28, 2024 13:44:19.302405119 CEST4434972423.56.162.185192.168.2.5
                      Aug 28, 2024 13:44:19.351114035 CEST49724443192.168.2.523.56.162.185
                      Aug 28, 2024 13:44:19.406234026 CEST4434972423.56.162.185192.168.2.5
                      Aug 28, 2024 13:44:19.406410933 CEST4434972423.56.162.185192.168.2.5
                      Aug 28, 2024 13:44:19.406688929 CEST49724443192.168.2.523.56.162.185
                      Aug 28, 2024 13:44:19.406816006 CEST49724443192.168.2.523.56.162.185
                      Aug 28, 2024 13:44:19.406833887 CEST4434972423.56.162.185192.168.2.5
                      Aug 28, 2024 13:44:19.406852007 CEST49724443192.168.2.523.56.162.185
                      Aug 28, 2024 13:44:19.406903028 CEST49724443192.168.2.523.56.162.185

                      HTTP Request Dependency Graph

                      • armmf.adobe.com

                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.54972423.56.162.1854431812C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      TimestampBytes transferredDirectionData
                      2024-08-28 11:44:19 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                      Host: armmf.adobe.com
                      Connection: keep-alive
                      Accept-Language: en-US,en;q=0.9
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                      Sec-Fetch-Site: same-origin
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      Accept-Encoding: gzip, deflate, br
                      If-None-Match: "78-5faa31cce96da"
                      If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                      2024-08-28 11:44:19 UTC198INHTTP/1.1 304 Not Modified
                      Content-Type: text/plain; charset=UTF-8
                      Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                      ETag: "78-5faa31cce96da"
                      Date: Wed, 28 Aug 2024 11:44:19 GMT
                      Connection: close


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:07:44:04
                      Start date:28/08/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Viking Culinary - Catalog.pdf"
                      Imagebase:0x7ff686a00000
                      File size:5'641'176 bytes
                      MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:2
                      Start time:07:44:05
                      Start date:28/08/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                      Imagebase:0x7ff6413e0000
                      File size:3'581'912 bytes
                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:4
                      Start time:07:44:05
                      Start date:28/08/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2068 --field-trial-handle=1668,i,11947070378232099584,9321973127914871344,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                      Imagebase:0x7ff6413e0000
                      File size:3'581'912 bytes
                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      Disassembly

                      No disassembly