Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
fw9.pdf

Overview

General Information

Sample name:fw9.pdf
Analysis ID:1500781
MD5:4e7f7065f6e4a526452ffacb0134bc50
SHA1:3c265a136ba7fa236cdfc7b8f8b7853ed6c63e08
SHA256:2d420cbb4123dcf1fb82595b2359cfbb5d81f00b9df9d359fcc7af361d093f53
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6884 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\fw9.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 2368 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7272 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2124 --field-trial-handle=1728,i,11959092004605783410,16645408253018436185,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.4:49747 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49747 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49747 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49747 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49747 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49747 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49747 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49747 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49747 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49747 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49747 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49747 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.4:49747
Source: global trafficTCP traffic: 192.168.2.4:49747 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49747 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.4:49747
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.4:49747
Source: global trafficTCP traffic: 192.168.2.4:49747 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.4:49747
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.4:49747
Source: global trafficTCP traffic: 192.168.2.4:49747 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49747 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.4:49747
Source: global trafficTCP traffic: 192.168.2.4:49747 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.4:49747
Source: global trafficTCP traffic: 192.168.2.4:49747 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.4:49747
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.4:49747
Source: global trafficTCP traffic: 192.168.2.4:49747 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.4:49747
Source: global trafficTCP traffic: 192.168.2.4:49747 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.4:49747 -> 23.41.168.139:443
Source: Joe Sandbox ViewIP Address: 23.41.168.139 23.41.168.139
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.1.drString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: fw9.pdfString found in binary or memory: http://www.aiim.org/pdfua/ns/id/
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: classification engineClassification label: clean2.winPDF@14/47@0/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\A958n1go_1xq4s0b_2rs.tmpJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\fw9.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2124 --field-trial-handle=1728,i,11959092004605783410,16645408253018436185,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2124 --field-trial-handle=1728,i,11959092004605783410,16645408253018436185,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: fw9.pdfInitial sample: PDF keyword /JS count = 0
Source: fw9.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: A958n1go_1xq4s0b_2rs.tmp.0.drInitial sample: PDF keyword /JS count = 0
Source: A958n1go_1xq4s0b_2rs.tmp.0.drInitial sample: PDF keyword /JavaScript count = 0
Source: A9cerufj_1xq4s0c_2rs.tmp.0.drInitial sample: PDF keyword /JS count = 0
Source: A9cerufj_1xq4s0c_2rs.tmp.0.drInitial sample: PDF keyword /JavaScript count = 0
Source: A913syhhr_1xq4s0e_2rs.tmp.0.drInitial sample: PDF keyword /JS count = 0
Source: A913syhhr_1xq4s0e_2rs.tmp.0.drInitial sample: PDF keyword /JavaScript count = 0
Source: fw9.pdfInitial sample: PDF keyword stream count = 76
Source: fw9.pdfInitial sample: PDF keyword /AcroForm count = 2
Source: A958n1go_1xq4s0b_2rs.tmp.0.drInitial sample: PDF keyword /EmbeddedFile count = 0
Source: fw9.pdfInitial sample: PDF keyword /ObjStm count = 17
Source: fw9.pdfInitial sample: PDF keyword obj count = 86
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive12
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1500781 Sample: fw9.pdf Startdate: 28/08/2024 Architecture: WINDOWS Score: 2 6 Acrobat.exe 20 74 2->6         started        process3 8 AcroCEF.exe 106 6->8         started        process4 10 AcroCEF.exe 2 8->10         started        dnsIp5 13 23.41.168.139, 443, 49747 ZAYO-6461US United States 10->13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
fw9.pdf0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.aiim.org/pdfua/ns/id/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://www.aiim.org/pdfua/ns/id/fw9.pdffalse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
23.41.168.139
unknownUnited States
6461ZAYO-6461USfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1500781
Start date and time:2024-08-28 22:43:34 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 2s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:10
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:fw9.pdf
Detection:CLEAN
Classification:clean2.winPDF@14/47@0/1
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.227.187.23, 52.5.13.197, 52.202.204.11, 23.22.254.206, 2.19.126.205, 2.19.126.209, 172.64.41.3, 162.159.61.3, 2.16.241.13, 2.16.241.15, 2.16.164.121, 2.16.164.11
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, identrust.edgesuite.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, a1952.dscq.akamai.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, apps.identrust.com
  • Not all processes where analyzed, report is missing behavior information
  • VT rate limit hit for: fw9.pdf

Simulations

Behavior and APIs

TimeTypeDescription
16:44:43API Interceptor1x Sleep call for process: AcroCEF.exe modified

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
23.41.168.1390.exeGet hashmaliciousSliverBrowse
    2024AdoptionConference-WhovaDirections-Desktop.pdfGet hashmaliciousUnknownBrowse
      Payment Notification Invoice 1011fdp.pdfGet hashmaliciousUnknownBrowse
        Attachment_564086524-004.pdfGet hashmaliciousUnknownBrowse
          PENDING ORDER.pdfGet hashmaliciousHTMLPhisherBrowse
            test1.xlsGet hashmaliciousUnknownBrowse
              Payment Confirmation 9 - For Rockwool.pdfGet hashmaliciousHTMLPhisherBrowse
                Last Battleground #MN418983214.pdfGet hashmaliciousHTMLPhisherBrowse
                  Outlook365-closure form.pdfGet hashmaliciousUnknownBrowse
                    AdobeGenP.exeGet hashmaliciousUnknownBrowse

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      ZAYO-6461US0.exeGet hashmaliciousSliverBrowse
                      • 23.41.168.139
                      2024AdoptionConference-WhovaDirections-Desktop.pdfGet hashmaliciousUnknownBrowse
                      • 23.41.168.139
                      Secured Doc-[TcO-12691].pdfGet hashmaliciousUnknownBrowse
                      • 23.41.169.158
                      xWTju4vS5WGet hashmaliciousMiraiBrowse
                      • 207.235.234.125
                      Payment Notification Invoice 1011fdp.pdfGet hashmaliciousUnknownBrowse
                      • 23.41.168.139
                      Attachment_564086524-004.pdfGet hashmaliciousUnknownBrowse
                      • 23.41.168.139
                      PENDING ORDER.pdfGet hashmaliciousHTMLPhisherBrowse
                      • 23.41.168.139
                      test1.xlsGet hashmaliciousUnknownBrowse
                      • 23.41.168.139
                      Payment Confirmation 9 - For Rockwool.pdfGet hashmaliciousHTMLPhisherBrowse
                      • 23.41.168.139
                      Last Battleground #MN418983214.pdfGet hashmaliciousHTMLPhisherBrowse
                      • 23.41.168.139

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.233082808742767
                      Encrypted:false
                      SSDEEP:6:NLR5WEN+q2Pwkn2nKuAl9OmbnIFUt88LR5Wp9XZmw+8LR5WeGEVkwOwkn2nKuAlz:NLRWvYfHAahFUt88LRw9X/+8LRj5JfHi
                      MD5:0C950843BB795393FA896FC7A62B82B3
                      SHA1:CA70EB81C684E0AFE6E98C04F0DBBEC3AC52FA44
                      SHA-256:F44595A1F368EB836B3996A09090917CC890D040FE3EC2ABC94554B7C4F2EF2D
                      SHA-512:021D02840E2690E72CAB48A66DB616AE73AAA3CEA68DB6A728F2E489D87101D3A3F9C6A71F9D684B23B84E4FCBBF3803E4D8B2D73768E988F6E10408895E6460
                      Malicious:false
                      Reputation:low
                      Preview:2024/08/28-16:44:31.106 1c58 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/08/28-16:44:31.107 1c58 Recovering log #3.2024/08/28-16:44:31.108 1c58 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.233082808742767
                      Encrypted:false
                      SSDEEP:6:NLR5WEN+q2Pwkn2nKuAl9OmbnIFUt88LR5Wp9XZmw+8LR5WeGEVkwOwkn2nKuAlz:NLRWvYfHAahFUt88LRw9X/+8LRj5JfHi
                      MD5:0C950843BB795393FA896FC7A62B82B3
                      SHA1:CA70EB81C684E0AFE6E98C04F0DBBEC3AC52FA44
                      SHA-256:F44595A1F368EB836B3996A09090917CC890D040FE3EC2ABC94554B7C4F2EF2D
                      SHA-512:021D02840E2690E72CAB48A66DB616AE73AAA3CEA68DB6A728F2E489D87101D3A3F9C6A71F9D684B23B84E4FCBBF3803E4D8B2D73768E988F6E10408895E6460
                      Malicious:false
                      Reputation:low
                      Preview:2024/08/28-16:44:31.106 1c58 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/08/28-16:44:31.107 1c58 Recovering log #3.2024/08/28-16:44:31.108 1c58 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):336
                      Entropy (8bit):5.209788485839804
                      Encrypted:false
                      SSDEEP:6:NLR5WS5pq2Pwkn2nKuAl9Ombzo2jMGIFUt88LR5WSQFs9Zmw+8LR5WSCzkwOwknV:NLRnpvYfHAa8uFUt88LRyFs9/+8LRY56
                      MD5:8718A52439E3AB5CFB6F55F62B9B8CE3
                      SHA1:978BD990D46EF8E03C3A1AA1C2D54E7B708AF6C6
                      SHA-256:C284E2A9C89CF598CBBE30B3BC4F38745F156559E215F2DEAB45F9DCE01BB00A
                      SHA-512:68B089B21BE1715BF6C3958FB2F7199AE25100BFE98911826BE2AC49BCCC4EE58679C4D28D636E87E1C053D34A178A9CBB96D6222C2F05AD80E16CB288C534A9
                      Malicious:false
                      Reputation:low
                      Preview:2024/08/28-16:44:31.172 1ca4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/08/28-16:44:31.175 1ca4 Recovering log #3.2024/08/28-16:44:31.176 1ca4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):336
                      Entropy (8bit):5.209788485839804
                      Encrypted:false
                      SSDEEP:6:NLR5WS5pq2Pwkn2nKuAl9Ombzo2jMGIFUt88LR5WSQFs9Zmw+8LR5WSCzkwOwknV:NLRnpvYfHAa8uFUt88LRyFs9/+8LRY56
                      MD5:8718A52439E3AB5CFB6F55F62B9B8CE3
                      SHA1:978BD990D46EF8E03C3A1AA1C2D54E7B708AF6C6
                      SHA-256:C284E2A9C89CF598CBBE30B3BC4F38745F156559E215F2DEAB45F9DCE01BB00A
                      SHA-512:68B089B21BE1715BF6C3958FB2F7199AE25100BFE98911826BE2AC49BCCC4EE58679C4D28D636E87E1C053D34A178A9CBB96D6222C2F05AD80E16CB288C534A9
                      Malicious:false
                      Reputation:low
                      Preview:2024/08/28-16:44:31.172 1ca4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/08/28-16:44:31.175 1ca4 Recovering log #3.2024/08/28-16:44:31.176 1ca4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):475
                      Entropy (8bit):4.965217949670705
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqRsBdOg2HZtcaq3QYiubInP7E4T3y:Y2sRdsTdMHm3QYhbG7nby
                      MD5:4F3696B8FEF9A0CA57CC55692BF31606
                      SHA1:53DBA66BD428780881B0D134D37F918107B328C6
                      SHA-256:578D34ECE67137314ED63D58A39CC3287D21AE1C6EA506754A878C581C289643
                      SHA-512:566E84E9F46F53562DEFBD780716BDCFD55871EC46CFC9CAB7D23E2D6C365BD1033D4959A2DD8F789BF9BD5517D3C4B5F8837EFB07D160C1CFA69DBD8F15EC49
                      Malicious:false
                      Reputation:low
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369437883741651","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":135084},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d8d54b14-9269-4362-8268-297212cd6dae.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:modified
                      Size (bytes):475
                      Entropy (8bit):4.965217949670705
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqRsBdOg2HZtcaq3QYiubInP7E4T3y:Y2sRdsTdMHm3QYhbG7nby
                      MD5:4F3696B8FEF9A0CA57CC55692BF31606
                      SHA1:53DBA66BD428780881B0D134D37F918107B328C6
                      SHA-256:578D34ECE67137314ED63D58A39CC3287D21AE1C6EA506754A878C581C289643
                      SHA-512:566E84E9F46F53562DEFBD780716BDCFD55871EC46CFC9CAB7D23E2D6C365BD1033D4959A2DD8F789BF9BD5517D3C4B5F8837EFB07D160C1CFA69DBD8F15EC49
                      Malicious:false
                      Reputation:low
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369437883741651","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":135084},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4730
                      Entropy (8bit):5.255385755348742
                      Encrypted:false
                      SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7Z6qZxb/+qcwdxZ:etJCV4FiN/jTN/2r8Mta02fEhgO73got
                      MD5:29347ACFA081B0B375CC77631C7604BA
                      SHA1:5B1ABD826BCE1E2848804C9193ECB5BBF55B71FE
                      SHA-256:30DC010551F7153FBC24954FB46014112423D8C54AEFA14998BC4DF7AF641F28
                      SHA-512:438F1E1BC3DC00CFFF4A39FAAFD61722B286957D586669136D28A48F23168CE51D8B957B874DF3979F8AB9A0ADC33D19A266B1C76D7C570363E403753B229539
                      Malicious:false
                      Reputation:low
                      Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):324
                      Entropy (8bit):5.220583088199007
                      Encrypted:false
                      SSDEEP:6:NLR5WDdOq2Pwkn2nKuAl9OmbzNMxIFUt88LR5WOHZZmw+8LR5WgCzkwOwkn2nKuP:NLRaOvYfHAa8jFUt88LR5/+8LRHq5Jfv
                      MD5:2DD4669908D16E41787037089BCEC7FD
                      SHA1:C6FB4974560006E333731154BBF83E739F2530F7
                      SHA-256:A482C2FD23D1227368371E071F2AB7EF10ACA631B4E4F880604B4744EC3A6BDE
                      SHA-512:E80CE4A8FD0F369E44051D906E0C92A6E5AD835C846690C5A7AA9C74D7629C6F2059C9C2D98B33BF931903183C5EE1AC1B1C31BF9E263D53FD349105F0FAA6DC
                      Malicious:false
                      Reputation:low
                      Preview:2024/08/28-16:44:31.523 1ca4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/08/28-16:44:31.584 1ca4 Recovering log #3.2024/08/28-16:44:31.596 1ca4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):324
                      Entropy (8bit):5.220583088199007
                      Encrypted:false
                      SSDEEP:6:NLR5WDdOq2Pwkn2nKuAl9OmbzNMxIFUt88LR5WOHZZmw+8LR5WgCzkwOwkn2nKuP:NLRaOvYfHAa8jFUt88LR5/+8LRHq5Jfv
                      MD5:2DD4669908D16E41787037089BCEC7FD
                      SHA1:C6FB4974560006E333731154BBF83E739F2530F7
                      SHA-256:A482C2FD23D1227368371E071F2AB7EF10ACA631B4E4F880604B4744EC3A6BDE
                      SHA-512:E80CE4A8FD0F369E44051D906E0C92A6E5AD835C846690C5A7AA9C74D7629C6F2059C9C2D98B33BF931903183C5EE1AC1B1C31BF9E263D53FD349105F0FAA6DC
                      Malicious:false
                      Reputation:low
                      Preview:2024/08/28-16:44:31.523 1ca4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/08/28-16:44:31.584 1ca4 Recovering log #3.2024/08/28-16:44:31.596 1ca4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240828204435Z-236.bmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                      Category:dropped
                      Size (bytes):71190
                      Entropy (8bit):1.5815784782085038
                      Encrypted:false
                      SSDEEP:96:w1oZMqX8efH1MyTDMT3M4M3qAM4MtHhMM47zFiM6MMrMMx6XgMMMMM4YfI4MM1MB:3AHoAePgT
                      MD5:64F36373DD14F2D05E45B3430EABE0DA
                      SHA1:6B293984AE01F9253421DC20BDD718644F4DB4F9
                      SHA-256:D1E3F20F275AA7B1BD1E31D606C2A1FDB5AB0E400BE608517039BEB408AF0565
                      SHA-512:B1418272765CD3B554F93169A313BE584E819DD92668FA68AF9CB0281582683C8C290C5CD5739FB729C56DF8E0F9E2809FAC27C4B0DA310080DE4E3010B66C07
                      Malicious:false
                      Reputation:low
                      Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                      Category:dropped
                      Size (bytes):86016
                      Entropy (8bit):4.445633664156097
                      Encrypted:false
                      SSDEEP:384:yezci5tUiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rDs3OazzU89UTTgUL
                      MD5:878FFB9E67150848E6A15CF7E3320FC5
                      SHA1:8FBB9E4959D0F4FF64961D0A0BAC79DB2C955D81
                      SHA-256:35C4E56CCD626C960590C9EF722297B960576989756DE483C90D3AD3B54CD108
                      SHA-512:6D258A2FFD268602F2D260B3D07B346A2E7FF2BB12067F55DF329017B920C8B7549BD73B9AA66E36F9DDD35D917A04B9E49A1EF2226AD53134CAE5B3AEBCB1FF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):3.777183207450017
                      Encrypted:false
                      SSDEEP:48:7Mhlcp/E2ioyVWJioy9oWoy1Cwoy1hyKOioy1noy1AYoy1Wioy1hioybioyLmoyR:7HpjuUF3XKQXeb9IVXEBodRBkvO
                      MD5:D3749E826143C9BF7BD2B2BC04E7FCAE
                      SHA1:44E64E1B8DD025A55DD71BA93B40CEDEB731BBC2
                      SHA-256:3C63EB1B474D5F8D070F3365F3E6A3AA9A8DCE117A34A775488A4B852CDD35EF
                      SHA-512:DA1CA7770687EA146EC6FCDE5240BFD987F9581C1E1FAC52090F83455A16A8FD757CADA94C4ECAC3E85D531988758319DD3BBDDC2984739D5C38082C99950E63
                      Malicious:false
                      Preview:.... .c.....!..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):893
                      Entropy (8bit):7.366016576663508
                      Encrypted:false
                      SSDEEP:24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
                      MD5:D4AE187B4574036C2D76B6DF8A8C1A30
                      SHA1:B06F409FA14BAB33CBAF4A37811B8740B624D9E5
                      SHA-256:A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
                      SHA-512:1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
                      Malicious:false
                      Preview:0..y..*.H.........j0..f...1.0...*.H.........N0..J0..2.......D....'..09...@k0...*.H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0...*.H.............0..........P..W..be......,k0.[...}.@......3vI*.?!I..N..>H.e...!.e.*.2....w..{........s.z..2..~..0....*8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.*....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i....*.)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0...*.H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..|.Wv..(9..e...w.j..w.......)...55.1.

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):252
                      Entropy (8bit):3.034404395079139
                      Encrypted:false
                      SSDEEP:3:kkFklIvREttfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7l3:kKjZAxliBAIdQZV7I7kc3
                      MD5:128D8F8B7549D04B1916477A4B6B19B8
                      SHA1:369AD7FA9B1C13BE1768E32BA8AE7DE5640559A5
                      SHA-256:D6ABF661F32DCE7D92EB76B86A9F9F0D7CB7610C383466FB4CC7BBDE4AC72CD3
                      SHA-512:BBEB85527725DDEBFDFC8642A721FC23A0DA0701318EF9AECCAE9C63113BDC05A0EB57F3A7DAE3F25610D6D51CF2CAF58D36262EDF5274DDB33D9A5E2BDF60E9
                      Malicious:false
                      Preview:p...... ....`...........(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):245879
                      Entropy (8bit):3.3455256012212757
                      Encrypted:false
                      SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqZrRo+Run:yPClJ/3AYvYwgOFo+Run
                      MD5:D416A6606BB6270032E37D47035F593E
                      SHA1:D2F1F1FEFB92B06B1939863F2EEF439A48078512
                      SHA-256:93A60D803CFBD0C40616A8864443F78BACDA50208883358876378B831B91C489
                      SHA-512:8373BA3C5D8010A2E0BDAB5EBB4CA03D01A183B122EC2ED59A2266D183673E32973E110C11E2A594AE80AB8D3A895784420EB44989952E26DF12FA16F2A46BA2
                      Malicious:false
                      Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):295
                      Entropy (8bit):5.37261723294546
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXFdc53WwkBcVnVoZcg1vRcR0YbKoAvJM3g98kUwPeUkwRe9:YvXKXFdamrqVWZc0vo5GMbLUkee9
                      MD5:548949997DA5CF4FC70FB23027A5DF0A
                      SHA1:EC60724288772E4FE106FDA247B27324797D5A47
                      SHA-256:9E05BCEC6A6BF5EF82C6729B0B172EF5FE06CAC38738BE6C4DCDED24E39B62E5
                      SHA-512:8C05DE96F80C11A76BDDAA1AD860DBE0D9FCCD1DAAB983D6025377729CA7D2FDA125191FB29C54D4A030F88BF08CE82690659DD1B884A81CC008153DABA6BC11
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"2b7d2639-a26e-46ca-8bb5-70dd32cd7d90","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1725056706819,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.324830641576452
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXFdc53WwkBcVnVoZcg1vRcR0YbKoAvJfBoTfXpnrPeUkwRe9:YvXKXFdamrqVWZc0vo5GWTfXcUkee9
                      MD5:8056ECC50DBBDBBE07B3E865FC7FF464
                      SHA1:A5FA1D1982B3493800781B1C660981125BEA2D51
                      SHA-256:E6673831E5B05FBFCD5E56074EF4586E0989E71E327DE38E49CB77E693F6E13C
                      SHA-512:3128AC84DAEABF29332DEB0150FDFB042A21620C6FE491D8497157639A05E41F2C30D23F9B4B64D8AACD1D6E455A11D2EF1BBB895595AD7A585455500759985D
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"2b7d2639-a26e-46ca-8bb5-70dd32cd7d90","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1725056706819,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.30309013693426
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXFdc53WwkBcVnVoZcg1vRcR0YbKoAvJfBD2G6UpnrPeUkwRe9:YvXKXFdamrqVWZc0vo5GR22cUkee9
                      MD5:4D7E94A9527BAADEFBC7D6FE95899397
                      SHA1:DE06A6E043BED905D5F62C2B386EE9C157FE35E6
                      SHA-256:D6AE7788EF189A8E28CFBC5085F0A8BCEF42B27BEF4F4D6639F9018F139F2436
                      SHA-512:EA1F5A37670FD7EFF9F5567982FC54F7D42F792AA9411F3DD3ACA7C27E99E38391B646F18668D4D5E8F38A2C3A081E307DD8D0737C069101ADC698E7A304F524
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"2b7d2639-a26e-46ca-8bb5-70dd32cd7d90","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1725056706819,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):285
                      Entropy (8bit):5.3599524355135415
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXFdc53WwkBcVnVoZcg1vRcR0YbKoAvJfPmwrPeUkwRe9:YvXKXFdamrqVWZc0vo5GH56Ukee9
                      MD5:D985909DA072A9C76BAB5C456DEF7F48
                      SHA1:9EA9F03C2C95A87E9F267477835A6FA26A8D3382
                      SHA-256:C6FD8F16B3C1D9361AA18739EBF44B1B0781B79FB8B2EFFA67A5E43F6DE505E1
                      SHA-512:4065036F7A348CD2AE020E909534E363739955CEBB503E2F1F0205550019D7F3998FD72074D0D9AFE8F8092D87F56FC811F21A3C3735BD6C948164854A724525
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"2b7d2639-a26e-46ca-8bb5-70dd32cd7d90","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1725056706819,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1063
                      Entropy (8bit):5.663293213005563
                      Encrypted:false
                      SSDEEP:24:Yv6XamruWzvfpLgEFqciGennl0RCmK8czOCY4w2ZI:Yv5unhgLtaAh8cvYvcI
                      MD5:A076385E7006B0EC401750D938EBCB8F
                      SHA1:295FBA9BFF3C0487EA850944A397EC489F0E1463
                      SHA-256:663BEE80D07174317590568F574440CF8CBBD6D53CA297FC5A9F3CDF01617E06
                      SHA-512:26813772A4AB7B12E9591F5AE8007993FFD8D06562AAB86223B74D0CA4B6EC07BDE89A836A57EF16F8BC514427B51FD13BDCBBF3B038DF926050AD7B8F86EA8C
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"2b7d2639-a26e-46ca-8bb5-70dd32cd7d90","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1725056706819,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1050
                      Entropy (8bit):5.653495293195391
                      Encrypted:false
                      SSDEEP:24:Yv6XamruWzvDVLgEF0c7sbnl0RCmK8czOCYHflEpwiVZI:Yv5urFg6sGAh8cvYHWpwKI
                      MD5:2EAA590793ADD0180D898AC4A535A70A
                      SHA1:36772CB842AB88D40677A053F33DDB6A750E8E0E
                      SHA-256:D4E4DB66F5B8AFADE7BCC0D75FFD26CED0405F344010ACAD056650DCA9DEEFCE
                      SHA-512:32338EAE6D16AA58E09B2CCD76B3C24CC4D49E001F1CA2186FC168FB0C09485091DC988CE57225897BA14ED7EA79C3592D25281F5C893D3B15D4AD8B1BBB8459
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"2b7d2639-a26e-46ca-8bb5-70dd32cd7d90","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1725056706819,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.308162912449282
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXFdc53WwkBcVnVoZcg1vRcR0YbKoAvJfQ1rPeUkwRe9:YvXKXFdamrqVWZc0vo5GY16Ukee9
                      MD5:32167DED0B9613862A18A33B1C9A5D5B
                      SHA1:8337CB95D01C03CAC96B5D4A2A3C1B318F0BEB25
                      SHA-256:B617950A45C7605222C754167BC16686A3944B897C1F1DE8998C7A18AD3212BB
                      SHA-512:2184CCF506FAC782650BBD2E0F28E8192B13C5F2DFB359058998E03BC9D2144BAEA739774C8CC17D5C7A4513407EC5C235EE33C6AD97955AAC427837EE975A7E
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"2b7d2639-a26e-46ca-8bb5-70dd32cd7d90","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1725056706819,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1038
                      Entropy (8bit):5.64438445638575
                      Encrypted:false
                      SSDEEP:24:Yv6XamruWzvS2LgEF7cciAXs0nl0RCmK8czOCAPtciBZI:Yv5u6ogc8hAh8cvAXI
                      MD5:5B32E0405A00DF38F5724B9D219C346A
                      SHA1:537E2B110932578F08D079303EDBEDD41774E3F6
                      SHA-256:877EB4BCD0D4D571A5965F2D7EC5299A096A128F4705793B857A704B1D56892A
                      SHA-512:5EFFEEDF06484866F31B995AC06C747A4B0363998E1BE097F687509927D01C963A471B9CAB218FF6430C4328FD1E6826ADC2A46A95633B7F7688076011D3C52D
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"2b7d2639-a26e-46ca-8bb5-70dd32cd7d90","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1725056706819,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1164
                      Entropy (8bit):5.697671933799994
                      Encrypted:false
                      SSDEEP:24:Yv6XamruWzvOKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5ZI:Yv5uGEgqprtrS5OZjSlwTmAfSKLI
                      MD5:A225A677C037F40D96EC9E40917C9D18
                      SHA1:E3AC902D1F5B37D1A43083E57B89FA767A59BDAC
                      SHA-256:689F03939E4444C53284F8B69B6DC5421EA7E42060B4245E23802C2B12E09A7D
                      SHA-512:4A88523A0552573B67BEAEF727510104C2BA7CA621203321BB475C2D291D6CB5D3D2313698EA250015BDD5525ACAD3A082042CCE4E2C3B0B99270A8FDC059086
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"2b7d2639-a26e-46ca-8bb5-70dd32cd7d90","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1725056706819,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.3105972027869655
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXFdc53WwkBcVnVoZcg1vRcR0YbKoAvJfYdPeUkwRe9:YvXKXFdamrqVWZc0vo5Gg8Ukee9
                      MD5:90D0E04DD6D16586292D8B92CAAEC7CA
                      SHA1:F45E4C9E5AC3ECE75583627E6B0B9E946FC469CF
                      SHA-256:79406797E8CE4924AB9581F624A6ABDE46CADA35D369570C2590ECEED73891CA
                      SHA-512:BBECF374EF5D449449A8DFA31BF37C7752B34A2554166F4235260CDDD0B785B3F598D2C944B1776FB383798C53FC9B31C573E7678380887E9BBE92F38D281104
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"2b7d2639-a26e-46ca-8bb5-70dd32cd7d90","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1725056706819,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1395
                      Entropy (8bit):5.775539379772106
                      Encrypted:false
                      SSDEEP:24:Yv6XamruWzvFrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNhI:Yv5uNHgDv3W2aYQfgB5OUupHrQ9FJLI
                      MD5:F8F2CE13595A9210DDF953B96D0CD778
                      SHA1:7ADA7B4A7613B0CC51B89DE543779FF379BDBACE
                      SHA-256:A5B958231E71F7222CFEAE901B5C8FEDF29F12AFF2D167403D0F9E543C09E6A7
                      SHA-512:5A039555D43FC5A0087B983574CAEB6A652FB7E525EC559F8705D86DE65822F6F546EB933D7BBF72CE327747FAD3342FF02A2C93856E6631F1B4931F7D27DF05
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"2b7d2639-a26e-46ca-8bb5-70dd32cd7d90","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1725056706819,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):291
                      Entropy (8bit):5.294071467451983
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXFdc53WwkBcVnVoZcg1vRcR0YbKoAvJfbPtdPeUkwRe9:YvXKXFdamrqVWZc0vo5GDV8Ukee9
                      MD5:DA085596E2423104BE6F1B0A8CA33880
                      SHA1:20D1358E29B056FC65B175DB92EAF9B63A3614CC
                      SHA-256:ED1EDA7CFB3CDBE02490DCC4F47635F9CD2A3A331CADA42DDDD83A3D3AB0FF48
                      SHA-512:4E5BED8D07940F86C285CCEE7CEE6F3D360050581C8F672FFABA715B5513797EB645100003057120C57F6E9B41D3057880E50B5AD836FF75EFCEBDEE9A44D13E
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"2b7d2639-a26e-46ca-8bb5-70dd32cd7d90","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1725056706819,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):287
                      Entropy (8bit):5.298869601200098
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXFdc53WwkBcVnVoZcg1vRcR0YbKoAvJf21rPeUkwRe9:YvXKXFdamrqVWZc0vo5G+16Ukee9
                      MD5:3C402A869C63D01A680F759A85A9B965
                      SHA1:69152D9372DE54E9C382A6D35CC1C88D788B1071
                      SHA-256:10571630623E2903AD57083521F8C4A12FC9C90B05900E498DF32D66DDD87B67
                      SHA-512:C8EB4D3CB71A12FCD4C625AEA516B85377703966ABB8D1060FBFFB3BA4586DD2E5D8202AD642242530EBD38440E091ADA1B914EE4543E91CAC6A1ACEC494AA1F
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"2b7d2639-a26e-46ca-8bb5-70dd32cd7d90","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1725056706819,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1058
                      Entropy (8bit):5.650857266036492
                      Encrypted:false
                      SSDEEP:24:Yv6XamruWzvHamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BZI:Yv5u3BguOAh8cv+NK0I
                      MD5:C9E601103A7A7FA2CB801C2533755E82
                      SHA1:610411C4D521550E0D45A263B4023DAF8D63030A
                      SHA-256:B7D927FF9E3A661EC9F8859F092130BFAF3E1F0FA11C505DA178A08D2F5B286E
                      SHA-512:5629364A014EFA40D71ADB86D06993E96E633BA6ED303770DF2F549DE85FF4A15388267FC9EEED4BCF1CA31DC74501ADE5C9911436C6A484003EBBF327DA2777
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"2b7d2639-a26e-46ca-8bb5-70dd32cd7d90","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1725056706819,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):286
                      Entropy (8bit):5.272051391741286
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXFdc53WwkBcVnVoZcg1vRcR0YbKoAvJfshHHrPeUkwRe9:YvXKXFdamrqVWZc0vo5GUUUkee9
                      MD5:153E713B9B5438C58FEF22F5813D3ADE
                      SHA1:B28361B97EC546ABD135B88C7FA361FFB7DA5105
                      SHA-256:24E0DD31AF3659AB5C57B07F24980E47B19CE339F5CA506D6B3272E8E6F944A4
                      SHA-512:AA9500088506692823CAE02399CE12E6E4ECFE31CAABF887F62E38BB391C4E01F7F13C384B34682546DEFFD5707CA8725E314A20864F9EE3CD0444A5E61ED1A6
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"2b7d2639-a26e-46ca-8bb5-70dd32cd7d90","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1725056706819,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):782
                      Entropy (8bit):5.366023209906743
                      Encrypted:false
                      SSDEEP:12:YvXKXFdamrqVWZc0vo5GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW1U:Yv6XamruWzvs168CgEXX5kcIfANhKI
                      MD5:E0C07303C4526700A0C7327047FE127A
                      SHA1:3FFCA7C7A0C618B4B8B48A945C1EAECDCA561E16
                      SHA-256:C4B8AA29B57CCABEBA09F620326DA9A12AB2F46FEAB2131748842A4EACC389B4
                      SHA-512:476B1F626F61C0871715D0EF6552DFB35FE4C133E6BC12A0C054C56FCA2D6AA542CA28AD6875DE11A1FF7202C7314D72DDB8EA072853F770431FE7A974618E4B
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"2b7d2639-a26e-46ca-8bb5-70dd32cd7d90","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1725056706819,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1724877876851}}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4
                      Entropy (8bit):0.8112781244591328
                      Encrypted:false
                      SSDEEP:3:e:e
                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                      Malicious:false
                      Preview:....

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2818
                      Entropy (8bit):5.140199711314335
                      Encrypted:false
                      SSDEEP:24:YzLB1xXhnaQ4aypIPPhNXMCLhxnmcq0vqxmpxd7cfpcjqENvj0SHS/Ij0Y/2Z2L7:Y5JbSKLrYx0ZD7Rj3gikpWR9T
                      MD5:DA23F71C483D215014F37EFED078A5C8
                      SHA1:CDBA0C2E513B1A18943F62D72354827942AA0FA9
                      SHA-256:6A059A284858FA9088CF321F842F0FEB23998620C246B4D8F5C48D48E8CB1FC8
                      SHA-512:7B6C95FF0BEE58C7221AF5953EC2C1E6A3BDD3C97CB0904BB1767614711087AFD70B8EA4B204C0A973F7E959B3622B781546BE484E575688D352BFD8BDEE0508
                      Malicious:false
                      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"3da31edd4d476768ac2cffc1ba3ee315","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1724877876000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"2171e32a3083676280179dbbdbe9b193","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1724877876000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"350cbc9327ea5a4fb932cb937644f656","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1724877876000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"8c077243c7ab8765093aeb36c3b051b0","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1724877876000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"3e5cbc03de4f2a01ba61f2389c23b4e1","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1724877876000},{"id":"Edit_InApp_Aug2020","info":{"dg":"f914de9a0ab1525d3c00f3c17bf76929","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                      Category:dropped
                      Size (bytes):12288
                      Entropy (8bit):1.1884113824958602
                      Encrypted:false
                      SSDEEP:48:TGufl2GL7msEHUUUUUUUU1SvR9H9vxFGiDIAEkGVvp1:lNVmswUUUUUUUU1+FGSItB
                      MD5:C10FE8751EAA4500737AA708DD54F562
                      SHA1:2D2A2B8608E123DF4342280948C267866C74CA31
                      SHA-256:E5AF701E5F75599BF05E6EA2BA4E0D412504AD7B911F30974257696DFBE7B0AC
                      SHA-512:D29E294DBE53658817CA38E12F7BF64A685F826D43BB12DB2B36AFA0B424C2BC50B611BBD50CFF4F1830683CE3CAAD1CFDF0EBDE0282FC3C13B25D89D996D5D9
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):1.6083009294560506
                      Encrypted:false
                      SSDEEP:48:7MIzKUUUUUUUUUUtvR9H9vxFGiDIAEkGVv7qFl2GL7msM:7KUUUUUUUUUUJFGSItJKVmsM
                      MD5:CD3DCE06638882F9100CE4AA51F5972F
                      SHA1:665A17B10D5246DF1EA4636B2A168AC0AA60068C
                      SHA-256:A389E409A10209B0594AB6363F1A094FC65301FC1E2C36FA86E1AC319267903E
                      SHA-512:DF3BD39D8101D3F067FF359CF66508DB66BB42B5DCF4876B3679E7438CBDCF7BDAB686C668969C10DC45BF9BFDF40F2FC90CE9DBDAB0553492B598748D4C73F4
                      Malicious:false
                      Preview:.... .c.......,......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\MSIec769.LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):246
                      Entropy (8bit):3.5441332632710916
                      Encrypted:false
                      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8dArN07w:Qw946cPbiOxDlbYnuRKfN07w
                      MD5:D4D873CC44B8D9E0C624FBECE1FC11E1
                      SHA1:B22654DF2B1A4D0859CA7B091C143373148C4CD3
                      SHA-256:209A8E2261670A9F4B7B5544080E93D92A803183677115B08299B8FEE9FC9DF2
                      SHA-512:EF9B9EEDEB7DAA2F9CE7F50C28D6D0BD7511FF189EB2B450A4AD90FCB34FA27524B0D723DA32D36DD161EA730EF184EB5F22DD46370E7959C2765D3D183B9AA8
                      Malicious:false
                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.8./.0.8./.2.0.2.4. . .1.6.:.4.4.:.3.9. .=.=.=.....

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\A913syhhr_1xq4s0e_2rs.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PDF document, version 1.6, 0 pages
                      Category:dropped
                      Size (bytes):358
                      Entropy (8bit):5.0485935471883865
                      Encrypted:false
                      SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOGBtIsitIsJqLCSyAAO:IngVMre9T0HQIDmy9g06JXWB+GDlX
                      MD5:A813E24A1F2ACC1579A0FC65632DCAC3
                      SHA1:6B18F0EAC940E596D1392176D7B5436376CD745A
                      SHA-256:8CB4A78DC63A2B3E12AAAFB886EF356AC3785638B8BC56739CEA6463C0452924
                      SHA-512:0F018F635CA0C50629DB66211523B67184279BC27E18348738A2DF023A193F585098AE05D294A6AB1841060606E674D78FD0D62B9706ACD60325613889EE2383
                      Malicious:false
                      Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<C36244E460708D45AA9238C929E339CD><C36244E460708D45AA9238C929E339CD>]>>..startxref..127..%%EOF..

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\A958n1go_1xq4s0b_2rs.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PDF document, version 1.6, 0 pages
                      Category:dropped
                      Size (bytes):358
                      Entropy (8bit):5.043861014527863
                      Encrypted:false
                      SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOCuj3Fuj3amCSyAAO:IngVMre9T0HQIDmy9g06JXSS3FS3ZlX
                      MD5:8F0E3278255E6FE6475338C0640F53BE
                      SHA1:CD7E9EEF2DD7229E43904266CECAC1E1BD7BF3B5
                      SHA-256:A49F982E78214283F94C7DB628F2DFDB95AB82386D6592C03A36B70A7466A7DF
                      SHA-512:5C007CC9600CF1FA15193727D61283B1AB85BE6CC6215EBFC98BAB91939B3AB3FF4844AC869BDF4E7BB3EDE32EB90613F47DDD224BBA70BBEDA33032A2CDD744
                      Malicious:false
                      Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<ABB551A46DEC7545A25F55A1E40D82F6><ABB551A46DEC7545A25F55A1E40D82F6>]>>..startxref..127..%%EOF..

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9cerufj_1xq4s0c_2rs.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PDF document, version 1.6, 0 pages
                      Category:dropped
                      Size (bytes):358
                      Entropy (8bit):5.08176424552524
                      Encrypted:false
                      SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOxqjgsScwbvggsScwbvqCSyAAO:IngVMre9T0HQIDmy9g06JXhqclRlmlX
                      MD5:94CB264E918AF5C690BF85D96EECDFEF
                      SHA1:0D30C54DA27D64B291461D7264A8675EC2B4C630
                      SHA-256:042663D8D4372FEDA96FE28616AF267A5850E252521108E0867AC27E5574A18B
                      SHA-512:0D114F634D757696F28C49A5BE6CD36642A27351C2BD832E88423079ECE251897BDC6D4C0AE097B1F74B7FF7D2F70CF049664B3A2AA0401F9F9424E7A5E4794F
                      Malicious:false
                      Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<546CB63CAAE989429A4948706237D265><546CB63CAAE989429A4948706237D265>]>>..startxref..127..%%EOF..

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-28 16-44-33-360.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393)
                      Category:dropped
                      Size (bytes):16525
                      Entropy (8bit):5.345946398610936
                      Encrypted:false
                      SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                      MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                      SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                      SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                      SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                      Malicious:false
                      Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393), with CRLF line terminators
                      Category:dropped
                      Size (bytes):15114
                      Entropy (8bit):5.366439423369836
                      Encrypted:false
                      SSDEEP:384:90yBaYzLgLqs7n+jSQzHX3iWShIPFrzdBKYC8UvEVCItPR9P/cLEFeF4tXFxZ63A:13T
                      MD5:C73A31689EF66DE4FE165A11BAC9E6FB
                      SHA1:BB73BF9FE9558C47AADB1A038F001B30193EFD40
                      SHA-256:68050B189522804F6F82923034B6B45A36F3DD0DDE53F5810CEE3A9DD837190C
                      SHA-512:BB6D8D64303F05188321603185955A0A76DB8BA112ACDB9657B70136A989D67E0CF3DD3610C50CAB972244B790DB8779C0FED2BDC482EE5AD3AE3EBDB83CCF71
                      Malicious:false
                      Preview:SessionID=60a9b6f5-5a2f-4559-8457-2f72248ef83f.1724877873369 Timestamp=2024-08-28T16:44:33:369-0400 ThreadID=5780 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=60a9b6f5-5a2f-4559-8457-2f72248ef83f.1724877873369 Timestamp=2024-08-28T16:44:33:369-0400 ThreadID=5780 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=60a9b6f5-5a2f-4559-8457-2f72248ef83f.1724877873369 Timestamp=2024-08-28T16:44:33:369-0400 ThreadID=5780 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=60a9b6f5-5a2f-4559-8457-2f72248ef83f.1724877873369 Timestamp=2024-08-28T16:44:33:369-0400 ThreadID=5780 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=60a9b6f5-5a2f-4559-8457-2f72248ef83f.1724877873369 Timestamp=2024-08-28T16:44:33:369-0400 ThreadID=5780 Component=ngl-lib_NglAppLib Description="SetConf

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):29752
                      Entropy (8bit):5.389013700522475
                      Encrypted:false
                      SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r3:L
                      MD5:2C93336034511D22C50EF3268674B0BA
                      SHA1:C2555CD20507ED87C9938C0959B47F9B38184846
                      SHA-256:79D589E39E095C030FAAECCC607AEB7E9FA92E3FF1CF6EE796EE479123D51A95
                      SHA-512:61272C56EAB48B58320D5670FB5D0689829979E0A25BCA07D97E822BF006AA3AC10A4E95D597E57C011640078DC2200C66F814CB7531B821C764DCEDD4AC3FA5
                      Malicious:false
                      Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                      C:\Users\user\AppData\Local\Temp\acrocef_low\866f5670-ab06-405b-8015-a5e008ba6ee3.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                      Category:dropped
                      Size (bytes):1419751
                      Entropy (8bit):7.976496077007677
                      Encrypted:false
                      SSDEEP:24576:/xA7ouWLaGZ7wYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVuWLaGZ7wZGk3mlind9i4ufFXpAXkru
                      MD5:13F55292D0735B9ABD4259B225D210FC
                      SHA1:810CC5D545BFA11D2825F6E1DFA69176794DA7EC
                      SHA-256:8C3FFEA68963D108599E8C5AE20DE6E9C473BF33197A03A9A7DDCD0F25A6C7F6
                      SHA-512:4F54EDA9EB61172A5243DAA718CFF42A0BF079CC0FA7BE3553CC8B79772763B49F530DD6B54A9D595C4F46B8416ADF7D5C8DAD58FC43A5C651258E669DC375DA
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      C:\Users\user\AppData\Local\Temp\acrocef_low\8f3a7545-e83f-4382-93bb-aa27c6367c2f.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                      Category:dropped
                      Size (bytes):1407294
                      Entropy (8bit):7.97605879016224
                      Encrypted:false
                      SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                      MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                      SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                      SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                      SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      C:\Users\user\AppData\Local\Temp\acrocef_low\c7764d68-be00-4d8e-85fe-5903ddfe496d.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                      Category:dropped
                      Size (bytes):758601
                      Entropy (8bit):7.98639316555857
                      Encrypted:false
                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                      MD5:3A49135134665364308390AC398006F1
                      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                      Malicious:false
                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                      C:\Users\user\AppData\Local\Temp\acrocef_low\cb2a613a-e124-4890-b68b-c38a4f133cc1.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                      Category:dropped
                      Size (bytes):386528
                      Entropy (8bit):7.9736851559892425
                      Encrypted:false
                      SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                      MD5:5C48B0AD2FEF800949466AE872E1F1E2
                      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                      Malicious:false
                      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):24
                      Entropy (8bit):3.66829583405449
                      Encrypted:false
                      SSDEEP:3:So6FwHn:So6FwHn
                      MD5:DD4A3BD8B9FF61628346391EA9987E1D
                      SHA1:474076C122CACAAF112469FC62976BB69187AA2B
                      SHA-256:7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
                      SHA-512:FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
                      Malicious:false
                      Preview:<</Settings [/c <<>>].>>

                      Static File Info

                      General

                      File type:PDF document, version 1.7 (zip deflate encoded)
                      Entropy (8bit):7.795081950047265
                      TrID:
                      • Adobe Portable Document Format (5005/1) 100.00%
                      File name:fw9.pdf
                      File size:140'815 bytes
                      MD5:4e7f7065f6e4a526452ffacb0134bc50
                      SHA1:3c265a136ba7fa236cdfc7b8f8b7853ed6c63e08
                      SHA256:2d420cbb4123dcf1fb82595b2359cfbb5d81f00b9df9d359fcc7af361d093f53
                      SHA512:b2024cd63a5a9e3a2245b72c36bdfea1f083373b01e7e2acc3e5f264053ba6e3030073d5966dbc1f01f99c221dea28e1c24c8b9b44e1de812faa5d565e1c1df2
                      SSDEEP:3072:NZ99tHvNziv76ksxL+dugQh2h7nU/SQqwCe+l/OrHKq:NJtvNis9+dHQh6HQECHv
                      TLSH:8DD3E084570358E4D4534A60B72CB66ACAFF70E67ECC28077D8C06D64F41E93B6A86DB
                      File Content Preview:%PDF-1.7.%......1031 0 obj.<</Linearized 1/L 126744/O 1036/E 31275/N 6/T 126277/H [ 515 302]>>.endobj. ..1052 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<12253618B019F6419353B3C715534797><17D07252539C784A909EE21165D93

                      File Icon

                      Icon Hash:62cc8caeb29e8ae0

                      Static PDF Info

                      General

                      Header:%PDF-1.7
                      Total Entropy:7.795082
                      Total Bytes:140815
                      Stream Entropy:7.954572
                      Stream Bytes:116159
                      Entropy outside Streams:5.026620
                      Bytes outside Streams:24656
                      Number of EOF found:3
                      Bytes after EOF:

                      Keywords Statistics

                      NameCount
                      obj86
                      endobj86
                      stream76
                      endstream76
                      xref0
                      trailer0
                      startxref3
                      /Page6
                      /Encrypt0
                      /ObjStm17
                      /URI0
                      /JS0
                      /JavaScript0
                      /AA0
                      /OpenAction0
                      /AcroForm2
                      /JBIG2Decode0
                      /RichMedia0
                      /Launch0
                      /EmbeddedFile8

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Aug 28, 2024 22:44:44.262317896 CEST49747443192.168.2.423.41.168.139
                      Aug 28, 2024 22:44:44.262351036 CEST4434974723.41.168.139192.168.2.4
                      Aug 28, 2024 22:44:44.262407064 CEST49747443192.168.2.423.41.168.139
                      Aug 28, 2024 22:44:44.262543917 CEST49747443192.168.2.423.41.168.139
                      Aug 28, 2024 22:44:44.262556076 CEST4434974723.41.168.139192.168.2.4
                      Aug 28, 2024 22:44:44.853672981 CEST4434974723.41.168.139192.168.2.4
                      Aug 28, 2024 22:44:44.853965998 CEST49747443192.168.2.423.41.168.139
                      Aug 28, 2024 22:44:44.853987932 CEST4434974723.41.168.139192.168.2.4
                      Aug 28, 2024 22:44:44.855052948 CEST4434974723.41.168.139192.168.2.4
                      Aug 28, 2024 22:44:44.855108976 CEST49747443192.168.2.423.41.168.139
                      Aug 28, 2024 22:44:44.898556948 CEST49747443192.168.2.423.41.168.139
                      Aug 28, 2024 22:44:44.898616076 CEST4434974723.41.168.139192.168.2.4
                      Aug 28, 2024 22:44:44.898721933 CEST49747443192.168.2.423.41.168.139
                      Aug 28, 2024 22:44:44.898736954 CEST4434974723.41.168.139192.168.2.4
                      Aug 28, 2024 22:44:44.947184086 CEST49747443192.168.2.423.41.168.139
                      Aug 28, 2024 22:44:45.002908945 CEST4434974723.41.168.139192.168.2.4
                      Aug 28, 2024 22:44:45.002963066 CEST4434974723.41.168.139192.168.2.4
                      Aug 28, 2024 22:44:45.004578114 CEST49747443192.168.2.423.41.168.139
                      Aug 28, 2024 22:44:45.004590034 CEST4434974723.41.168.139192.168.2.4
                      Aug 28, 2024 22:44:45.004617929 CEST49747443192.168.2.423.41.168.139
                      Aug 28, 2024 22:44:45.006371021 CEST49747443192.168.2.423.41.168.139

                      HTTP Request Dependency Graph

                      • armmf.adobe.com

                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.44974723.41.168.1394437272C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      TimestampBytes transferredDirectionData
                      2024-08-28 20:44:44 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                      Host: armmf.adobe.com
                      Connection: keep-alive
                      Accept-Language: en-US,en;q=0.9
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                      Sec-Fetch-Site: same-origin
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      Accept-Encoding: gzip, deflate, br
                      If-None-Match: "78-5faa31cce96da"
                      If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                      2024-08-28 20:44:44 UTC198INHTTP/1.1 304 Not Modified
                      Content-Type: text/plain; charset=UTF-8
                      Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                      ETag: "78-5faa31cce96da"
                      Date: Wed, 28 Aug 2024 20:44:44 GMT
                      Connection: close


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:16:44:27
                      Start date:28/08/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\fw9.pdf"
                      Imagebase:0x7ff6bc1b0000
                      File size:5'641'176 bytes
                      MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:1
                      Start time:16:44:30
                      Start date:28/08/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                      Imagebase:0x7ff74bb60000
                      File size:3'581'912 bytes
                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:3
                      Start time:16:44:31
                      Start date:28/08/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2124 --field-trial-handle=1728,i,11959092004605783410,16645408253018436185,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                      Imagebase:0x7ff74bb60000
                      File size:3'581'912 bytes
                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      Disassembly

                      No disassembly