Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
526142.pdf

Overview

General Information

Sample name:526142.pdf
Analysis ID:1561508
MD5:bcea5bd8718053f4699a0c6b17481ca7
SHA1:7e037add42f3ec8835feadd9852c4550646bee7e
SHA256:d21711f4372dc7ac5aa7d124dbff9382cb3b35cb38d5a1b3c807bd2d414e46a1
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 3788 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\526142.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 1672 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7228 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2124 --field-trial-handle=1604,i,2889311111756859078,1169954142003541719,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.5:49715
Source: Joe Sandbox ViewIP Address: 52.5.13.197 52.5.13.197
Source: global trafficHTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01x-adobe-uuid: 89d789c4-e7e5-4f75-95a4-57139ab6811fx-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01x-adobe-uuid: 89d789c4-e7e5-4f75-95a4-57139ab6811fx-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: classification engineClassification label: clean2.winPDF@14/51@1/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-23 10-08-45-360.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\526142.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2124 --field-trial-handle=1604,i,2889311111756859078,1169954142003541719,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2124 --field-trial-handle=1604,i,2889311111756859078,1169954142003541719,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 526142.pdfInitial sample: PDF keyword /JS count = 0
Source: 526142.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: 526142.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1561508 Sample: 526142.pdf Startdate: 23/11/2024 Architecture: WINDOWS Score: 2 14 x1.i.lencr.org 2->14 16 bg.microsoft.map.fastly.net 2->16 7 Acrobat.exe 18 66 2->7         started        process3 process4 9 AcroCEF.exe 105 7->9         started        process5 11 AcroCEF.exe 4 9->11         started        dnsIp6 18 52.5.13.197, 443, 49715 AMAZON-AESUS United States 11->18

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
526142.pdf0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		high
    x1.i.lencr.org
    		unknown
    		unknownfalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
        		high

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        52.5.13.197
        		unknownUnited States
        		14618AMAZON-AESUSfalse

        General Information

        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1561508
        Start date and time:2024-11-23 16:07:47 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 4m 13s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowspdfcookbook.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:9
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:526142.pdf
        Detection:CLEAN
        Classification:clean2.winPDF@14/51@1/1
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        Cookbook Comments:
        • Found application associated with file extension: .pdf
        • Found PDF document
        • Close Viewer

        Warnings

        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 104.122.212.204, 172.64.41.3, 162.159.61.3, 107.22.247.231, 18.207.85.246, 54.144.73.197, 34.193.227.236, 23.195.39.65, 199.232.214.172, 2.20.40.170, 23.54.81.169, 23.54.81.176, 23.32.238.19, 2.19.198.192, 2.19.198.202, 23.32.238.49
        • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
        • VT rate limit hit for: 526142.pdf

        Simulations

        Behavior and APIs

        TimeTypeDescription
        10:08:53API Interceptor2x Sleep call for process: AcroCEF.exe modified

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        52.5.13.197f5dc5302-022c-8bef-7a8e-e20ea821f59b.emlGet hashmaliciousHTMLPhisherBrowse
          new.batGet hashmaliciousUnknownBrowse
            scan3762399_arleen@wcctxlaw.com.pdfGet hashmaliciousUnknownBrowse
              EERNI7eIS7.lnkGet hashmaliciousUnknownBrowse
                Camilla.Chua_Review_Salary147d1c0f-8d0d-4d8d-9d2d-d7e26c541d67_Vliio.pdfGet hashmaliciousUnknownBrowse
                  Oakville_Service_Update_d76b33a1-3420-40be-babd-e82e253ad25c.pdfGet hashmaliciousHTMLPhisherBrowse
                    Demande de proposition du CPE Les Coquins.pdfGet hashmaliciousUnknownBrowse
                      roba.txtGet hashmaliciousMeterpreter, ReflectiveLoaderBrowse
                        brayton HR Bulletin_270852_3BU4-ZSJO2U-JMY3.pdfGet hashmaliciousUnknownBrowse
                          original.emlGet hashmaliciousHtmlDropperBrowse

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            bg.microsoft.map.fastly.netdownload.ps1Get hashmaliciousUnknownBrowse
                            • 199.232.210.172
                            download.ps1Get hashmaliciousUnknownBrowse
                            • 146.75.30.172
                            download.ps1Get hashmaliciousUnknownBrowse
                            • 199.232.210.172
                            download.ps1Get hashmaliciousUnknownBrowse
                            • 199.232.214.172
                            download.ps1Get hashmaliciousUnknownBrowse
                            • 199.232.210.172
                            file.exeGet hashmaliciousCredential FlusherBrowse
                            • 199.232.214.172
                            LRkZCtzQ3.ps1Get hashmaliciousUnknownBrowse
                            • 199.232.210.172
                            file.exeGet hashmaliciousRedLine, SectopRATBrowse
                            • 199.232.214.172
                            filepdf.pdf.lnk.download.lnkGet hashmaliciousUnknownBrowse
                            • 199.232.214.172
                            VKXD1NsFdC.exeGet hashmaliciousScreenConnect ToolBrowse
                            • 199.232.210.172

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            AMAZON-AESUSyakuza.sh.elfGet hashmaliciousMiraiBrowse
                            • 34.199.29.152
                            8347392490280.pdfGet hashmaliciousKnowBe4, PDFPhishBrowse
                            • 3.228.211.141
                            PO #09465610_GQ 003745_SO-242000846.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                            • 44.221.84.105
                            https://www.cinehub.click/anusGet hashmaliciousUnknownBrowse
                            • 35.168.187.42
                            sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                            • 54.152.206.119
                            mpsl.elfGet hashmaliciousMirai, MoobotBrowse
                            • 54.157.73.127
                            m68k.elfGet hashmaliciousMirai, MoobotBrowse
                            • 54.60.193.181
                            arm7.elfGet hashmaliciousMirai, MoobotBrowse
                            • 54.209.182.232
                            x86.elfGet hashmaliciousMirai, MoobotBrowse
                            • 44.198.89.203
                            http://cdn.prod.website-files.com/65dccdc21b806b929439370e/66e00f5491860971b9b9ef25_80703488528.pdfGet hashmaliciousUnknownBrowse
                            • 52.202.204.11

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):291
                            Entropy (8bit):5.212341398023492
                            Encrypted:false
                            SSDEEP:6:HGbYgon+q2P92nKuAl9OmbnIFUt8YGbYgFWZmw+YGbYgoVkwO92nKuAl9OmbjLJ:N+v4HAahFUt87W/+eV5LHAaSJ
                            MD5:F771E855085585BE5E837E12EDAF1D47
                            SHA1:31E4FAF5976B5A73FCD99E54FED0E1EDA7518555
                            SHA-256:702B19D65B88E6D197A10592A320506DC61621E3FEE3EC4D98D9628654D3A57A
                            SHA-512:B403877BFAD5E3C2156BCB51DD9AC51D9BCC9DB617731DC93E6CC173C86E54ABCD650647FD126FB76BFADE48E3CF1CA7681F8CCEC4C72CA1A906E6A2A5DB098D
                            Malicious:false
                            Reputation:low
                            Preview:2024/11/23-10:08:43.161 65c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/23-10:08:43.170 65c Recovering log #3.2024/11/23-10:08:43.170 65c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):291
                            Entropy (8bit):5.212341398023492
                            Encrypted:false
                            SSDEEP:6:HGbYgon+q2P92nKuAl9OmbnIFUt8YGbYgFWZmw+YGbYgoVkwO92nKuAl9OmbjLJ:N+v4HAahFUt87W/+eV5LHAaSJ
                            MD5:F771E855085585BE5E837E12EDAF1D47
                            SHA1:31E4FAF5976B5A73FCD99E54FED0E1EDA7518555
                            SHA-256:702B19D65B88E6D197A10592A320506DC61621E3FEE3EC4D98D9628654D3A57A
                            SHA-512:B403877BFAD5E3C2156BCB51DD9AC51D9BCC9DB617731DC93E6CC173C86E54ABCD650647FD126FB76BFADE48E3CF1CA7681F8CCEC4C72CA1A906E6A2A5DB098D
                            Malicious:false
                            Reputation:low
                            Preview:2024/11/23-10:08:43.161 65c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/23-10:08:43.170 65c Recovering log #3.2024/11/23-10:08:43.170 65c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):338
                            Entropy (8bit):5.172427830171364
                            Encrypted:false
                            SSDEEP:6:HGboGRFlyq2P92nKuAl9Ombzo2jMGIFUt8YGbn/1Zmw+YGbflRkwO92nKuAl9OmT:DGFlyv4HAa8uFUt8t9/+TR5LHAa8RJ
                            MD5:FF5195EA285ABD3825A45D622EE73455
                            SHA1:3FC5B8466DD1EA055638F049ECC09A61028982CE
                            SHA-256:6F31009ABE77D3D00119FE1395D86A2C3D9BB60E6FFA0792453B6AF3861F5DE0
                            SHA-512:351AC0FF6BB7DBE7D3086CD6A6354FB1D84FF0F874ADD0E816A260479CCE4DCD33DE9A8D5CE1142D0508D18CD1C735FC160E2EF7F2CC3CA02EF392B38EB0C077
                            Malicious:false
                            Reputation:low
                            Preview:2024/11/23-10:08:44.177 1c74 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/23-10:08:44.236 1c74 Recovering log #3.2024/11/23-10:08:44.250 1c74 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):338
                            Entropy (8bit):5.172427830171364
                            Encrypted:false
                            SSDEEP:6:HGboGRFlyq2P92nKuAl9Ombzo2jMGIFUt8YGbn/1Zmw+YGbflRkwO92nKuAl9OmT:DGFlyv4HAa8uFUt8t9/+TR5LHAa8RJ
                            MD5:FF5195EA285ABD3825A45D622EE73455
                            SHA1:3FC5B8466DD1EA055638F049ECC09A61028982CE
                            SHA-256:6F31009ABE77D3D00119FE1395D86A2C3D9BB60E6FFA0792453B6AF3861F5DE0
                            SHA-512:351AC0FF6BB7DBE7D3086CD6A6354FB1D84FF0F874ADD0E816A260479CCE4DCD33DE9A8D5CE1142D0508D18CD1C735FC160E2EF7F2CC3CA02EF392B38EB0C077
                            Malicious:false
                            Reputation:low
                            Preview:2024/11/23-10:08:44.177 1c74 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/23-10:08:44.236 1c74 Recovering log #3.2024/11/23-10:08:44.250 1c74 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\2dac56fe-de7c-4089-82fd-e04d92c88755.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):508
                            Entropy (8bit):5.047195090775108
                            Encrypted:false
                            SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
                            MD5:70321A46A77A3C2465E2F031754B3E06
                            SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
                            SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
                            SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
                            Malicious:false
                            Reputation:moderate, very likely benign file
                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):508
                            Entropy (8bit):5.047195090775108
                            Encrypted:false
                            SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
                            MD5:70321A46A77A3C2465E2F031754B3E06
                            SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
                            SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
                            SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
                            Malicious:false
                            Reputation:moderate, very likely benign file
                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF53e57a.TMP (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):508
                            Entropy (8bit):5.047195090775108
                            Encrypted:false
                            SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
                            MD5:70321A46A77A3C2465E2F031754B3E06
                            SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
                            SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
                            SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
                            Malicious:false
                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f4a8553e-0452-4de3-b017-d600c776dc1b.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:JSON data
                            Category:modified
                            Size (bytes):508
                            Entropy (8bit):5.0408758415743256
                            Encrypted:false
                            SSDEEP:12:YH/um3RA8sqGTBEBsBdOg2H2caq3QYiubxnP7E4TfF+:Y2sRdsvESdMHJ3QYhbxP7np+
                            MD5:43C2AA883FA585D6693C9C6A784687D9
                            SHA1:44B53D933A2D7D3F11321D09ABB497AA5E9AB468
                            SHA-256:5228AA9F7329EC4B82CBD9937894A659E0034DFAAC52A243FBC43870310B9D19
                            SHA-512:F860E40798E525B3D6EB5A1172C8BB9E5B0B6E6428A17FE1F2A24B4D8881110CDF93A3DC4D0DB8B79151A97A31B842DED6C9CE864E488D92AF691E95C4ACBB14
                            Malicious:false
                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13376934531518389","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":613185},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):4509
                            Entropy (8bit):5.237163311665225
                            Encrypted:false
                            SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUfoHd9d9Bg5Z:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLQ
                            MD5:40C93D918F92743CFF3CD44EF86169F2
                            SHA1:29F9B7A31B1D7061C016068B7A55CC49E3B8424D
                            SHA-256:348BD10FFB1B0008F9E4E1BC95D56ED61379BCBA82369FE2157E9349AE7E9737
                            SHA-512:1681EE2A9553076C74CD03CFDFC4637A3D1F2AF8C39FF6E0E2AA73DC94A25A644432A97F328F9128FE42C9E340F762C6DE2C3A5A5D9109778E173466942B1367
                            Malicious:false
                            Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):326
                            Entropy (8bit):5.195992406516918
                            Encrypted:false
                            SSDEEP:6:HGbjz9+q2P92nKuAl9OmbzNMxIFUt8YGbhJZmw+YGb6N9VkwO92nKuAl9OmbzNMT:e4v4HAa8jFUt8rJ/+sND5LHAa84J
                            MD5:56860A1AB7D9B3EF4BEEFAF63247EBC8
                            SHA1:AE83F094CC0FFC1DB7D2959838BF7977DD1682BB
                            SHA-256:CF3F4055AF60202DDDE068AA3647D73A6D101E5F72A597BC7A59F54D6D358313
                            SHA-512:0FB262685A8BF08AA20F70514D97457BA786BA3563528DEFA757804042D0F74CE51F40F41035458C7D90AEDD4080BF47BA98506250671B6BC474D6584006AFE3
                            Malicious:false
                            Preview:2024/11/23-10:08:44.237 1c68 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/23-10:08:44.271 1c68 Recovering log #3.2024/11/23-10:08:44.298 1c68 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):326
                            Entropy (8bit):5.195992406516918
                            Encrypted:false
                            SSDEEP:6:HGbjz9+q2P92nKuAl9OmbzNMxIFUt8YGbhJZmw+YGb6N9VkwO92nKuAl9OmbzNMT:e4v4HAa8jFUt8rJ/+sND5LHAa84J
                            MD5:56860A1AB7D9B3EF4BEEFAF63247EBC8
                            SHA1:AE83F094CC0FFC1DB7D2959838BF7977DD1682BB
                            SHA-256:CF3F4055AF60202DDDE068AA3647D73A6D101E5F72A597BC7A59F54D6D358313
                            SHA-512:0FB262685A8BF08AA20F70514D97457BA786BA3563528DEFA757804042D0F74CE51F40F41035458C7D90AEDD4080BF47BA98506250671B6BC474D6584006AFE3
                            Malicious:false
                            Preview:2024/11/23-10:08:44.237 1c68 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/23-10:08:44.271 1c68 Recovering log #3.2024/11/23-10:08:44.298 1c68 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241123150847Z-164.bmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PC bitmap, Windows 3.x format, 164 x -115 x 32, cbSize 75494, bits offset 54
                            Category:dropped
                            Size (bytes):75494
                            Entropy (8bit):2.722520808584132
                            Encrypted:false
                            SSDEEP:1536:W0vSEBGC4AKR6SX77nGdej19sDZr09WzNA1ErTgnEjREAkpNNtIc6bA6iQU1bcnG:JSEcefw
                            MD5:5F1FFB5742EF94638858F6DAAECF3BA3
                            SHA1:B6B458FA7D19E44741D24E2DA3C16EB1B399E662
                            SHA-256:53BF7E37DE1A651529EB0B0DEB99F6B516F781D91EE0EC9AB3DBFA20D3730C27
                            SHA-512:F55ABAFEEC7F90B7CE57C5024FD2D8FAAB31AF930F73BFA065A3583B90CE6FD79D2D32C85C16B5343C0B9DC8858292412187FCAC5FD383537AC4283D20852AB8
                            Malicious:false
                            Preview:BM.&......6...(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:Certificate, Version=3
                            Category:dropped
                            Size (bytes):1391
                            Entropy (8bit):7.705940075877404
                            Encrypted:false
                            SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                            MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                            SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                            SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                            SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                            Malicious:false
                            Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                            Category:dropped
                            Size (bytes):71954
                            Entropy (8bit):7.996617769952133
                            Encrypted:true
                            SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                            MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                            SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                            SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                            SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                            Malicious:false
                            Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):192
                            Entropy (8bit):2.7895108629891827
                            Encrypted:false
                            SSDEEP:3:kkFkl2jEY+kXfllXlE/HT8ki6z1NNX8RolJuRdxLlGB9lQRYwpDdt:kKvjEY6T8W3NMa8RdWBwRd
                            MD5:5A385A854D6865B9B00F32074623037D
                            SHA1:15F6A5BA05D10BB03911A7E34D6D7908C0B93A88
                            SHA-256:494C50987C63601AD3DC9B7F2E26CC34B760DB1AFCE9E61E0751B4206FF727E2
                            SHA-512:AA27D5ED00CEB6DA4859DBEDB2C4BD68222A0FE8E37E27F370D3EFA1F2DF41FA8222A473B13CC0B0F06CEE13ADF147179C1245D37D13ABF658120F20BB55C663
                            Malicious:false
                            Preview:p...... .........FD..=..(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:data
                            Category:modified
                            Size (bytes):328
                            Entropy (8bit):3.2539954282295116
                            Encrypted:false
                            SSDEEP:6:kKR4+EF9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:J42DImsLNkPlE99SNxAhUe/3
                            MD5:7E1183E25CB1CCE2DF4DB7DC1D130B16
                            SHA1:E8AD92AD4EFEBC7A3EB2FD5DC3694779CB69DB65
                            SHA-256:5472D4D6A316CD05AA5D21ABA663E443D198BB16E2493D5C428E27185DB6CA33
                            SHA-512:1228A8335FA7108B70868113C933970C37DDB24353CF8BB3247ACD863AF8F11CD644DA13DE2069FF0EB9177F8A69C0F325EE0F0446C108ACD05A536EFF8D37A6
                            Malicious:false
                            Preview:p...... ........`.9..=..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PostScript document text
                            Category:dropped
                            Size (bytes):1233
                            Entropy (8bit):5.233980037532449
                            Encrypted:false
                            SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                            MD5:8BA9D8BEBA42C23A5DB405994B54903F
                            SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                            SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                            SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                            Malicious:false
                            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2276

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PostScript document text
                            Category:dropped
                            Size (bytes):1233
                            Entropy (8bit):5.233980037532449
                            Encrypted:false
                            SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                            MD5:8BA9D8BEBA42C23A5DB405994B54903F
                            SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                            SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                            SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                            Malicious:false
                            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PostScript document text
                            Category:dropped
                            Size (bytes):1233
                            Entropy (8bit):5.233980037532449
                            Encrypted:false
                            SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                            MD5:8BA9D8BEBA42C23A5DB405994B54903F
                            SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                            SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                            SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                            Malicious:false
                            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PostScript document text
                            Category:dropped
                            Size (bytes):10880
                            Entropy (8bit):5.214360287289079
                            Encrypted:false
                            SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                            MD5:B60EE534029885BD6DECA42D1263BDC0
                            SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                            SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                            SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                            Malicious:false
                            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.2276

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PostScript document text
                            Category:dropped
                            Size (bytes):10880
                            Entropy (8bit):5.214360287289079
                            Encrypted:false
                            SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                            MD5:B60EE534029885BD6DECA42D1263BDC0
                            SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                            SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                            SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                            Malicious:false
                            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):228346
                            Entropy (8bit):3.3890581331110528
                            Encrypted:false
                            SSDEEP:1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgf/rRoL+sn:DPCaJ/3AYvYwgXFoL+sn
                            MD5:BAE090D23B1C0D4F6DC247F0080D349E
                            SHA1:8A7AAD52A54F9A3CCEF3CE323F6BBD5B2B530461
                            SHA-256:D7D3096317CF32DBEDF75D85390FE89A96170D44C09B2F6D164036064F506AE3
                            SHA-512:208136EBA10544EA5EADA1C32EADFD8066047A9D851FF95BADF9938D40AFA1771003C2725DB8C78991E700C73FA2FC3C9F3CC3712B3332E4CF6F8DDE0E539130
                            Malicious:false
                            Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):295
                            Entropy (8bit):5.3331574137741065
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HX3HH8vzbgnox+FIbRI6XVW7+0YwBqoAvJM3g98kUwPeUkwRe9:YvXKX3HH8/UYpW77GMbLUkee9
                            MD5:16AEA08C5F565D15EBF6EE3B9A96E3F6
                            SHA1:1A92EE9D3A9A0009392DF3B1DF3C4A666AF998B2
                            SHA-256:D6081C6CC788A64A9D4C2961D8F1855108C12C243858821B3C0E1866AB3E071C
                            SHA-512:D3E4ED5F214C0E4E90D8EA5AE55D01968D87C9BD520C574A31D339D9A95EF4DB5E45581A84680B2BA2864090EE91F5C346CA3F59B111858E66C6B7FBD7D02BDD
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"a34b2203-9d4e-400d-a1a8-68bc5cd741a9","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732547708974,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):294
                            Entropy (8bit):5.2736764172622
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HX3HH8vzbgnox+FIbRI6XVW7+0YwBqoAvJfBoTfXpnrPeUkwRe9:YvXKX3HH8/UYpW77GWTfXcUkee9
                            MD5:881F0FE1E2139F3A857A13D1C7240C78
                            SHA1:2407DC1FB7D4FE72CE62A822100FD3C54BF55D12
                            SHA-256:977A64CEFC182DF226A8A682E9D018006D324BBD5674AA60FE55E0ACEC699D35
                            SHA-512:A0CAEEF3D48FE04D9D808424AD1600A37C545A1D04C4536885918CC6D64837EEDE68852F0EF5D132FC641681EFD3D14CE669FF059EECD1924B0EF272C6D2BDB9
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"a34b2203-9d4e-400d-a1a8-68bc5cd741a9","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732547708974,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):294
                            Entropy (8bit):5.251935912620008
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HX3HH8vzbgnox+FIbRI6XVW7+0YwBqoAvJfBD2G6UpnrPeUkwRe9:YvXKX3HH8/UYpW77GR22cUkee9
                            MD5:3B120C22BFC111451C19D3462891E30B
                            SHA1:20E145D60CE21A584CA32757CCCD8A2C405419FD
                            SHA-256:BB07EF8E4E3FF038D279AEEC80FC118E1DBE9A5CA55339DE12DF99DA026B30E0
                            SHA-512:3BBECD5C92AB7F33A621709B978CF3B873D86728D730F537BE7DE747F8BDFD3DAE2C5BA9445703C79959C57590E0C714305029ED2C86E551CC1BE21E2131FDA3
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"a34b2203-9d4e-400d-a1a8-68bc5cd741a9","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732547708974,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):285
                            Entropy (8bit):5.31099043274232
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HX3HH8vzbgnox+FIbRI6XVW7+0YwBqoAvJfPmwrPeUkwRe9:YvXKX3HH8/UYpW77GH56Ukee9
                            MD5:433F9F340E79F421F5C2D9BD16FED65C
                            SHA1:B064E79C197F5DC7FD6B6A1BB708B8662C62638A
                            SHA-256:D3D5EE809D181202D11A2C605AAC9E10C36AEEF1DB73F909D50115F15DF3D343
                            SHA-512:BBCBB1D39B2FE577755A10661749941EDBC25DE4ACF999F8952C662AF525AA174C47FE7F4350555E8E40DB0D49823891012F6B0C2725ACADD3502EA22C55FAB3
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"a34b2203-9d4e-400d-a1a8-68bc5cd741a9","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732547708974,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1123
                            Entropy (8bit):5.684475618843179
                            Encrypted:false
                            SSDEEP:24:Yv6X3HcFiQpLgE9cQx8LennAvzBvkn0RCmK8czOCCSa1:YvaHvQhgy6SAFv5Ah8cv/U
                            MD5:3E769EEEF0B509C0A2B37CE5F1F8EF4D
                            SHA1:3E9C821AEE67BE7E34FC92E261945506F28BCBDC
                            SHA-256:9A13BC74193B410073560A991C03C46F8F837668C06A8132190D1D67A21C4946
                            SHA-512:2855B3F6C488E37C06A267E4B911A14FCEF9BC7764BA9D15B0FD75243C1A03BA138906B9F7FAAF487AFA96DF12FCF8C7ECA1B11AC9E5A25BBD88D1DCF8C9F096
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"a34b2203-9d4e-400d-a1a8-68bc5cd741a9","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732547708974,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1122
                            Entropy (8bit):5.674584453824554
                            Encrypted:false
                            SSDEEP:24:Yv6X3HcFiCVLgEwcp06ybnAvz7xHn0RCmK8czOCYHfl8zdBU:YvaHvCFgSNycJUAh8cvYH7
                            MD5:74E0F312D8075A5C7E02C9A1213A5AF1
                            SHA1:9DAA7706B0C203EED2D3D9946DCCFD35B55DC7F6
                            SHA-256:8F139727643F5BC2CFC936CB70EDDEB7C2F09DCB624F53CE3D2C437B3D479A61
                            SHA-512:CF748F9BA5CC0859ED69DD52F9939D1ADED774C2AC2C92BE172541277AB7333610B9ED28958B691D35D229C74A192727EBBF85AA0D6769791EEA9FAF3680D7DD
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"a34b2203-9d4e-400d-a1a8-68bc5cd741a9","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732547708974,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_0","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"1aad653c-ef44-43f7-be1c-3a2ba2cf2cfc","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuIFBERiBmb3JtcyAmIGFncmVlbWVudHMuIn0sInRjY

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):292
                            Entropy (8bit):5.256529651342355
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HX3HH8vzbgnox+FIbRI6XVW7+0YwBqoAvJfQ1rPeUkwRe9:YvXKX3HH8/UYpW77GY16Ukee9
                            MD5:097BE97F177B6834212581BB1673CED8
                            SHA1:91E7B905CBD414DB1B16B0680A23FF5246AE57A4
                            SHA-256:66DBF3125B308220BD54B608C9377D5A9FDFC06CD0DCF3F62FBB28189E62BF5F
                            SHA-512:5F5FACE34F3C180F4E54B866CF8A387097872582EB9986FA8BF85DB38D629F21B6AA140C4B8A07FB0F60B0C769A2CE4D672CFEB239CBD1A88BF570AD456BBF11
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"a34b2203-9d4e-400d-a1a8-68bc5cd741a9","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732547708974,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1102
                            Entropy (8bit):5.667125069313394
                            Encrypted:false
                            SSDEEP:24:Yv6X3HcFiv2LgErcXWl7y0nAvzIBcSJCBViVU:YvaHvvogH47yfkB5kVF
                            MD5:861734B036B94E15C7FA7C7501D4896D
                            SHA1:990EC4B0BB8327C9EFAB29A622A9C497EC71FFB6
                            SHA-256:A7EA0078AF52BD8EA8EE07945FAFDF0FED31A8343C647A69DAF5A718C120F22E
                            SHA-512:87D2D638645673B837BC4F33DEA910C45CA9111EEDB1A4DE57A4A63DE3DB27E597A925ED402029836484CAAAD58C26212597FEFE70C62F84796F097B9DB6A2A3
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"a34b2203-9d4e-400d-a1a8-68bc5cd741a9","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732547708974,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_1","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"533ab5eb-b236-4889-89a5-ac002261d71e","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkVkaXRQREZSZHJBcHBGdWxsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTRweCIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTJweCIsImZvbnRfc3R5bGUiOiItMSJ9LCJ0aXRsZSI6bnVsbCwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiJ9LCJ0Y2F0SWQiOm51bGx9","da

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1164
                            Entropy (8bit):5.691413113382768
                            Encrypted:false
                            SSDEEP:24:Yv6X3HcFiDKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5U:YvaHvDEgqprtrS5OZjSlwTmAfSKC
                            MD5:8C52119D6C3EA22C1F6330BE61D29DA3
                            SHA1:ABFFB632881748182919B630AB58B8ABF2E7D3F1
                            SHA-256:BC5050F9A7FCC0A966D26E5A6A721D508DCF4DA32FB3641283A16330AE55F51F
                            SHA-512:D3090F14064B1BAAC2499C14BDA279472411E6DF01665FC262892A47BD64EAA948718028FE516E945CFEDD7C295279A101C27611C295AA0FC617401129116156
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"a34b2203-9d4e-400d-a1a8-68bc5cd741a9","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732547708974,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):289
                            Entropy (8bit):5.26249577583672
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HX3HH8vzbgnox+FIbRI6XVW7+0YwBqoAvJfYdPeUkwRe9:YvXKX3HH8/UYpW77Gg8Ukee9
                            MD5:888D62FF705A1D624E29CE4851ED0512
                            SHA1:B09FE60A1EB402272D38396B7DF526A1A58F4DB5
                            SHA-256:91105DB30EC22EC73DEE0292282559FC44107BC8D314ECEA07E6FD6A83270E34
                            SHA-512:1075EF1118B1393CF251C55B7757AF4A08159C4B8E418B8E82F40ACC6F674715A97BD9D4D41599F7444A9D9BD0CDF0AF77B4DFE123824C25410032F3B07051E9
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"a34b2203-9d4e-400d-a1a8-68bc5cd741a9","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732547708974,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):284
                            Entropy (8bit):5.247885863022916
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HX3HH8vzbgnox+FIbRI6XVW7+0YwBqoAvJf+dPeUkwRe9:YvXKX3HH8/UYpW77G28Ukee9
                            MD5:9C3D3DADFC5618AF7021D5FE94909CD0
                            SHA1:6A30A392A6DA5C326833A27A504F47989A4794C0
                            SHA-256:9594C1684B74CD2734E603AF3F08050BFF6C300DD3D4B34542EF183F30782B08
                            SHA-512:3F5C699CEBD64011FB9F76C1682E79BFD77DEFABD68BE602B2B3D0937B15B3D65F76F4287399B6AAC09100209B4534B04E8ECFAD2210F54A88874EE0F4715582
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"a34b2203-9d4e-400d-a1a8-68bc5cd741a9","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732547708974,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):291
                            Entropy (8bit):5.246300634501396
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HX3HH8vzbgnox+FIbRI6XVW7+0YwBqoAvJfbPtdPeUkwRe9:YvXKX3HH8/UYpW77GDV8Ukee9
                            MD5:E1083BEAF4B3F2CDAFAE77CCECE88484
                            SHA1:B9BA7DB14A1FCD9881E9E53CAD74951B27CFC9A0
                            SHA-256:953BF1790AC77F5954CEE8AFC0B5BC1219F78F6465C0DB03F6742A8550CE18F6
                            SHA-512:6D67E7AD067E81292B46F4AF8983AEBC00DED92171516168361733BEB8BCCAD87408651D96D25F70EB5C5444BA0DB16AA535CD3A9C61FFD7ADAD3D35799D83C3
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"a34b2203-9d4e-400d-a1a8-68bc5cd741a9","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732547708974,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):287
                            Entropy (8bit):5.248030016068798
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HX3HH8vzbgnox+FIbRI6XVW7+0YwBqoAvJf21rPeUkwRe9:YvXKX3HH8/UYpW77G+16Ukee9
                            MD5:EAC1D3378919778070DEAE3062A2BFE2
                            SHA1:2E7DD5FC9E53934A0C77459BE73A24E7CE5D3913
                            SHA-256:9F538F799724B98968416C7AE40AE5CB054FCA27A903F926ACD3BC8DF4D6ECCC
                            SHA-512:270EBE7A40F1EB0ABC1C97916F1D0485CE76CD0E151068B575A6F650BFC8B2CC70BE0548DB659B242BD9271A3CD7287DD1C95DA51D5B3C7ECBA1765F6C9DAAB0
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"a34b2203-9d4e-400d-a1a8-68bc5cd741a9","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732547708974,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1090
                            Entropy (8bit):5.656399206297789
                            Encrypted:false
                            SSDEEP:24:Yv6X3HcFiUamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSa1:YvaHvSBgkDMUJUAh8cvMU
                            MD5:1879261C6508613B7D03CBB081B971A1
                            SHA1:047CEBE454B669F5712052E9ADFEC75861398206
                            SHA-256:39E3DC4166B6D63058B0819229DC40D0F0D9C8F72DD708EA69ED9E597FE3A066
                            SHA-512:97BE345F936BE9F9E7A77545FB29890779442CB29D81865231BEB4EC720299B40EEC6702618B68176B40EF5F53A68685FD2370C6E73BDB9F11CCD6757ED4BC08
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"a34b2203-9d4e-400d-a1a8-68bc5cd741a9","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732547708974,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):286
                            Entropy (8bit):5.220796343302674
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HX3HH8vzbgnox+FIbRI6XVW7+0YwBqoAvJfshHHrPeUkwRe9:YvXKX3HH8/UYpW77GUUUkee9
                            MD5:2437054294D167FF46CE9ED29ACB26E6
                            SHA1:E3B663A61A3C028227DDB2771ECB87EC2545967D
                            SHA-256:8DF944C26D3819296880A0AE921976BD1C008DBF70C11BD215958D787544649A
                            SHA-512:2475845B637151135CCF201710529AA6DED607DDA5C6C6D135F64BE10C8463D75F6A375C42B4E82B7BDE54D485AF2C283B5CF302973A4F44A2214DF9A63498CE
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"a34b2203-9d4e-400d-a1a8-68bc5cd741a9","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732547708974,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):782
                            Entropy (8bit):5.353737367116949
                            Encrypted:false
                            SSDEEP:12:YvXKX3HH8/UYpW77GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWz1:Yv6X3HcFib168CgEXX5kcIfANha1
                            MD5:8D4604BE9462A40E36E0850EE72F510B
                            SHA1:5ED943AA138103AA7E67D7C10C9DFB9328EA9B1E
                            SHA-256:10B5B1A931E3F58469D594D6F641FDCCC7F98B3A48504B475D5347C156D90372
                            SHA-512:080525EF407114EF40291E566C5FBF6EF6DC918464C1F302558312598EEAD7E844568E85A5F4FE0AA4216A2AE8974BFADFF906C4346AF41CAF044BDF2E9883B7
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"a34b2203-9d4e-400d-a1a8-68bc5cd741a9","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732547708974,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1732374534010}}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):4
                            Entropy (8bit):0.8112781244591328
                            Encrypted:false
                            SSDEEP:3:e:e
                            MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                            SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                            SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                            SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                            Malicious:false
                            Preview:....

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):2817
                            Entropy (8bit):5.135431033604424
                            Encrypted:false
                            SSDEEP:24:Y6zvtLwanmayiXD2WxZC57At+RaGaPKxVjlj0SHAXf2vgJ2LSBjZf+E50hR9WuMj:Y6zt7jpZw7AMRaGaYpMP1J7jZJGhR90
                            MD5:CD29443CE8F60B9AA1E334F106773280
                            SHA1:8FAB3116EB499F47F57D6A5B865070FC5729A58E
                            SHA-256:1E65E799EB5201960930B20DCFD39136C13481D8275B32FDA6FCEA8E81A9EDA4
                            SHA-512:E489107819772E507677029B011BB99C80093A869EB05145428BE55B517CC6E9E59F60A508E34EA1FE189CD0A2FBE0034D01F7CE013CC9DCA73F293B9EE83F5C
                            Malicious:false
                            Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"37d5f0864b78a1c4f16864ea66c47037","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1122,"ts":1732374533000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"6e7c5d9f5bd005169c77582b095af06f","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1732374533000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"5088c6495aa2bdc88eeef0bd62550087","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1732374533000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"76b14d9621d96c742e40379fcb466aca","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1732374533000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"99a546554744e447055240be23253f06","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1102,"ts":1732374533000},{"id":"Edit_InApp_Aug2020","info":{"dg":"ecf24f21bea4a7e17a5e974f840f29fd","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                            Category:dropped
                            Size (bytes):12288
                            Entropy (8bit):0.9854070861057157
                            Encrypted:false
                            SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpXTu04zJwtNBwtNbRZ6bRZ4iTu0F:TVl2GL7ms6ggOVpDszutYtp6P5Z
                            MD5:1724B547EB478E7FDAAA2FFA424AFDC2
                            SHA1:4C61A75EC71689A1F7942919B4E654ABD3B41837
                            SHA-256:FFFFF97C1A4D45EF0409C97EE12D7B30BF3BC086B3E4DC27D7AB3AC88703D717
                            SHA-512:686A968EBD1FFC121067501EFB082F0B86A536037CF9BD6D49C4FDAC3398293E1A82174F2A48106613C90AB1FF0CB4BEBC4958EF70419381A5E8F9EDA9BE0C8F
                            Malicious:false
                            Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:SQLite Rollback Journal
                            Category:dropped
                            Size (bytes):8720
                            Entropy (8bit):1.3400656111967775
                            Encrypted:false
                            SSDEEP:48:7MYhGgOVpDTzutYtp6PMQWqll2GL7msLn:7LOVpDuaJqVmsLn
                            MD5:F8A5E4190113B993F0ACD7D9CA7C7C80
                            SHA1:6F1F72B805B640433F99DBB72DDF7D6A627C8DCB
                            SHA-256:FF8A7F76E552CD8881FFAF953DE2210B0B5C9D48B3A6AF78F9EE6A128DF618A3
                            SHA-512:AC700A0B44B890D9A4C638973AEEE969B739123FC9974AF587C4726AC9182EDE65E79C736279B64A7501E88D1B644D5383C9A87A229A8287AC31EE6EA0AC4378
                            Malicious:false
                            Preview:.... .c.....j.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):66726
                            Entropy (8bit):5.392739213842091
                            Encrypted:false
                            SSDEEP:768:RNOpblrU6TBH44ADKZEgmxWX9LJDwFTvguyHffophT7cxqlsYyu:6a6TZ44ADEmxcDCvg9oB7cisK
                            MD5:7D9754EC055567444EAEA810CE60CC93
                            SHA1:811D0B76CF9AAA3529018A1C702ECBDCD72D042B
                            SHA-256:1E594A8E1C0ECCC4A7362B92DE020F57606CA9D9E78E2383D2379BC3C852E20F
                            SHA-512:FE8D43999425CF733870204C6D39DB7CBF06363961803C62C13E26BBC1A264F6CCAB1F830F69F53DE7983507C2379B79E135E944FBAC2B605042D52FCE31E1E3
                            Malicious:false
                            Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                            C:\Users\user\AppData\Local\Temp\MSI32ead.LOG

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):246
                            Entropy (8bit):3.5193370621730837
                            Encrypted:false
                            SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rOlUlvdNaloYH:Qw946cPbiOxDlbYnuRKDl6YH
                            MD5:B06F3E4E7C1B9CFB7097B82541A2EB50
                            SHA1:B237EE4A38980AF9BC9292D5F353A44A6BD52588
                            SHA-256:E20699CAF028A936827E646686BEA5E6EB2B9C28DCE0FFFBEE167EB43ADAC083
                            SHA-512:C9ACA7AF410CDD595DDBA9F435D61901B907BA56096B196F4DBE3BC89F80FB302757DBD08CE021D5D0D799D1608C33D6D452A924782405A7537ADEAA1A2BB3F5
                            Malicious:false
                            Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.3./.1.1./.2.0.2.4. . .1.0.:.0.8.:.5.0. .=.=.=.....

                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-23 10-08-45-360.log

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:ASCII text, with very long lines (393)
                            Category:dropped
                            Size (bytes):16525
                            Entropy (8bit):5.376360055978702
                            Encrypted:false
                            SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
                            MD5:1336667A75083BF81E2632FABAA88B67
                            SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
                            SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
                            SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
                            Malicious:false
                            Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:ASCII text, with very long lines (393), with CRLF line terminators
                            Category:dropped
                            Size (bytes):15114
                            Entropy (8bit):5.381438260024417
                            Encrypted:false
                            SSDEEP:384:LKyLkLJL8LiLXLJQLvL0LaL7LfLmdLQLNIC/B/VUXUj6Y7s7h7WQl+ZnZ3ZpZbyQ:QdS
                            MD5:76143AA79A1F3C298F23380031167C75
                            SHA1:29C4E4A2386FFB8153C07EFC4F9049C61DE884D8
                            SHA-256:9F18961A3EB5D46F51346A0B8EC3416DB45F7DB8F4CF0408543D6E3DD0281209
                            SHA-512:B372CEB1C95E30A6C8C6CF6D9B87806ED64603CDAE35AED5C596DE7BC0E6E780C73FED80311AE07A1F45104AF340569D9708A4E3CD2A7F59ACA53C9F05A75215
                            Malicious:false
                            Preview:SessionID=7d41b614-4f5f-4b8d-9e57-8cb1036b8762.1732374525392 Timestamp=2024-11-23T10:08:45:392-0500 ThreadID=7784 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=7d41b614-4f5f-4b8d-9e57-8cb1036b8762.1732374525392 Timestamp=2024-11-23T10:08:45:393-0500 ThreadID=7784 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=7d41b614-4f5f-4b8d-9e57-8cb1036b8762.1732374525392 Timestamp=2024-11-23T10:08:45:393-0500 ThreadID=7784 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=7d41b614-4f5f-4b8d-9e57-8cb1036b8762.1732374525392 Timestamp=2024-11-23T10:08:45:393-0500 ThreadID=7784 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=7d41b614-4f5f-4b8d-9e57-8cb1036b8762.1732374525392 Timestamp=2024-11-23T10:08:45:393-0500 ThreadID=7784 Component=ngl-lib_NglAppLib Description="SetConf

                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):29752
                            Entropy (8bit):5.396784402304897
                            Encrypted:false
                            SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGby:m
                            MD5:2DF775050880DF9C5C8378C01936BBC6
                            SHA1:53809CA951115AD1651D37519077F7F85F68C563
                            SHA-256:D4AB12C0867EC6A96DEEBFAC3283298251EE708A0C4C49A663196B93DFE83E2F
                            SHA-512:C649C46DFAE6F0864F9B79DA716C86EB43822B1EA91FE39DC2631FBF9C423FE0424C6D47FC6F16E138597E81EF393E8241633988C6A05F292F337377CB6FCDE6
                            Malicious:false
                            Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

                            C:\Users\user\AppData\Local\Temp\acrocef_low\23e931e4-1314-497e-9299-5284eacfda5c.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                            Category:dropped
                            Size (bytes):758601
                            Entropy (8bit):7.98639316555857
                            Encrypted:false
                            SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                            MD5:3A49135134665364308390AC398006F1
                            SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                            SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                            SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                            Malicious:false
                            Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                            C:\Users\user\AppData\Local\Temp\acrocef_low\5d7f8977-629f-4bbd-8f51-b00ead01fefa.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                            Category:dropped
                            Size (bytes):1407294
                            Entropy (8bit):7.97605879016224
                            Encrypted:false
                            SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDYYIGNPpe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZQ
                            MD5:E139E6D53A958755742760CD4A4456CB
                            SHA1:C259B619917152498BF74F65E11D03B50E4F80F1
                            SHA-256:542A482DF531973AFE108199E6DF1200DB2590E2E2F7B73C5CD428066EF9138E
                            SHA-512:36222C1C5AD31244D808331760A7BEA22C20F3664709D0786260B538578CA184EF2634E844D682B92DEA9ACDEF3EA700B1C7C4972BE97B8C80ADF3945A92858B
                            Malicious:false
                            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                            C:\Users\user\AppData\Local\Temp\acrocef_low\7c390453-1352-4532-834c-011a673a6750.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                            Category:dropped
                            Size (bytes):386528
                            Entropy (8bit):7.9736851559892425
                            Encrypted:false
                            SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                            MD5:5C48B0AD2FEF800949466AE872E1F1E2
                            SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                            SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                            SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                            Malicious:false
                            Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                            C:\Users\user\AppData\Local\Temp\acrocef_low\d8df62c2-c0e3-4f14-bcac-47dac7362483.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                            Category:dropped
                            Size (bytes):1419751
                            Entropy (8bit):7.976496077007677
                            Encrypted:false
                            SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                            MD5:18E3D04537AF72FDBEB3760B2D10C80E
                            SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                            SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                            SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                            Malicious:false
                            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                            Static File Info

                            General

                            File type:PDF document, version 1.4, 1 pages
                            Entropy (8bit):7.9930522189190025
                            TrID:
                            • Adobe Portable Document Format (5005/1) 100.00%
                            File name:526142.pdf
                            File size:517'896 bytes
                            MD5:bcea5bd8718053f4699a0c6b17481ca7
                            SHA1:7e037add42f3ec8835feadd9852c4550646bee7e
                            SHA256:d21711f4372dc7ac5aa7d124dbff9382cb3b35cb38d5a1b3c807bd2d414e46a1
                            SHA512:ad78418beb783ea09a4143376b9caf96e55b6e943dd403b8d3ca9de72063656f04eee815f4407202232ac404b01ba19493dcf1b1d32df6ee62a6336669364ca0
                            SSDEEP:12288:JeyLu1gV/5Ey3WPiTLoo5/cq3UKPxBZeWy73KaM/4faHN:IKEIWYB5kq3fxBQWq4N
                            TLSH:B6B42382FA68BC29CD454120BA2D3DCA642AB34F0EC509E77F5DD5A815B3E60F8751E3
                            File Content Preview:%PDF-1.4.%.....1 0 obj.<< /Creator <feff0050007200610077006e>./Producer <feff0050007200610077006e>.>>.endobj.2 0 obj.<< /Type /Catalog./Pages 3 0 R.>>.endobj.3 0 obj.<< /Type /Pages./Count 1./Kids [5 0 R].>>.endobj.4 0 obj.<< /Length 1746.>>.stream.q..q.8

                            File Icon

                            Icon Hash:62cc8caeb29e8ae0

                            Static PDF Info

                            General

                            Header:%PDF-1.4
                            Total Entropy:7.993052
                            Total Bytes:517896
                            Stream Entropy:7.998443
                            Stream Bytes:508098
                            Entropy outside Streams:4.413110
                            Bytes outside Streams:9798
                            Number of EOF found:1
                            Bytes after EOF:

                            Keywords Statistics

                            NameCount
                            obj35
                            endobj34
                            stream15
                            endstream15
                            xref1
                            trailer1
                            startxref1
                            /Page1
                            /Encrypt0
                            /ObjStm0
                            /URI0
                            /JS0
                            /JavaScript0
                            /AA0
                            /OpenAction0
                            /AcroForm0
                            /JBIG2Decode0
                            /RichMedia0
                            /Launch0
                            /EmbeddedFile0

                            Image Streams

                            IDDHASHMD5Preview
                            6c4ce9b8343416332752494e32d41e6bbbea7403c6d1af1c7
                            7e46765a0d2c864c7f4f4928361d8dbbec9e3f02db33ba970
                            130874666361331b26c51a0e265ffd07eeb6fba8e8718600d5
                            148c3819d866231162f15ed62b9837a9b9de258229d1aaf689

                            Network Behavior

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Nov 23, 2024 16:08:52.136378050 CET49715443192.168.2.552.5.13.197
                            Nov 23, 2024 16:08:52.136481047 CET4434971552.5.13.197192.168.2.5
                            Nov 23, 2024 16:08:52.136555910 CET49715443192.168.2.552.5.13.197
                            Nov 23, 2024 16:08:52.136781931 CET49715443192.168.2.552.5.13.197
                            Nov 23, 2024 16:08:52.136816978 CET4434971552.5.13.197192.168.2.5
                            Nov 23, 2024 16:08:53.657406092 CET4434971552.5.13.197192.168.2.5
                            Nov 23, 2024 16:08:53.657735109 CET49715443192.168.2.552.5.13.197
                            Nov 23, 2024 16:08:53.657762051 CET4434971552.5.13.197192.168.2.5
                            Nov 23, 2024 16:08:53.659296989 CET4434971552.5.13.197192.168.2.5
                            Nov 23, 2024 16:08:53.659367085 CET49715443192.168.2.552.5.13.197
                            Nov 23, 2024 16:08:53.659377098 CET4434971552.5.13.197192.168.2.5
                            Nov 23, 2024 16:08:53.659698963 CET49715443192.168.2.552.5.13.197
                            Nov 23, 2024 16:08:53.659917116 CET49715443192.168.2.552.5.13.197
                            Nov 23, 2024 16:08:53.659995079 CET4434971552.5.13.197192.168.2.5
                            Nov 23, 2024 16:08:53.660284042 CET49715443192.168.2.552.5.13.197
                            Nov 23, 2024 16:08:53.660300970 CET4434971552.5.13.197192.168.2.5
                            Nov 23, 2024 16:08:53.703516006 CET49715443192.168.2.552.5.13.197
                            Nov 23, 2024 16:08:54.192043066 CET4434971552.5.13.197192.168.2.5
                            Nov 23, 2024 16:08:54.192071915 CET4434971552.5.13.197192.168.2.5
                            Nov 23, 2024 16:08:54.192130089 CET49715443192.168.2.552.5.13.197
                            Nov 23, 2024 16:08:54.192157984 CET4434971552.5.13.197192.168.2.5
                            Nov 23, 2024 16:08:54.192177057 CET4434971552.5.13.197192.168.2.5
                            Nov 23, 2024 16:08:54.192225933 CET49715443192.168.2.552.5.13.197
                            Nov 23, 2024 16:08:54.194392920 CET49715443192.168.2.552.5.13.197
                            Nov 23, 2024 16:08:54.194405079 CET4434971552.5.13.197192.168.2.5

                            UDP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Nov 23, 2024 16:08:52.554673910 CET5686253192.168.2.51.1.1.1

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Nov 23, 2024 16:08:52.554673910 CET192.168.2.51.1.1.10x8b4cStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Nov 23, 2024 16:08:52.782982111 CET1.1.1.1192.168.2.50x8b4cNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                            Nov 23, 2024 16:08:54.559946060 CET1.1.1.1192.168.2.50x7defNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                            Nov 23, 2024 16:08:54.559946060 CET1.1.1.1192.168.2.50x7defNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

                            HTTP Request Dependency Graph

                            • https:
                              • p13n.adobe.io

                            HTTPS Proxied Packets

                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.54971552.5.13.1974437228C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            TimestampBytes transferredDirectionData
                            2024-11-23 15:08:53 UTC1473OUTGET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1
                            Host: p13n.adobe.io
                            Connection: keep-alive
                            sec-ch-ua: "Chromium";v="105"
                            sec-ch-ua-mobile: ?0
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                            Accept: application/json, text/javascript, */*; q=0.01
                            x-adobe-uuid: 89d789c4-e7e5-4f75-95a4-57139ab6811f
                            x-adobe-uuid-type: visitorId
                            x-api-key: AdobeReader9
                            sec-ch-ua-platform: "Windows"
                            Origin: https://rna-resource.acrobat.com
                            Accept-Language: en-US,en;q=0.9
                            Sec-Fetch-Site: cross-site
                            Sec-Fetch-Mode: cors
                            Sec-Fetch-Dest: empty
                            Referer: https://rna-resource.acrobat.com/
                            Accept-Encoding: gzip, deflate, br
                            2024-11-23 15:08:54 UTC608INHTTP/1.1 200
                            Server: openresty
                            Date: Sat, 23 Nov 2024 15:08:54 GMT
                            Content-Type: application/json;charset=UTF-8
                            Content-Length: 5339
                            Connection: close
                            x-request-id: q5zrS9nheZCn96P0kRcm27uV0MuzS0QK
                            vary: accept-encoding
                            Access-Control-Allow-Origin: *
                            Access-Control-Allow-Methods: GET, OPTIONS
                            Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id
                            Access-Control-Allow-Credentials: true
                            Access-Control-Expose-Headers: x-request-id
                            Strict-Transport-Security: max-age=15552000; includeSubDomains
                            2024-11-23 15:08:54 UTC5339INData Raw: 7b 22 73 75 72 66 61 63 65 73 22 3a 7b 22 44 43 5f 52 65 61 64 65 72 5f 48 6f 6d 65 5f 4c 48 50 5f 54 72 69 61 6c 5f 42 61 6e 6e 65 72 22 3a 7b 22 63 6f 6e 74 61 69 6e 65 72 73 22 3a 5b 7b 22 63 6f 6e 74 61 69 6e 65 72 49 64 22 3a 31 2c 22 63 6f 6e 74 61 69 6e 65 72 4c 61 62 65 6c 22 3a 22 4a 53 4f 4e 20 66 6f 72 20 44 43 5f 52 65 61 64 65 72 5f 48 6f 6d 65 5f 4c 48 50 5f 54 72 69 61 6c 5f 42 61 6e 6e 65 72 22 2c 22 64 61 74 61 54 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 2c 22 64 61 74 61 22 3a 22 65 79 4a 6a 64 47 45 69 4f 6e 73 69 64 47 56 34 64 43 49 36 49 6c 52 79 65 53 42 42 59 33 4a 76 59 6d 46 30 49 46 42 79 62 79 4a 39 4c 43 4a 31 61 53 49 36 65 79 4a 30 61 58 52 73 5a 56 39 7a 64 48 6c 73 61 57 35 6e 49 6a 70 37 49 6d
                            Data Ascii: {"surfaces":{"DC_Reader_Home_LHP_Trial_Banner":{"containers":[{"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","dataType":"application/json","data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7Im


                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:10:08:42
                            Start date:23/11/2024
                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\526142.pdf"
                            Imagebase:0x7ff686a00000
                            File size:5'641'176 bytes
                            MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:2
                            Start time:10:08:42
                            Start date:23/11/2024
                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                            Imagebase:0x7ff6413e0000
                            File size:3'581'912 bytes
                            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:4
                            Start time:10:08:43
                            Start date:23/11/2024
                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2124 --field-trial-handle=1604,i,2889311111756859078,1169954142003541719,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                            Imagebase:0x7ff6413e0000
                            File size:3'581'912 bytes
                            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            Disassembly

                            No disassembly