Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SO22050.pdf

Overview

General Information

Sample name:SO22050.pdf
Analysis ID:1528364
MD5:6c6cb3ec51f88433fa4132bca9ae4774
SHA1:141459b3e3285f0a01532a6994779369692f6808
SHA256:afc58e10864ca782457321dd6fbf55c21ad634669d28099703643931241073f1
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7420 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\SO22050.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7592 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7804 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1576,i,4393657273783783276,13465287127706588318,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 23.195.76.153:443 -> 192.168.2.4:49743
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 23.195.76.153:443 -> 192.168.2.4:49743
Source: global trafficTCP traffic: 23.195.76.153:443 -> 192.168.2.4:49743
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 23.195.76.153:443 -> 192.168.2.4:49743
Source: global trafficTCP traffic: 23.195.76.153:443 -> 192.168.2.4:49743
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 23.195.76.153:443 -> 192.168.2.4:49743
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 23.195.76.153:443 -> 192.168.2.4:49743
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 23.195.76.153:443 -> 192.168.2.4:49743
Source: global trafficTCP traffic: 23.195.76.153:443 -> 192.168.2.4:49743
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: global trafficTCP traffic: 23.195.76.153:443 -> 192.168.2.4:49743
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.195.76.153:443
Source: Joe Sandbox ViewIP Address: 23.195.76.153 23.195.76.153
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.76.153
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: classification engineClassification label: clean2.winPDF@14/45@1/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 14-50-25-155.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\SO22050.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1576,i,4393657273783783276,13465287127706588318,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1576,i,4393657273783783276,13465287127706588318,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: SO22050.pdfInitial sample: PDF keyword /JS count = 0
Source: SO22050.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: SO22050.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528364 Sample: SO22050.pdf Startdate: 07/10/2024 Architecture: WINDOWS Score: 2 14 x1.i.lencr.org 2->14 7 Acrobat.exe 18 70 2->7         started        process3 process4 9 AcroCEF.exe 106 7->9         started        process5 11 AcroCEF.exe 2 9->11         started        dnsIp6 16 23.195.76.153, 443, 49743 NTT-COMMUNICATIONS-2914US United States 11->16

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
    • URL Reputation: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    23.195.76.153
    		unknownUnited States
    		2914NTT-COMMUNICATIONS-2914USfalse

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1528364
    Start date and time:2024-10-07 20:49:30 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 4m 0s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowspdfcookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:11
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:SO22050.pdf
    Detection:CLEAN
    Classification:clean2.winPDF@14/45@1/1
    Cookbook Comments:
    • Found application associated with file extension: .pdf
    • Found PDF document
    • Close Viewer

    Warnings

    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.144.73.197, 34.193.227.236, 107.22.247.231, 18.207.85.246, 2.19.11.121, 2.19.11.122, 162.159.61.3, 172.64.41.3, 2.23.197.184, 2.16.100.168, 88.221.110.91, 2.19.126.149, 2.19.126.143
    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, a767.dspw65.akamai.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
    • Not all processes where analyzed, report is missing behavior information
    • VT rate limit hit for: SO22050.pdf

    Simulations

    Behavior and APIs

    TimeTypeDescription
    14:50:35API Interceptor3x Sleep call for process: AcroCEF.exe modified

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    23.195.76.153Contract_Agreement_Monday October 2024.pdfGet hashmaliciousUnknownBrowse
      Open 99 Restaurants Benefits Enrollment.pdfGet hashmaliciousHTMLPhisherBrowse
        DOC-72212087.pdfGet hashmaliciousHTMLPhisherBrowse
          [EXTERNAL] Complete with AdobeSignPDF_ Approve and Sign TRCOT.emlGet hashmaliciousUnknownBrowse
            Secured Doc-[uiC-22723].pdfGet hashmaliciousHTMLPhisherBrowse
              Secured Doc-[qnz-33059].pdfGet hashmaliciousHTMLPhisherBrowse

                Domains

                No context

                ASNs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                NTT-COMMUNICATIONS-2914US2UngC9fiGa.elfGet hashmaliciousMirai, OkiruBrowse
                • 209.69.97.28
                XvAqhy3FO6.elfGet hashmaliciousMirai, OkiruBrowse
                • 205.54.183.149
                Contract_Agreement_Monday October 2024.pdfGet hashmaliciousUnknownBrowse
                • 23.195.76.153
                x86.elfGet hashmaliciousMiraiBrowse
                • 206.86.202.118
                na.elfGet hashmaliciousMirai, OkiruBrowse
                • 205.24.240.88
                na.elfGet hashmaliciousMirai, OkiruBrowse
                • 206.239.51.236
                na.elfGet hashmaliciousMirai, OkiruBrowse
                • 206.163.104.103
                na.elfGet hashmaliciousMirai, OkiruBrowse
                • 205.53.193.253
                na.elfGet hashmaliciousMirai, OkiruBrowse
                • 204.156.18.61
                na.elfGet hashmaliciousMiraiBrowse
                • 206.86.219.242

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):292
                Entropy (8bit):5.186416473800347
                Encrypted:false
                SSDEEP:6:ncu2Aq2Pwkn2nKuAl9OmbnIFUt8ZFZZmw+ZFzkwOwkn2nKuAl9OmbjLJ:nccvYfHAahFUt8x/+r5JfHAaSJ
                MD5:B322369891DEAAA04A12B0A2BFE1399D
                SHA1:8B302C2AC7FC11EFAE0C886AA508BEB91626A2D9
                SHA-256:D2449F646F61D438CEA57BEEB89E6CF4240B0062A38BE1AA9358F8A207BC8926
                SHA-512:1C21EFA3D6B3023E5976A21F93A431B5416987A1EE7A768AB45340EE5656B91929EEE227F64BDE64510A4B49310F49907613BFE4DBA5619B638416015E9F7B76
                Malicious:false
                Reputation:low
                Preview:2024/10/07-14:50:22.949 1e60 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/07-14:50:22.950 1e60 Recovering log #3.2024/10/07-14:50:22.950 1e60 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):292
                Entropy (8bit):5.186416473800347
                Encrypted:false
                SSDEEP:6:ncu2Aq2Pwkn2nKuAl9OmbnIFUt8ZFZZmw+ZFzkwOwkn2nKuAl9OmbjLJ:nccvYfHAahFUt8x/+r5JfHAaSJ
                MD5:B322369891DEAAA04A12B0A2BFE1399D
                SHA1:8B302C2AC7FC11EFAE0C886AA508BEB91626A2D9
                SHA-256:D2449F646F61D438CEA57BEEB89E6CF4240B0062A38BE1AA9358F8A207BC8926
                SHA-512:1C21EFA3D6B3023E5976A21F93A431B5416987A1EE7A768AB45340EE5656B91929EEE227F64BDE64510A4B49310F49907613BFE4DBA5619B638416015E9F7B76
                Malicious:false
                Reputation:low
                Preview:2024/10/07-14:50:22.949 1e60 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/07-14:50:22.950 1e60 Recovering log #3.2024/10/07-14:50:22.950 1e60 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):336
                Entropy (8bit):5.161620784389257
                Encrypted:false
                SSDEEP:6:D+q2Pwkn2nKuAl9Ombzo2jMGIFUt88Zmw+GAnVkwOwkn2nKuAl9Ombzo2jMmLJ:D+vYfHAa8uFUt88/+GAnV5JfHAa8RJ
                MD5:8F28FD7D67875FEF8D5DF2591CE86532
                SHA1:D16D2658C99782219B8127D991FB220554E73688
                SHA-256:E2474DD57A21FCBDB33EA76187A28524D2C92887CB2B053B2515C08CA96AF44E
                SHA-512:CA70F052FF56B9CE0D2970366583C004A6A68C50245057684BF134D1C68B2512CBABEBF697E8CB051566CF44F5B86323D7925EB65ADCB607167E66597123168D
                Malicious:false
                Reputation:low
                Preview:2024/10/07-14:50:23.006 1e9c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/07-14:50:23.006 1e9c Recovering log #3.2024/10/07-14:50:23.007 1e9c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):336
                Entropy (8bit):5.161620784389257
                Encrypted:false
                SSDEEP:6:D+q2Pwkn2nKuAl9Ombzo2jMGIFUt88Zmw+GAnVkwOwkn2nKuAl9Ombzo2jMmLJ:D+vYfHAa8uFUt88/+GAnV5JfHAa8RJ
                MD5:8F28FD7D67875FEF8D5DF2591CE86532
                SHA1:D16D2658C99782219B8127D991FB220554E73688
                SHA-256:E2474DD57A21FCBDB33EA76187A28524D2C92887CB2B053B2515C08CA96AF44E
                SHA-512:CA70F052FF56B9CE0D2970366583C004A6A68C50245057684BF134D1C68B2512CBABEBF697E8CB051566CF44F5B86323D7925EB65ADCB607167E66597123168D
                Malicious:false
                Reputation:low
                Preview:2024/10/07-14:50:23.006 1e9c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/07-14:50:23.006 1e9c Recovering log #3.2024/10/07-14:50:23.007 1e9c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):475
                Entropy (8bit):4.966895279106768
                Encrypted:false
                SSDEEP:12:YH/um3RA8sqEEsBdOg2H7caq3QYiubInP7E4T3y:Y2sRdsJdMHC3QYhbG7nby
                MD5:C3AB201C4D00642195D8AE9729A9AF46
                SHA1:70BFD59BD366AF32BB9CF665C93D47F1EA088955
                SHA-256:88FA6E8A688FA37485A59121E95F0A49E55E7CA119F70B190378A10274EA3508
                SHA-512:585E4391D850CA7F6DC550E42B7FB2055C5C817EA307D01CAC9BEA4C98D665301816DDAFC320536D55F85A7BD9D3723FE01EB6C7456A35FDD4229BDEFCE6BED4
                Malicious:false
                Reputation:low
                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372887035551823","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":131400},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f56f97d9-4d95-4b9c-89c3-65a32da8a84e.tmp

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:JSON data
                Category:modified
                Size (bytes):475
                Entropy (8bit):4.966895279106768
                Encrypted:false
                SSDEEP:12:YH/um3RA8sqEEsBdOg2H7caq3QYiubInP7E4T3y:Y2sRdsJdMHC3QYhbG7nby
                MD5:C3AB201C4D00642195D8AE9729A9AF46
                SHA1:70BFD59BD366AF32BB9CF665C93D47F1EA088955
                SHA-256:88FA6E8A688FA37485A59121E95F0A49E55E7CA119F70B190378A10274EA3508
                SHA-512:585E4391D850CA7F6DC550E42B7FB2055C5C817EA307D01CAC9BEA4C98D665301816DDAFC320536D55F85A7BD9D3723FE01EB6C7456A35FDD4229BDEFCE6BED4
                Malicious:false
                Reputation:low
                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372887035551823","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":131400},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:data
                Category:dropped
                Size (bytes):4730
                Entropy (8bit):5.258932710055558
                Encrypted:false
                SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7lmiMZ:etJCV4FiN/jTN/2r8Mta02fEhgO73gom
                MD5:7E939939DEA66BEE14CF8C6770470DA8
                SHA1:F514F45743A48B3DC80CB20D58C21D8FCCFD4456
                SHA-256:047FCBB03EE0807130E99EE552B95E9118CF4CC586C3B74DB10541E67EE2611E
                SHA-512:BAE8E7AC0607CD9DB30A55F4F64FD9267D5681DF1D2FAF6A6875F384EC4B514D36EA2CF4DDD3A6237C474FE9CC976F10F533E0507581DC8F5B946A75A90970C3
                Malicious:false
                Reputation:low
                Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):324
                Entropy (8bit):5.19356303264519
                Encrypted:false
                SSDEEP:6:S+q2Pwkn2nKuAl9OmbzNMxIFUt87NZmw+7UEVkwOwkn2nKuAl9OmbzNMFLJ:S+vYfHAa8jFUt87N/+7UEV5JfHAa84J
                MD5:E3E9B295D99F0A1B947D6E5E2026E6C0
                SHA1:1A45AB5FEFC7F041F3D46D7C5C0FDB78E2D46F6F
                SHA-256:27EBD53DF7E7758CE47D47B0743215F45A978D7047BB8BF46691EB3440D04F3C
                SHA-512:2EC27F06D9BF2FB450D9D2863F374E6DFB4C8C665383F1EF0FA8B2EEC7B98C812A754EC7D7261F5D81E87F804CB467658E78D021CD2FA235256572023EAB6FCA
                Malicious:false
                Reputation:low
                Preview:2024/10/07-14:50:23.283 1e9c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/07-14:50:23.306 1e9c Recovering log #3.2024/10/07-14:50:23.313 1e9c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):324
                Entropy (8bit):5.19356303264519
                Encrypted:false
                SSDEEP:6:S+q2Pwkn2nKuAl9OmbzNMxIFUt87NZmw+7UEVkwOwkn2nKuAl9OmbzNMFLJ:S+vYfHAa8jFUt87N/+7UEV5JfHAa84J
                MD5:E3E9B295D99F0A1B947D6E5E2026E6C0
                SHA1:1A45AB5FEFC7F041F3D46D7C5C0FDB78E2D46F6F
                SHA-256:27EBD53DF7E7758CE47D47B0743215F45A978D7047BB8BF46691EB3440D04F3C
                SHA-512:2EC27F06D9BF2FB450D9D2863F374E6DFB4C8C665383F1EF0FA8B2EEC7B98C812A754EC7D7261F5D81E87F804CB467658E78D021CD2FA235256572023EAB6FCA
                Malicious:false
                Preview:2024/10/07-14:50:23.283 1e9c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/07-14:50:23.306 1e9c Recovering log #3.2024/10/07-14:50:23.313 1e9c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241007185027Z-153.bmp

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                Category:dropped
                Size (bytes):71190
                Entropy (8bit):1.795889615375272
                Encrypted:false
                SSDEEP:96:fgsjGxu2eBMJ9ctSFkC4u0WMMMMskrXMMJMM3vMNQRMdMMM7MM+BMnMM+2CWFNYk:IsjIJkhWFNYphe7zllBMgyQ8EwkAG
                MD5:A710D7C5040CEA7B761FF92E1EDB3D30
                SHA1:0FF887D8E30A0015E2FE4F10CC8F91F18044518F
                SHA-256:11A3C98B3BEF8610717E81C2687E1FD80100DDF0F5BE64644179DF6448211514
                SHA-512:9B998F75B54FD76A50DA5448662CF97B843CFAF4000D6EEC732154297F03FCBE39FD0891C714868DE4065913C385850E9DDB47B36202770568A900774C8CA4BE
                Malicious:false
                Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                Category:dropped
                Size (bytes):86016
                Entropy (8bit):4.445013763294882
                Encrypted:false
                SSDEEP:384:yezci5tWiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rZs3OazzU89UTTgUL
                MD5:2F768B62232B0080AB689B3DADA6A4CE
                SHA1:4521F33195F366D7C4F01E7B4C45B3D9981183D7
                SHA-256:BB23387340D0249B6A866EAFD63AF3F4180422017D2BC2D1F6DFE0CC3F688444
                SHA-512:5E647CEE24373C979983725DE29017E78686708C1FE3B069F0519657C01808DE93814BD0FD941DA85B7E486FE7900FBFFA949CCD3813D0D5BB58004C602A4835
                Malicious:false
                Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:SQLite Rollback Journal
                Category:dropped
                Size (bytes):8720
                Entropy (8bit):3.7725746879881186
                Encrypted:false
                SSDEEP:48:7MEp/E2ioyVDRioy9oWoy1Cwoy18aKOioy1noy1AYoy1Wioy1hioybioyaOoy1n8:7rpjuFFMXKQcWb9IVXEBodRBkR
                MD5:44649097F43955BA693D505031DEFE44
                SHA1:FB8A21B0EC366374DCDEB5E1263957788B1385A3
                SHA-256:13B96321CBD9A1A2DBCFDDDCEFB509C6E5CA4DE781F0761A0CCE7FF8EF158FF8
                SHA-512:9CFC9F5ED722D93CBCF91EAD7C11DCD54CA02B5B5DB723C44B46D2A208F4FF7A40D4B64B81722E7C25C5609D2BB610CE7288A3A375B0EFC78CC4BAF30AB51524
                Malicious:false
                Preview:.... .c.....dL.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:Certificate, Version=3
                Category:dropped
                Size (bytes):1391
                Entropy (8bit):7.705940075877404
                Encrypted:false
                SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                Malicious:false
                Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                Category:dropped
                Size (bytes):71954
                Entropy (8bit):7.996617769952133
                Encrypted:true
                SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                Malicious:false
                Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:data
                Category:dropped
                Size (bytes):192
                Entropy (8bit):2.7673182398396405
                Encrypted:false
                SSDEEP:3:kkFklu99+EvfllXlE/HT8kiNZNNX8RolJuRdxLlGB9lQRYwpDdt:kK399+9T8VNMa8RdWBwRd
                MD5:6F15C2F21B82BB67F6C348518573A4D5
                SHA1:343AAC09CA3FD64EB9AFFB4AD1977A92B7533255
                SHA-256:BCD41B552EE7652D45BBC2F4B162A796A53317BE19BB30FFB9602A30058DA8C7
                SHA-512:07A146B95CEA05E39861688AC15DAAB69C736A452D79D6C412D3A4C92BF7532FC8290E8679BE268F296A45920534CB65E43F81F4517752FEDF7D77DB65512D6C
                Malicious:false
                Preview:p...... .........7{.....(....................................................... ..........W.....z..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:data
                Category:modified
                Size (bytes):328
                Entropy (8bit):3.150184159866505
                Encrypted:false
                SSDEEP:6:kKlZ9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:WDnLNkPlE99SNxAhUe/3
                MD5:9566E46C03015EF43CE9FD3E62524D28
                SHA1:45A169A233AC8DE18DB71100B2CFD70B0C8A5F38
                SHA-256:394BAB834FD8459E0F1D6C8C77A58A9AE3E29CCFFABFEEF6B509CEACCF96FE49
                SHA-512:2F71C9B41CEFCDEF81B044A7369A0E0AFC867E2CABAD3C3DF8A7CB8366BAD241F8984C61793B6EA71BF649F4130B7DD3239C6893D77D02A55EEDFBABF868FD0A
                Malicious:false
                Preview:p...... ................(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:data
                Category:dropped
                Size (bytes):247234
                Entropy (8bit):3.3245480448633247
                Encrypted:false
                SSDEEP:1536:mKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqUrRo+RQn:TPClJ/3AYvYwglFo+RQn
                MD5:F7B75939ED43CD13BC5FA5A7E72C9C16
                SHA1:2FB9185CFEB8001598A301C83ECA9948420007ED
                SHA-256:2D50A4E5C21D7154373C0DF9DAF523FF54E48551510828BDD08D0E3B24125055
                SHA-512:E7AB73FFC3402C06D67410C52140A801A7FCBA9B8D248F6C6A069A31FB14437B347BB2973DE361B395E49E50A0A11E515F3E9EC1A73B568421B64E059B883758
                Malicious:false
                Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):295
                Entropy (8bit):5.368509096129614
                Encrypted:false
                SSDEEP:6:YEQXJ2HXS/6maHHVoZcg1vRcR0YGpWeoAvJM3g98kUwPeUkwRe9:YvXKXOBaWZc0vdWVGMbLUkee9
                MD5:4DC82F56A03B17B637B031EE2A408506
                SHA1:95CA40131DEA080418B2BE02CEF4D3F559371C05
                SHA-256:29C508131D11A94175AB2752DD008B52FEFB821B2DC2A665900CE04E50FEA655
                SHA-512:013E765593853644BCCF2FB3D4B7256F756D7BA531CDC413D0A04C9C4003C4E514B2DB8CC897D28AE97BF5A5708544C6C0F515D6030329EC3EAF20582F75AE2B
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"33670416-e19c-4437-a63d-9f1ccd0ef463","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728505633878,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):294
                Entropy (8bit):5.317087322353942
                Encrypted:false
                SSDEEP:6:YEQXJ2HXS/6maHHVoZcg1vRcR0YGpWeoAvJfBoTfXpnrPeUkwRe9:YvXKXOBaWZc0vdWVGWTfXcUkee9
                MD5:E4E2714362A4D9E6A4B20681CD1F2762
                SHA1:0C381F0DF2EB9B0F03D30C7E3295BD823DA76AA1
                SHA-256:08381B5E9BCC80E35E35185FA906EB7E0333ABAAA24C0FBFB72F5CE9E07EE6B8
                SHA-512:CCAF3799496FB635A863AED1C936B6C35AD062816F53B1E65DC98A1D5CFB561E1B86E0B449A2BE8CE906180F30B177A653970267B494DD8CF60335AA7414F3BE
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"33670416-e19c-4437-a63d-9f1ccd0ef463","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728505633878,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):294
                Entropy (8bit):5.295226237099209
                Encrypted:false
                SSDEEP:6:YEQXJ2HXS/6maHHVoZcg1vRcR0YGpWeoAvJfBD2G6UpnrPeUkwRe9:YvXKXOBaWZc0vdWVGR22cUkee9
                MD5:C8EDEA3A7B60D488278F015A21E715D2
                SHA1:370F7F71A57756F4E9901ABD3F18CE84121C655C
                SHA-256:2C3031037A250E2E8D822A12BBF551101639D14C9C4BE55E6D3E7386929431C8
                SHA-512:8AE21FF2595A4E64FEC336857C508AB0AB01C63BB6CABC589EAA0CAA744D248A128766DD0CD81EBBE6742D1864FE3CFD5E51545760EAA7CA35C53CAC2F563851
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"33670416-e19c-4437-a63d-9f1ccd0ef463","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728505633878,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):285
                Entropy (8bit):5.355700153546262
                Encrypted:false
                SSDEEP:6:YEQXJ2HXS/6maHHVoZcg1vRcR0YGpWeoAvJfPmwrPeUkwRe9:YvXKXOBaWZc0vdWVGH56Ukee9
                MD5:F18D2336EAEE1A049502029256DA409F
                SHA1:955DAA0F9A0187084FFE7751FEEE2737AC11CD31
                SHA-256:E0766C0357F4C5F4B774FBCE2745D62AA10B2FC39AAA0E934BF5114E98429B15
                SHA-512:B5C8112699C915E1A5FC53159B9FAF74C05ADAA8CFC39B39748A462BAC0CD71621DB393B16328731E754991592B0BD07C9ADFA641FBAB1BC4E118E4B4F8D4A8F
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"33670416-e19c-4437-a63d-9f1ccd0ef463","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728505633878,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1091
                Entropy (8bit):5.6906339954778815
                Encrypted:false
                SSDEEP:24:Yv6XOMWzvM6pLgE7cgD6SOGtnnl0RCmK8czOCYvSZ:Yvfphgs6SraAh8cvYKZ
                MD5:D09D2B12B5BCD0C4C984E1CE5C9E7DE6
                SHA1:8A3322FEB0F2E960AE3B1A177AAB71A55306A72A
                SHA-256:0395CE2773C7D91279174E2DBB750289C1AD9FFF4F0CFDD93BBCC6ACD163E777
                SHA-512:2604FFCDCA9FD2162F51A8F3280294F9E3A4CAC5C41119F382F47ECD4D3F716A6746999D2FF3EE2DE2F2FEE354B6BBF3881977A289BBD573DBF2FB59BE91194A
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"33670416-e19c-4437-a63d-9f1ccd0ef463","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728505633878,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_2","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"67a3a874-888f-4d96-9f3d-26e70c3e0be1","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgUERGIGZpbGVzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjoiUkdTMDM1MS1FTlUtQ2hhbGxlbmdlcjIifQ==","dataType":"ap

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1050
                Entropy (8bit):5.655721381992822
                Encrypted:false
                SSDEEP:24:Yv6XOMWzvMcVLgEF0c7sbnl0RCmK8czOCYHflEpwiVA:YvfFFg6sGAh8cvYHWpwZ
                MD5:997BB47E90CF2E0A296EC8FB089894A3
                SHA1:1686D885ED4F90509FDC1E30B8CF3F578FE250EF
                SHA-256:74899B79D9E1829E33C0CBEC5DEE939121C8AEC214DC248A0B58C7B94FEFC8E8
                SHA-512:BCF49C2CF0F74DDF9497A71804C2171FF49F94411D7AE04A9FC789F409699159BB3699531B941C9966209DE18E005B3E4BCFD2E93D3992FDEFC1B2ADF32DA2F4
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"33670416-e19c-4437-a63d-9f1ccd0ef463","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728505633878,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):292
                Entropy (8bit):5.305140177010225
                Encrypted:false
                SSDEEP:6:YEQXJ2HXS/6maHHVoZcg1vRcR0YGpWeoAvJfQ1rPeUkwRe9:YvXKXOBaWZc0vdWVGY16Ukee9
                MD5:B4D3506D9F16694C45793D3702711C40
                SHA1:3F1253AAB6441D44216BA7FB61382B9D99566B13
                SHA-256:D8036A1743EAF615F838268E70029B130FD618915AC8322A076628EC7CD0CCE6
                SHA-512:DDC3CC04353B97C7C10D6CA2DEE766FFCBF6C03CDFE903BC2A1FB45C578B0EB6B1A05E8A975A5178BB8BE08F92AA5EED059E139B2E140F8DFC619C4B1B060FA2
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"33670416-e19c-4437-a63d-9f1ccd0ef463","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728505633878,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1098
                Entropy (8bit):5.691509485831851
                Encrypted:false
                SSDEEP:24:Yv6XOMWzvMB2LgEFcs2SOGt0nl0RCmK8czOCUaBtCrfSZ:Yvfkogq2SrhAh8cvUgEmZ
                MD5:F22E49B171D1EC4925AA8456E3C4A7A7
                SHA1:209373D9CEC87F366648B8CB2E1ED18D58979F50
                SHA-256:55D1E822780C9C4A0536D75FE1620483BCDEE796B5312615CEBC465F929418BE
                SHA-512:1C1428FA554A99344BF24C9734D79E67E58AB1CFF92C54424E8181937D60B0D716F4541A2B97805E4A7DF0A73BED4BC2921CB4347B04BB57BA6A73753CA22AF2
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"33670416-e19c-4437-a63d-9f1ccd0ef463","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728505633878,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_0","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"abdf1d9d-2114-4953-95a6-4eed783b9872","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlR1cm4gc2Nhbm5lZCBwYXBlciBkb2N1bWVudHNcbmludG8gaW5zdGFudGx5IGVkaXRhYmxlIFBERnMuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNoYWxsZW5nZXIyIn0=","dataTy

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1164
                Entropy (8bit):5.702101869873709
                Encrypted:false
                SSDEEP:24:Yv6XOMWzvMBKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5A:Yvf0EgqprtrS5OZjSlwTmAfSKC
                MD5:968756136539E7D7E012AE94E7500708
                SHA1:480457AFEEE9D844A46F36E0AC5B44112654659F
                SHA-256:AF29585FD52E7A8294430ED791BF60C2B595F8AE2B20CBBBF937D1CDEEA1EC5D
                SHA-512:77AD494A52E7509E1D7C3D2C1A4BF2B8BCDEB280E47B3FC90BEA12B448C8B4105522FB6741F642E04D231A96F13F7605CB117302896A1A6178582DF601B4197F
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"33670416-e19c-4437-a63d-9f1ccd0ef463","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728505633878,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):289
                Entropy (8bit):5.3083097420073315
                Encrypted:false
                SSDEEP:6:YEQXJ2HXS/6maHHVoZcg1vRcR0YGpWeoAvJfYdPeUkwRe9:YvXKXOBaWZc0vdWVGg8Ukee9
                MD5:ED5B8FB3457551B5FBCDFD2EF9EB74CB
                SHA1:99FBCA711432CD72E79C7A8E961A055DFF4EF9C6
                SHA-256:C909F42EE85F48857905D624DA1657C98252A59DD1ADD3F95E531EC5D26609CB
                SHA-512:0E3763847DF68D555BF9AD4AD49E5A6523AC4AB16FA2DCF2014C4C21296AB52CE86ACC0C9447AA498A1E6A50F39905D31F985C31CDFF2D2572E0931905C34406
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"33670416-e19c-4437-a63d-9f1ccd0ef463","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728505633878,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1395
                Entropy (8bit):5.779065388093141
                Encrypted:false
                SSDEEP:24:Yv6XOMWzvMMrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNY:YvfbHgDv3W2aYQfgB5OUupHrQ9FJC
                MD5:D872A80D91D7C7385A551A67B1E7FEF2
                SHA1:ADDE2DF9B0E1934AA3E6326FBBA624CEB33B09EC
                SHA-256:87490E00E1617AACF37059599323940C8D70CBF6420873DEE99247C4EBEFC5D6
                SHA-512:F8C046AF6C0680E9E7DCD56B3D77F6FE4EC411F8195C73B819DFB747729FC56C3ED7F7B6B4615885A6B1B3CE3AF289C710AD2270E719B0ADBA8412D639986614
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"33670416-e19c-4437-a63d-9f1ccd0ef463","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728505633878,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):291
                Entropy (8bit):5.291799728052279
                Encrypted:false
                SSDEEP:6:YEQXJ2HXS/6maHHVoZcg1vRcR0YGpWeoAvJfbPtdPeUkwRe9:YvXKXOBaWZc0vdWVGDV8Ukee9
                MD5:DB2E7F7BDD6A772D1AC9C682B902A562
                SHA1:BC90367E6EF9B4AE5925418A05AEEA29AE419E8F
                SHA-256:11F8DB2701371B3F8FF6E2EEEAE54752273AB4436E8A4D04036DB8CE0B9FF337
                SHA-512:28EADB2C487785C27143CA102CEDDB5B11E009CECE67A7875968AE22601BC556C0DFE70CAFCB63176EE8302FFEF33ECB0978453ECF6734E170C7964DCBA39661
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"33670416-e19c-4437-a63d-9f1ccd0ef463","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728505633878,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):287
                Entropy (8bit):5.296251819316135
                Encrypted:false
                SSDEEP:6:YEQXJ2HXS/6maHHVoZcg1vRcR0YGpWeoAvJf21rPeUkwRe9:YvXKXOBaWZc0vdWVG+16Ukee9
                MD5:A2E64146840A28FCB30A54DE19A75420
                SHA1:D5668EDBC430C000EA11DE5C2097F7B29522D7EF
                SHA-256:3E34277C31E815802601E95A154A9B9BB49C552C316D3CE2032E6163C5402E82
                SHA-512:C50E193568D71EC2BE464AF85663831DF6338F292A6DB1503A06BDF3B4B32C66D2AAE68E65D48263C7E55DFC65F1514E578F974E55617D6E8A9F127322EBF933
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"33670416-e19c-4437-a63d-9f1ccd0ef463","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728505633878,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1054
                Entropy (8bit):5.667694799928944
                Encrypted:false
                SSDEEP:24:Yv6XOMWzvMmamXayLgE6cTg4QSOGtNaqnl0RCmK8czOC/CrfSZ:YvflBgSXQSrOAh8cv6mZ
                MD5:D71069F299B05E785B749EB34FDB883C
                SHA1:48EFB824DB552E67DCCA7F8609A7EC2B76D11FF5
                SHA-256:E89EB73099052012CA51D8C2BF4B6E49EC35BC417B0D706FE366D0EA0A96C8A7
                SHA-512:F205D197A122E197345123B916747429314AAD8F33D60F86F8D564343C8E2CD354A5981D954732F6A596D722810732B62AB841D86F3D6175D3AFB431F9A74A14
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"33670416-e19c-4437-a63d-9f1ccd0ef463","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728505633878,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_1","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"7fe39695-394c-4706-9b50-651e7499d428","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNoYWxsZW5nZXIyIn0=","dataType":"application\/json","encodingScheme":tru

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):286
                Entropy (8bit):5.2722368034238976
                Encrypted:false
                SSDEEP:6:YEQXJ2HXS/6maHHVoZcg1vRcR0YGpWeoAvJfshHHrPeUkwRe9:YvXKXOBaWZc0vdWVGUUUkee9
                MD5:89F7F226766F183E864B9734736B2A0F
                SHA1:66C7BC9BB7509C3FC5FDBF91F76967FCC02F2EE5
                SHA-256:BE7F1343EF99D26DB5B66B7B7511EB650D3B011F5D67ADD14AE12053DD332975
                SHA-512:382DFB5679804731F4B62EE6884A9E8375EB7937BAA5E9D383D2E8E2FD5CF0529EFEFDDCC46B76621DB8E7C2E85183F69EEC87065D4675CA89C0F935A05AD3B1
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"33670416-e19c-4437-a63d-9f1ccd0ef463","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728505633878,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):782
                Entropy (8bit):5.367694692176242
                Encrypted:false
                SSDEEP:12:YvXKXOBaWZc0vdWVGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWc:Yv6XOMWzvMx168CgEXX5kcIfANhZ
                MD5:6C3B2758C44BCED7830806FE73E3D29D
                SHA1:87CF1E93D6B4588AF25414C262426726CABF0F63
                SHA-256:7C7A90C3C1A70D11B56AF836B8156616B13616A3CCDD70B9F3126C2463348A8A
                SHA-512:C8DB58C5C97B2908E436046681E327FE11B2DEA82B73EECB347F3B8038EF0971DFDD4CAF3F01E36278B08FFA44DB644568236B9514FE00094983B63B520E8B27
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"33670416-e19c-4437-a63d-9f1ccd0ef463","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728505633878,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1728327028906}}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:data
                Category:dropped
                Size (bytes):4
                Entropy (8bit):0.8112781244591328
                Encrypted:false
                SSDEEP:3:e:e
                MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                Malicious:false
                Preview:....

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):2818
                Entropy (8bit):5.118088084369581
                Encrypted:false
                SSDEEP:48:Y55YHYrE6MLogBGpoE+djR/MU8jLso92M:s5YfVU4GpoE+dZN8jzT
                MD5:3040E880FD678A318B539B35FF23813F
                SHA1:FE3868ABD9AA744FEC4D37BB29B13E20F90C9938
                SHA-256:8D350B54ED0CD007AA9651B5BDBC09C6DC8EBA411CB716271142BCA943F091B9
                SHA-512:408B1999A9C311A3F9B7657BB37038A4765C3453FE87CECE4334ABFCDF0C1616F65AF617192E2A3AC86B94372005CC4727B7E22BF3FAFE4057EDE82BEE95F28B
                Malicious:false
                Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"451749381401984cae7989f02f63bda2","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1728327028000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"0113f742ef45c5063e1c5c7050ec4db7","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1728327028000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"a983cbe552ee114778582565558dcdb7","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1054,"ts":1728327028000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"7fef128f8116c243f0df8161e6bc7b61","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1091,"ts":1728327027000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"eba7b175a213c4c627d92a5fdac7e7de","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1098,"ts":1728327027000},{"id":"Edit_InApp_Aug2020","info":{"dg":"06c9eafbe1e9daf6e7c8ab224cae93af","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                Category:dropped
                Size (bytes):12288
                Entropy (8bit):1.1880621157658056
                Encrypted:false
                SSDEEP:48:TGufl2GL7msEHUUUUUUUU3SvR9H9vxFGiDIAEkGVvpz:lNVmswUUUUUUUU3+FGSIt3
                MD5:AABD48EC55C23BCA8AAD81B2D5FDBE39
                SHA1:6D595A2F267215A3925B957D9B2201AD4CC69DC9
                SHA-256:7625CDD2178CE66B9BE23FE82CB3B270EEDBB1BF6647747931A2B13EDF8374A8
                SHA-512:2AD64D3171F695ED5509FBEEF13835BF34118BC2F885C84DD074DBBB43095E8EBCE69931E7D62462F35DFAB6745F31C3BC45060191EC279ACADD12658A2307DF
                Malicious:false
                Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:SQLite Rollback Journal
                Category:dropped
                Size (bytes):8720
                Entropy (8bit):1.6069724001635906
                Encrypted:false
                SSDEEP:48:7MCKUUUUUUUUUUrvR9H9vxFGiDIAEkGVv+qFl2GL7msc:7qUUUUUUUUUUbFGSItcKVmsc
                MD5:644C57BF5D3E4B2904E2176656CF08C0
                SHA1:4ED076B152713A9219893C2543407EB4AB534B36
                SHA-256:01A7CDE52BC4DEF65EFB1638BCF64A0268B0878D954EBE0398B90C1BFDF279B0
                SHA-512:7973C7A2375C2E10F00757463032F9220B752A395F228B5254967F38B3841A351B12E4030E74C1F2C2473919F31CD2256F3F1F69AF5D27E95C84A2115EEBB453
                Malicious:false
                Preview:.... .c.......S.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\MSI862c5.LOG

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                Category:dropped
                Size (bytes):246
                Entropy (8bit):3.5162684137903053
                Encrypted:false
                SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8yQRqR5wlYH:Qw946cPbiOxDlbYnuRKTUlYH
                MD5:28E493972F32B9A7E627D76A2E26E880
                SHA1:1930FEFDAA9359120F44073741DB80505005EAE4
                SHA-256:27D048EC3A491F0031AC7CEF543E2D694834F262C9D8A2A06C036FA32166256E
                SHA-512:A8756B1C4FBD75AA53D5A53E21580D13AD3570EA3EE62A1C5A771FECC7A74359B31FE2B65FAC2F3569FC302E467B5F3FE0FC454EA5892F834912DB64FF202F07
                Malicious:false
                Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.7./.1.0./.2.0.2.4. . .1.4.:.5.0.:.3.0. .=.=.=.....

                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 14-50-25-155.log

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:ASCII text, with very long lines (393)
                Category:dropped
                Size (bytes):16525
                Entropy (8bit):5.345946398610936
                Encrypted:false
                SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                Malicious:false
                Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:ASCII text, with very long lines (393), with CRLF line terminators
                Category:dropped
                Size (bytes):15114
                Entropy (8bit):5.343251858056941
                Encrypted:false
                SSDEEP:384:MZLIj1ObdWeGFTm8zp3ibJ1kY7KfzbHZml0aok6sueirdY/WmhrpgfgtVLN8WhRH:UHp
                MD5:212FB298A2DE43BCAF3A5D0B4F4D91B4
                SHA1:D25B65CFCBFFDD347124A1C7D9FE4EC296C9437B
                SHA-256:30EEF31C40FD3F566DFBDD62FC31CCBC8F2FB988AB25594E81C3F202E5A26938
                SHA-512:43F50B177BBB0B8A7C71B1D5215EFE5F5355FBAB7BF44946141E3FCCEAFD7ACB96AF3EC04DFF2061BE7CB58BED466C48D2C135282FD754C64FD855BD40A8F08A
                Malicious:false
                Preview:SessionID=dcf2d375-a174-440b-8025-be5236898dc8.1728327025179 Timestamp=2024-10-07T14:50:25:179-0400 ThreadID=7584 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=dcf2d375-a174-440b-8025-be5236898dc8.1728327025179 Timestamp=2024-10-07T14:50:25:179-0400 ThreadID=7584 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=dcf2d375-a174-440b-8025-be5236898dc8.1728327025179 Timestamp=2024-10-07T14:50:25:180-0400 ThreadID=7584 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=dcf2d375-a174-440b-8025-be5236898dc8.1728327025179 Timestamp=2024-10-07T14:50:25:180-0400 ThreadID=7584 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=dcf2d375-a174-440b-8025-be5236898dc8.1728327025179 Timestamp=2024-10-07T14:50:25:180-0400 ThreadID=7584 Component=ngl-lib_NglAppLib Description="SetConf

                C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):29752
                Entropy (8bit):5.381606929867603
                Encrypted:false
                SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rl:5
                MD5:8AC217302E0DB8804CF6FA5D715E46FC
                SHA1:4DC155C11576AD04C5EE1E3CD0DF37DB3B4FB0E2
                SHA-256:591907CD2EB1A8F37279E99269A98C6D700960EF0749352CFF023FB6D87AD421
                SHA-512:B4406FACC72FFA5E9C30A99097E3F6A553B9DE8ED73F1C15A4B8654EE32222A1556DDE66B492FE0B4824E2C3191C44280943AAF3F55A7B2B931B4F1430B1292F
                Malicious:false
                Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                C:\Users\user\AppData\Local\Temp\acrocef_low\977a22a8-dc22-49db-83df-554e7e1367df.tmp

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                Category:dropped
                Size (bytes):386528
                Entropy (8bit):7.9736851559892425
                Encrypted:false
                SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                MD5:5C48B0AD2FEF800949466AE872E1F1E2
                SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                Malicious:false
                Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                C:\Users\user\AppData\Local\Temp\acrocef_low\9f316029-0602-48b4-8758-fb26a2c1ffa5.tmp

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                Category:dropped
                Size (bytes):1419751
                Entropy (8bit):7.976496077007677
                Encrypted:false
                SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                MD5:18E3D04537AF72FDBEB3760B2D10C80E
                SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                Malicious:false
                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                C:\Users\user\AppData\Local\Temp\acrocef_low\a3055df1-dae3-4c2e-b21b-1a88667d15b6.tmp

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                Category:dropped
                Size (bytes):758601
                Entropy (8bit):7.98639316555857
                Encrypted:false
                SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                MD5:3A49135134665364308390AC398006F1
                SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                Malicious:false
                Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                C:\Users\user\AppData\Local\Temp\acrocef_low\d1d0cefc-376a-4cb9-b8d6-ca0318e5c959.tmp

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                Category:dropped
                Size (bytes):1407294
                Entropy (8bit):7.97605879016224
                Encrypted:false
                SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                Malicious:false
                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                Static File Info

                General

                File type:PDF document, version 1.3, 1 pages
                Entropy (8bit):7.960745153520967
                TrID:
                • Adobe Portable Document Format (5005/1) 100.00%
                File name:SO22050.pdf
                File size:81'912 bytes
                MD5:6c6cb3ec51f88433fa4132bca9ae4774
                SHA1:141459b3e3285f0a01532a6994779369692f6808
                SHA256:afc58e10864ca782457321dd6fbf55c21ad634669d28099703643931241073f1
                SHA512:367218967bd0de5f7e1adc2beeb334d0eb63f11d331f3372bcc4927704d7521974a50a8b75b6a528a4ee443c0d5b35830ce0dda97753026b6128474db55c50f9
                SSDEEP:1536:kyQ3xnYFDprKd2rMJMxjp28eqrwH5IYhqPrjJ3ODM43:XQUDprKdux128e2wHXYpODM43
                TLSH:A3830279B48F49BEC28547F7FF6170D79E6EF246018E8181B4AC0D0F88CCDA1795A52A
                File Content Preview:%PDF-1.3..%..........1 0 obj..<<../Title (SIG_SalesOrderPrint)../Producer (ComponentOne C1Report)../CreationDate (D:20241007141642-04'00')../ModDate (D:20241007141642-04'00')..>>..endobj..2 0 obj..<<../Length 5000../Filter /FlateDecode..>>..stream..x.l...

                File Icon

                Icon Hash:62cc8caeb29e8ae0

                Static PDF Info

                General

                Header:%PDF-1.3
                Total Entropy:7.960745
                Total Bytes:81912
                Stream Entropy:7.969452
                Stream Bytes:79011
                Entropy outside Streams:5.347140
                Bytes outside Streams:2901
                Number of EOF found:1
                Bytes after EOF:

                Keywords Statistics

                NameCount
                obj23
                endobj23
                stream8
                endstream7
                xref1
                trailer1
                startxref1
                /Page1
                /Encrypt0
                /ObjStm0
                /URI0
                /JS0
                /JavaScript0
                /AA0
                /OpenAction0
                /AcroForm0
                /JBIG2Decode0
                /RichMedia0
                /Launch0
                /EmbeddedFile0

                Image Streams

                IDDHASHMD5Preview
                152200232765a705105d74b054b0d9afc74f86f84be4a0ab7c

                Network Behavior

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                Oct 7, 2024 20:50:36.664822102 CEST49743443192.168.2.423.195.76.153
                Oct 7, 2024 20:50:36.664859056 CEST4434974323.195.76.153192.168.2.4
                Oct 7, 2024 20:50:36.665338993 CEST49743443192.168.2.423.195.76.153
                Oct 7, 2024 20:50:36.667402029 CEST49743443192.168.2.423.195.76.153
                Oct 7, 2024 20:50:36.667413950 CEST4434974323.195.76.153192.168.2.4
                Oct 7, 2024 20:50:37.202195883 CEST4434974323.195.76.153192.168.2.4
                Oct 7, 2024 20:50:37.203336000 CEST49743443192.168.2.423.195.76.153
                Oct 7, 2024 20:50:37.203345060 CEST4434974323.195.76.153192.168.2.4
                Oct 7, 2024 20:50:37.206890106 CEST4434974323.195.76.153192.168.2.4
                Oct 7, 2024 20:50:37.207406044 CEST49743443192.168.2.423.195.76.153
                Oct 7, 2024 20:50:37.208971977 CEST49743443192.168.2.423.195.76.153
                Oct 7, 2024 20:50:37.209141970 CEST4434974323.195.76.153192.168.2.4
                Oct 7, 2024 20:50:37.209497929 CEST49743443192.168.2.423.195.76.153
                Oct 7, 2024 20:50:37.209505081 CEST4434974323.195.76.153192.168.2.4
                Oct 7, 2024 20:50:37.256467104 CEST49743443192.168.2.423.195.76.153
                Oct 7, 2024 20:50:37.304637909 CEST4434974323.195.76.153192.168.2.4
                Oct 7, 2024 20:50:37.304920912 CEST4434974323.195.76.153192.168.2.4
                Oct 7, 2024 20:50:37.305100918 CEST49743443192.168.2.423.195.76.153
                Oct 7, 2024 20:50:37.305310965 CEST49743443192.168.2.423.195.76.153
                Oct 7, 2024 20:50:37.305310965 CEST49743443192.168.2.423.195.76.153
                Oct 7, 2024 20:50:37.305330038 CEST4434974323.195.76.153192.168.2.4
                Oct 7, 2024 20:50:37.307406902 CEST49743443192.168.2.423.195.76.153

                UDP Packets

                TimestampSource PortDest PortSource IPDest IP
                Oct 7, 2024 20:50:36.274343967 CEST6198053192.168.2.41.1.1.1

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Oct 7, 2024 20:50:36.274343967 CEST192.168.2.41.1.1.10xfd54Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Oct 7, 2024 20:50:36.284389019 CEST1.1.1.1192.168.2.40xfd54No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

                HTTP Request Dependency Graph

                • armmf.adobe.com

                HTTPS Proxied Packets

                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                0192.168.2.44974323.195.76.1534437804C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                TimestampBytes transferredDirectionData
                2024-10-07 18:50:37 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                Host: armmf.adobe.com
                Connection: keep-alive
                Accept-Language: en-US,en;q=0.9
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                Sec-Fetch-Site: same-origin
                Sec-Fetch-Mode: no-cors
                Sec-Fetch-Dest: empty
                Accept-Encoding: gzip, deflate, br
                If-None-Match: "78-5faa31cce96da"
                If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                2024-10-07 18:50:37 UTC198INHTTP/1.1 304 Not Modified
                Content-Type: text/plain; charset=UTF-8
                Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                ETag: "78-5faa31cce96da"
                Date: Mon, 07 Oct 2024 18:50:37 GMT
                Connection: close


                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                High Level Behavior Distribution

                Click to dive into process behavior distribution

                Behavior

                Click to jump to process

                System Behavior

                General

                Target ID:0
                Start time:14:50:22
                Start date:07/10/2024
                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\SO22050.pdf"
                Imagebase:0x7ff6bc1b0000
                File size:5'641'176 bytes
                MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:1
                Start time:14:50:22
                Start date:07/10/2024
                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                Imagebase:0x7ff74bb60000
                File size:3'581'912 bytes
                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:3
                Start time:14:50:22
                Start date:07/10/2024
                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1576,i,4393657273783783276,13465287127706588318,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                Imagebase:0x7ff74bb60000
                File size:3'581'912 bytes
                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                Disassembly

                No disassembly