Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
287f30b29d08d.pdf

Overview

General Information

Sample name:287f30b29d08d.pdf
Analysis ID:1417530
MD5:c5e953f8ec611737a59e1f0cc8254383
SHA1:ca81719de5a329343b7b72042ff7e909f8568499
SHA256:342365d304a3c45d517c13f2dd1a6a53da1aee851f250637a1c4efedf6e61ea5
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7428 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\287f30b29d08d.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7596 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7796 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2072 --field-trial-handle=1560,i,8317152618337752444,12301217609217587103,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.48.8.182:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.48.8.182:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.48.8.182:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.48.8.182:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.48.8.182:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.48.8.182:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.48.8.182:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.48.8.182:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.48.8.182:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.48.8.182:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.48.8.182:443
Source: global trafficTCP traffic: 23.48.8.182:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.48.8.182:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.48.8.182:443
Source: global trafficTCP traffic: 23.48.8.182:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 23.48.8.182:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.48.8.182:443
Source: global trafficTCP traffic: 23.48.8.182:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 23.48.8.182:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.48.8.182:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.48.8.182:443
Source: global trafficTCP traffic: 23.48.8.182:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.48.8.182:443
Source: global trafficTCP traffic: 23.48.8.182:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.48.8.182:443
Source: global trafficTCP traffic: 23.48.8.182:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 23.48.8.182:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.48.8.182:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.48.8.182:443
Source: global trafficTCP traffic: 23.48.8.182:443 -> 192.168.2.4:49740
Source: Joe Sandbox ViewIP Address: 23.48.8.182 23.48.8.182
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.48.8.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.48.8.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.48.8.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.48.8.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.48.8.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.48.8.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.48.8.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.48.8.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.48.8.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.48.8.182
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: classification engineClassification label: clean2.winPDF@15/46@0/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-29 15-10-18-089.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\287f30b29d08d.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2072 --field-trial-handle=1560,i,8317152618337752444,12301217609217587103,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2072 --field-trial-handle=1560,i,8317152618337752444,12301217609217587103,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 287f30b29d08d.pdfInitial sample: PDF keyword /JS count = 0
Source: 287f30b29d08d.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: 287f30b29d08d.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive12
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1417530 Sample: 287f30b29d08d.pdf Startdate: 29/03/2024 Architecture: WINDOWS Score: 2 6 Acrobat.exe 18 81 2->6         started        process3 8 AcroCEF.exe 118 6->8         started        process4 10 AcroCEF.exe 2 8->10         started        dnsIp5 13 23.48.8.182, 443, 49740 AKAMAI-ASN1EU United States 10->13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
287f30b29d08d.pdf0%VirustotalBrowse
287f30b29d08d.pdf0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
23.48.8.182
unknownUnited States
20940AKAMAI-ASN1EUfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1417530
Start date and time:2024-03-29 15:09:30 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 54s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:10
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:287f30b29d08d.pdf
Detection:CLEAN
Classification:clean2.winPDF@15/46@0/1
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 23.221.240.182, 3.219.243.226, 52.6.155.20, 52.22.41.97, 3.233.129.217, 23.215.0.48, 23.215.0.36, 172.64.41.3, 162.159.61.3, 23.62.230.184, 23.62.230.207, 104.97.85.154, 104.97.85.183
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
23.48.8.182PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
    http://tand6000.dk/files/files/zizami.pdfGet hashmaliciousPDFPhishBrowse
      https://www.colortrac.com/netapp/Get hashmaliciousUnknownBrowse
        passportscan.htaGet hashmaliciousXWorm, zgRATBrowse
          Commissions_open_20231004_Commissions_open_20231004pdf.exeGet hashmaliciousUnknownBrowse
            PAGAMENTO_COMMISSIONI_MBS_Settembre_MGpdf.exeGet hashmaliciousUnknownBrowse
              Factura_FVR23041255_Factura_FVR23041255pdf.exeGet hashmaliciousUnknownBrowse
                Ordine_Frode_1027797000003171_Ordine_Frode_1027797000003171pdf.exeGet hashmaliciousUnknownBrowse
                  Commissions_BEL6_20231004_Commissions_BEL6_20231004pdf.exeGet hashmaliciousUnknownBrowse
                    Certificazione_Partecipazione_Corso_AML_IT15318pdf.exeGet hashmaliciousUnknownBrowse

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      AKAMAI-ASN1EUhttps://att-login309.weeblysite.com/Get hashmaliciousUnknownBrowse
                      • 184.29.143.232
                      https://att-login900.weeblysite.com/Get hashmaliciousUnknownBrowse
                      • 23.53.35.73
                      Facture_160087511.htmlGet hashmaliciousScreenConnect ToolBrowse
                      • 104.96.221.75
                      https://ckydb04.na1.hubspotlinks.com/Ctc/OP+113/cKydB04/VW9bQw4skpv3N4QMDhk6pMpJW5g6HvJ5ccjQdN61zzVd3qn9gW7lCdLW6lZ3m-VBhZqP2fNwFyN40GRrrMQlZ-N2TdQmJ13Y6QW10XVPX3kbMHcN4L237-7KHZ5W1zLF7f8GbdtBW2ZKqmb4N84ZcW3QDpzS6S7KJJW5X7x_l7b4v9TW2F362D3Hh1s9W54lklM4T0vLxN7h7S8FNlcHjW20Y8Mn2bFBzVW9hqyrD48FY07W1SGLwZ5DF_9-W40HntB7qL0THW1mF8BY3vVj3gW2n5NX74XPrGTW45qZ3V6l-BrTN7CsbcvdfdyCW5951f94y1-HGN8ZFSwmVlSf3W5fSXSN3-n9KQW8hNdv46-Q6rkf7QDZST04Get hashmaliciousUnknownBrowse
                      • 104.117.182.67
                      http://www.free-pdf-creator.comGet hashmaliciousUnknownBrowse
                      • 23.53.35.206
                      brzffc2GOs.elfGet hashmaliciousMiraiBrowse
                      • 104.79.250.64
                      https://airispharma1-my.sharepoint.com/:o:/g/personal/anagaraj_airispharma_com/EvmEpKGsyxtGnlrgsjVRxi4BOj2g3uhzHgNY6tXqx6wp5g?e=JtdJfIGet hashmaliciousHTMLPhisherBrowse
                      • 184.28.130.71
                      https://mmsinconline-my.sharepoint.com/:b:/p/mamundson/EZ0kVsuFb_RJlwEzXHeEJ1gBaR0hj3PwWMy3ECS1r80Lcg?e=96yHrOGet hashmaliciousUnknownBrowse
                      • 23.12.146.141
                      https://colourlyrics.com/fe/KtHc5ruvtRkZFoArrtthaJsvCmg3Rb7X4JToP666Ry87hz3e3rFuRJGAPKBcoBZjAZJZK4pouqXoieozb8x97ijrpxmdxNfsxaBCR2nGFdZnrhtCVLagarbeJ5bjm2rcgeCmZPnkCo2NqoSFB3o6MQGet hashmaliciousUnknownBrowse
                      • 23.62.230.207
                      I_ REF _ Due Debt 25_03_2024.msgGet hashmaliciousHTMLPhisherBrowse
                      • 23.199.63.178

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.233137026372117
                      Encrypted:false
                      SSDEEP:6:FKGfEeQL+q2Pwkn2nKuAl9OmbnIFUt88KGfHcGKWZmw+8KGfHcQLVkwOwkn2nKui:rEeQ+vYfHAahFUt8G8GKW/+G8QV5JfHi
                      MD5:755E6AC5518EC4C267FA31BE9C2A7363
                      SHA1:82CBF8134F0A4A86EC563B09D8E026DDF1AEB459
                      SHA-256:ED1C4B269416EAD1695199187758EAAB1E582F2CC328112BBB36E7F044F59A01
                      SHA-512:A3EFABC6CC5F85CD12AD422CE860719AC364C74AF46E45CACB98C4D6375AFC5C7E039FD25F5E44C5BC7EF82BC82FE7BE277570A590AD9D0274D501EC182A0A5C
                      Malicious:false
                      Reputation:low
                      Preview:2024/03/29-15:10:15.863 1e5c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/03/29-15:10:15.864 1e5c Recovering log #3.2024/03/29-15:10:15.864 1e5c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.233137026372117
                      Encrypted:false
                      SSDEEP:6:FKGfEeQL+q2Pwkn2nKuAl9OmbnIFUt88KGfHcGKWZmw+8KGfHcQLVkwOwkn2nKui:rEeQ+vYfHAahFUt8G8GKW/+G8QV5JfHi
                      MD5:755E6AC5518EC4C267FA31BE9C2A7363
                      SHA1:82CBF8134F0A4A86EC563B09D8E026DDF1AEB459
                      SHA-256:ED1C4B269416EAD1695199187758EAAB1E582F2CC328112BBB36E7F044F59A01
                      SHA-512:A3EFABC6CC5F85CD12AD422CE860719AC364C74AF46E45CACB98C4D6375AFC5C7E039FD25F5E44C5BC7EF82BC82FE7BE277570A590AD9D0274D501EC182A0A5C
                      Malicious:false
                      Reputation:low
                      Preview:2024/03/29-15:10:15.863 1e5c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/03/29-15:10:15.864 1e5c Recovering log #3.2024/03/29-15:10:15.864 1e5c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):336
                      Entropy (8bit):5.165974593222396
                      Encrypted:false
                      SSDEEP:6:FKGfaFN+q2Pwkn2nKuAl9Ombzo2jMGIFUt88KGf4Zmw+8KGfIVkwOwkn2nKuAl97:raOvYfHAa8uFUt8G4/+Gg5JfHAa8RJ
                      MD5:12F734A4146C08971E95C9989711AAF0
                      SHA1:0594681B7E25D83AA7CACFC096897019D8F9937B
                      SHA-256:872D93B1D3D1B6BC30E732D073F31A3B9523588241F45CF528BB2D03C7315FBE
                      SHA-512:2822A2AF9D52403FA77E8299F6EAA66BE3E386D45EC9E1C1EB8F1CBD14F694D6B04182FD589F1138191FF3B174AEBEE840E8D894F7F91252D16DAD440735C4A5
                      Malicious:false
                      Reputation:low
                      Preview:2024/03/29-15:10:15.909 1ec8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/03/29-15:10:15.910 1ec8 Recovering log #3.2024/03/29-15:10:15.910 1ec8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):336
                      Entropy (8bit):5.165974593222396
                      Encrypted:false
                      SSDEEP:6:FKGfaFN+q2Pwkn2nKuAl9Ombzo2jMGIFUt88KGf4Zmw+8KGfIVkwOwkn2nKuAl97:raOvYfHAa8uFUt8G4/+Gg5JfHAa8RJ
                      MD5:12F734A4146C08971E95C9989711AAF0
                      SHA1:0594681B7E25D83AA7CACFC096897019D8F9937B
                      SHA-256:872D93B1D3D1B6BC30E732D073F31A3B9523588241F45CF528BB2D03C7315FBE
                      SHA-512:2822A2AF9D52403FA77E8299F6EAA66BE3E386D45EC9E1C1EB8F1CBD14F694D6B04182FD589F1138191FF3B174AEBEE840E8D894F7F91252D16DAD440735C4A5
                      Malicious:false
                      Reputation:low
                      Preview:2024/03/29-15:10:15.909 1ec8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/03/29-15:10:15.910 1ec8 Recovering log #3.2024/03/29-15:10:15.910 1ec8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\95192160-fdd3-4d2a-94b5-e90de8e739b9.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:modified
                      Size (bytes):474
                      Entropy (8bit):4.963278023162862
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqZAspksBdOg2Hacaq3QYiubInP7E4T3y:Y2sRds6bdMHV3QYhbG7nby
                      MD5:80D7E128E248925F29611EA1D05F748E
                      SHA1:E5FB9CB81C37E973556A8D7828D019A9C50FB3F1
                      SHA-256:D148302551D43D14E37640B97A86C11C085D12C404A368E52ACC524FD5C1CE73
                      SHA-512:2D1FA346984D89D9FC01972E924134DB17271B54CAA3B304467615BBCB15F6A74AE6D5F90379D52D073931C6EEC50CF41A1FDAC37B9B7B50AB05874644A8C767
                      Malicious:false
                      Reputation:low
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13356281427763598","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":98465},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):474
                      Entropy (8bit):4.963278023162862
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqZAspksBdOg2Hacaq3QYiubInP7E4T3y:Y2sRds6bdMHV3QYhbG7nby
                      MD5:80D7E128E248925F29611EA1D05F748E
                      SHA1:E5FB9CB81C37E973556A8D7828D019A9C50FB3F1
                      SHA-256:D148302551D43D14E37640B97A86C11C085D12C404A368E52ACC524FD5C1CE73
                      SHA-512:2D1FA346984D89D9FC01972E924134DB17271B54CAA3B304467615BBCB15F6A74AE6D5F90379D52D073931C6EEC50CF41A1FDAC37B9B7B50AB05874644A8C767
                      Malicious:false
                      Reputation:low
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13356281427763598","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":98465},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4443
                      Entropy (8bit):5.2523729366410326
                      Encrypted:false
                      SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7fuR7y6:etJCV4FiN/jTN/2r8Mta02fEhgO73goA
                      MD5:AFCCC0B6CBD0DFDFC1BFEB5E8B7B2B5C
                      SHA1:F993F8BBE1D05CD0B6346D0B8D253CC96AE0382C
                      SHA-256:5645E36DD7DA2D357296FFDDF4ED3687D59EB315FD1331C74E0C1601AC875555
                      SHA-512:032D36A4952DC114DFE717C18B0960D933BC48136906375CE4202B8F07E840C73C3830B44B36C2ECA808528C714C3C22A69AA06E552F80FCF7F4336C4F077432
                      Malicious:false
                      Reputation:low
                      Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):324
                      Entropy (8bit):5.203369753708547
                      Encrypted:false
                      SSDEEP:6:FKGfKL7+q2Pwkn2nKuAl9OmbzNMxIFUt88KGfKLzZZmw+8KGfKL0VkwOwkn2nKuP:rQivYfHAa8jFUt8GQzZ/+GQU5JfHAa8E
                      MD5:536D3F416021A154CD173D5726E06335
                      SHA1:D808B25B348486BF009A64E40DF81568C582AD53
                      SHA-256:B589750B9336DC773C243E0D03989AE812849126CD175F13AD99A12DDA34EB71
                      SHA-512:5D5BA1E04399BFE3CC7C99E7D079F9585D8EEF17A842E6A909AB7158BF4DE22EF91D76C7B278AB7DCB2F4F0639423BF2E722ADBAC3F445574D095956558D6726
                      Malicious:false
                      Reputation:low
                      Preview:2024/03/29-15:10:16.430 1ec8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/03/29-15:10:16.436 1ec8 Recovering log #3.2024/03/29-15:10:16.440 1ec8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):324
                      Entropy (8bit):5.203369753708547
                      Encrypted:false
                      SSDEEP:6:FKGfKL7+q2Pwkn2nKuAl9OmbzNMxIFUt88KGfKLzZZmw+8KGfKL0VkwOwkn2nKuP:rQivYfHAa8jFUt8GQzZ/+GQU5JfHAa8E
                      MD5:536D3F416021A154CD173D5726E06335
                      SHA1:D808B25B348486BF009A64E40DF81568C582AD53
                      SHA-256:B589750B9336DC773C243E0D03989AE812849126CD175F13AD99A12DDA34EB71
                      SHA-512:5D5BA1E04399BFE3CC7C99E7D079F9585D8EEF17A842E6A909AB7158BF4DE22EF91D76C7B278AB7DCB2F4F0639423BF2E722ADBAC3F445574D095956558D6726
                      Malicious:false
                      Reputation:low
                      Preview:2024/03/29-15:10:16.430 1ec8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/03/29-15:10:16.436 1ec8 Recovering log #3.2024/03/29-15:10:16.440 1ec8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240329141020Z-157.bmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                      Category:dropped
                      Size (bytes):65110
                      Entropy (8bit):0.010281203479617362
                      Encrypted:false
                      SSDEEP:3:up/ql/nasxRj:upCl/Jj
                      MD5:00DB8ECE00238719F9D531102091F31C
                      SHA1:2C93F28D42D242532093FAB1BB7DDE33EEE810D5
                      SHA-256:95444CF39A1424F48C5D069EE1F263B613F89D22C379C4A2886F6FBE160BC00F
                      SHA-512:4DE0801AAB1297B9B6A4BF85631650BAFB042F1C211D2C012D601F8FDB7836FA6AD5B5D04B0FE1F4CF50D987C94B2ED6B5FDB8A3075BAC7D30D9FD8CA1840008
                      Malicious:false
                      Reputation:low
                      Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                      Category:dropped
                      Size (bytes):86016
                      Entropy (8bit):4.444931766858254
                      Encrypted:false
                      SSDEEP:384:yezci5tOiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rhs3OazzU89UTTgUL
                      MD5:B65ED0D35D38E3780034D88143DB50B0
                      SHA1:BF8904EDA08B9C3ADA0605A565D56F51F361780C
                      SHA-256:8648CBE670A9C94A6D269CA28E5E7F2268A9534BD60B6ECA4629B4A5D95121EF
                      SHA-512:30A2B9D920A63F635B277CCFD9C0DDBF2ACC8E2BD372247B63560B3824E059A5543FAD3D8D14CBA62AB5E4B1208EC9E9B7357897120F58C9B58D95F14E590812
                      Malicious:false
                      Reputation:low
                      Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):3.7739430914839875
                      Encrypted:false
                      SSDEEP:48:7M9p/E2ioyVjioy9oWoy1Cwoy17KOioy1noy1AYoy1Wioy1hioybioyDoy1noy13:7upjujF2XKQiib9IVXEBodRBkU
                      MD5:5545181E4286C90817FF4AC8DEE267DB
                      SHA1:14F5D92A48139B5ACC563834D05875E3E5BB71C9
                      SHA-256:46C33F18BE0CF275A44BF170B69FD7C2876F2BF31B5F77787864A7DB2EA54A3E
                      SHA-512:58631D9818AB40AC70B16AE4ED0173914C20D6A82DBD5253E3B0246A63BF6896F4AE3D70C72322D0C5513A9B2033D938FED0006A8EADC252587AF3FDEDBAB27B
                      Malicious:false
                      Reputation:low
                      Preview:.... .c......UD-...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):1233
                      Entropy (8bit):5.233980037532449
                      Encrypted:false
                      SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                      MD5:8BA9D8BEBA42C23A5DB405994B54903F
                      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                      Malicious:false
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7516

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):1233
                      Entropy (8bit):5.233980037532449
                      Encrypted:false
                      SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                      MD5:8BA9D8BEBA42C23A5DB405994B54903F
                      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                      Malicious:false
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):10880
                      Entropy (8bit):5.214360287289079
                      Encrypted:false
                      SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                      MD5:B60EE534029885BD6DECA42D1263BDC0
                      SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                      SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                      SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                      Malicious:false
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7516

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):10880
                      Entropy (8bit):5.214360287289079
                      Encrypted:false
                      SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                      MD5:B60EE534029885BD6DECA42D1263BDC0
                      SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                      SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                      SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                      Malicious:false
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):295
                      Entropy (8bit):5.372793397456728
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJM3g98kUwPeUkwRe9:YvXKXXsYLSWZc0vpGMbLUkee9
                      MD5:1A8F15CA59CE97A0595F673AAD848D4F
                      SHA1:F236BAC2935736B417727FD03C512DEB75E9EB2B
                      SHA-256:6FE790A8661A4C504DC3C67DF54F2B694D143FE6E0912C96D4A5AC3A86ED8F2C
                      SHA-512:F1877A874F95566E84613BB64734D174E0C42E6D654485C839F42649393079E43CC0449911A81B13C0456FEED94FD32BFE13935647689A3EAA50905B96164BD7
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"0e65bc82-3175-4b04-89ca-43c0e50f8d30","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711896500936,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.322374271153097
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJfBoTfXpnrPeUkwRe9:YvXKXXsYLSWZc0vpGWTfXcUkee9
                      MD5:F2C92F74625A272B170FBAA42646539A
                      SHA1:5548C7852A32201A0DB998E64640DC04BFD30CD0
                      SHA-256:B2E16093DE36C48B98C3D6AFACDBC9C374B766A4FA90DB38F326055A75F756C8
                      SHA-512:3F4F1F1346B958F685CF142408F637DF64C8F5EDE0E1EB73293FED3078FD61A8D130E8EC986D20D7F0B06C4EDB07FC5D34576C731D578830BA5D7CDD9368EE28
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"0e65bc82-3175-4b04-89ca-43c0e50f8d30","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711896500936,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.300513185898365
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJfBD2G6UpnrPeUkwRe9:YvXKXXsYLSWZc0vpGR22cUkee9
                      MD5:477669AC63A4B9B10649170B15782EA7
                      SHA1:3DD17C269A384B267064421FAE6A7C3467004C6B
                      SHA-256:7A86E89224C77899ADFDF08A4C531D0F4EC474A891546E89DAFA5C9679FE84CB
                      SHA-512:7E579D40EBE90A46936542749E41D35228F584F3912DEE201DBE92F03751C21608BE60252C862C1B5D8B01F6BC0BBAD51CCD42EBFAA3B71FC10D46BE22B9F6E8
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"0e65bc82-3175-4b04-89ca-43c0e50f8d30","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711896500936,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):285
                      Entropy (8bit):5.360134781235731
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJfPmwrPeUkwRe9:YvXKXXsYLSWZc0vpGH56Ukee9
                      MD5:8779E7CEB5485F3D39729C3076DFE45D
                      SHA1:2F765BF766302CCB51C7BA9CC6B00FC05B04DAA5
                      SHA-256:DFF989943D391AD1F21D00BBA17B3B695FDB38D9570E8963A0B256B14DF1A5BE
                      SHA-512:28C6FA378FCFDCBD679F6141D17095EDE9A7A50AB7537B644BCC5F186813FB6E7631FD64B9A02D89E8789654FF6B2357A47FCEF3991E7BE9B87B7A8980350DA9
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"0e65bc82-3175-4b04-89ca-43c0e50f8d30","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711896500936,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.320656605873056
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJfJWCtMdPeUkwRe9:YvXKXXsYLSWZc0vpGBS8Ukee9
                      MD5:13DDC52A7E503574F57057EEF258DDE7
                      SHA1:7DA162692F3DD8DE59778CDD3971D732BDBA588E
                      SHA-256:0A1E1612AE1679E422DA4F41800F4FAAA3BAD2D5FA96013161298CB5D8EB6015
                      SHA-512:F894815F9820C9C562E5368874E4CA396F68F0135E0F24D0446BC42513D52C73D3DE721BA96DAF03734386988AC4DE31D7705E051488BB054E57D2A4E492560A
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"0e65bc82-3175-4b04-89ca-43c0e50f8d30","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711896500936,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.307199204803331
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJf8dPeUkwRe9:YvXKXXsYLSWZc0vpGU8Ukee9
                      MD5:54110D134E5F1ABFFF06FB574ADB5672
                      SHA1:38AB188C37E8393AFF5CBC019AC0574C87E3A1E9
                      SHA-256:9636E41DF16A19DCBDF64CAC3D56430AF77051676EE8E7EFAF4540E579950554
                      SHA-512:74F2DA798B37A31736B4350F713BFA045D9EF714FC8DA709EF50E70BC91FC0551B3AC618C2502637131F8662392ED0F240ADDC0643B2D701F8A48EC19D3C7D15
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"0e65bc82-3175-4b04-89ca-43c0e50f8d30","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711896500936,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.310716878613304
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJfQ1rPeUkwRe9:YvXKXXsYLSWZc0vpGY16Ukee9
                      MD5:BD1498EE41C3AEA267C32372C7C5D575
                      SHA1:FACF3FD7A368B4ECA08F8F86269ED4DE8036F3CA
                      SHA-256:3B26E23AA6C460091C3BB43E1E1F94D8A1D6A4BBA7D724C2587A72EF1A477D2B
                      SHA-512:0EBAB08E08CDE61652D479516FA28E335D24EF2E97248C268EF21A32753E59CB1C3C7B16964F22875B6B30EE1E23CB22716865B883839EBA9C6797890AF1897E
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"0e65bc82-3175-4b04-89ca-43c0e50f8d30","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711896500936,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.317961906172022
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJfFldPeUkwRe9:YvXKXXsYLSWZc0vpGz8Ukee9
                      MD5:7BD32EA4408D4C003DC3921809F22442
                      SHA1:FC09B5CD15858DC05AC4EF7371DF736242B2A9ED
                      SHA-256:0599271FADEC4302EE3A4EB5F642760F4EB336EB508BE39390105B7FC77769CB
                      SHA-512:BA68503F707286E04D5348DF645423CC16E0072DAA8D1859974D349E5A19CB6C09AD5939823F48773A85E60AADC0C968A40D92913A2174306FF2DDBA5C91561A
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"0e65bc82-3175-4b04-89ca-43c0e50f8d30","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711896500936,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):295
                      Entropy (8bit):5.333304968798589
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJfzdPeUkwRe9:YvXKXXsYLSWZc0vpGb8Ukee9
                      MD5:FAD674C50EC89E517BB1B5ECE38395B4
                      SHA1:BA96BBC8EB01F0E68EF3B43A01652F7304CD33F4
                      SHA-256:862FCBBD6BC84847C6A3DE09A546EAA0B31452A6B7787F13DEC73A749B428AA7
                      SHA-512:E56E1FF33AEA66706C90FCA4DD74A4FFDE8312498FED769A0AB00ED7DD693956A2D514A951D0A64E07DE927214076AD92296914977C345EA545827AA8EA1DE16
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"0e65bc82-3175-4b04-89ca-43c0e50f8d30","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711896500936,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.313944333246429
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJfYdPeUkwRe9:YvXKXXsYLSWZc0vpGg8Ukee9
                      MD5:94495CE269C97B1A4A1417EB39C808E6
                      SHA1:898190CBE899AD375B17E1BE4F2A3BC3662A8E24
                      SHA-256:028911447B8C41EE6AC99B282310170B319D20BB5CEA92A37647FED55B373E1E
                      SHA-512:2C01B01DF5CC76E63AF677BB9ACC64EA268C31CDF5AD588C26EBF55C81A045469EE679C0E45FA8428E454E53EC9BC0403C224BDD4F8863A30DA343F07025091B
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"0e65bc82-3175-4b04-89ca-43c0e50f8d30","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711896500936,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1395
                      Entropy (8bit):5.776150120226268
                      Encrypted:false
                      SSDEEP:24:Yv6XXsY2WzvIrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN1f:YvosYjgHgDv3W2aYQfgB5OUupHrQ9FJT
                      MD5:368BCF46B5460C4A2B7A5072E1500655
                      SHA1:8CEC30323DFEC413992461E11BE5AD99CCCD504C
                      SHA-256:F7A6D860419151EC95B1873295E1DC1073F0542576FEE6DC85E6A9B14E927AE4
                      SHA-512:2D29AB1311454B6629B1E964B43CF9F0B79EFCA569FED71132669AAA09699DFA4BFD7A55CFD7BF44D9AAEDA55954BE143544935869CD86E674ED99F99F003FBB
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"0e65bc82-3175-4b04-89ca-43c0e50f8d30","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711896500936,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):291
                      Entropy (8bit):5.297395593578393
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJfbPtdPeUkwRe9:YvXKXXsYLSWZc0vpGDV8Ukee9
                      MD5:79F988936536FC3EF51CDADE52C80F06
                      SHA1:137C1A2EBBA85424E7388D52A721471E6B3F4AE9
                      SHA-256:30E86C9568D9D597EB497CD93FB2EDDCB2730531196A02BA199FDF4B9B001FFA
                      SHA-512:B2C826FE2033290267D2C93B4C813E5AD76E7881E921E76F407CEBF442C14CC286A5EF1252264EACA0903970EDE2A60DFD53B7AF3231850625100EF27D30A2A1
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"0e65bc82-3175-4b04-89ca-43c0e50f8d30","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711896500936,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):287
                      Entropy (8bit):5.3019256759994065
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJf21rPeUkwRe9:YvXKXXsYLSWZc0vpG+16Ukee9
                      MD5:3AB14A76B80AEDB193F2D5B0E872024D
                      SHA1:04834E99B2A1AFC334EC3AFC8FED569E7C19EB66
                      SHA-256:7D90DB161DCD6432A1ABD159640FF64F4652925B047A7DE5FF552456793BFA2F
                      SHA-512:BFD1A33D1B9C898E6D546DEDD1B65CE6616B04B7FC4880292B450C162D47A17ECD11E776CC6B3A29494B8DDBA83B4CA13E177AFF8712FA508D3C8640A6F42FD2
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"0e65bc82-3175-4b04-89ca-43c0e50f8d30","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711896500936,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.320779462004577
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJfbpatdPeUkwRe9:YvXKXXsYLSWZc0vpGVat8Ukee9
                      MD5:22F029044D9ECD1DD1AB135CCCE35D25
                      SHA1:CE4F5A263E4BF7D3D00D15225AC6A5898D0AEFE2
                      SHA-256:C84F321F6220B36E866757250FB8FF1465ABAD0D907150169556D6812159CCD4
                      SHA-512:62277D316D87487E7C4B09DF2C44438D9BE79B2D867C6AC89EC4BA0877FAAAF60E4D95EE4AC43D8D99D20F39FD849478C8891613B0CA82338828CE53A1BDC0BF
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"0e65bc82-3175-4b04-89ca-43c0e50f8d30","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711896500936,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):286
                      Entropy (8bit):5.278946212247505
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXHATQsAcGhtSnVoZcg1vRcR0YWeoAvJfshHHrPeUkwRe9:YvXKXXsYLSWZc0vpGUUUkee9
                      MD5:4DB3225F2CEB6AF976E9C460EAAC3880
                      SHA1:C6EF0526B1DF43310F8F083B2CBAC9D9DCB2DB6F
                      SHA-256:3CB7E740478C987B62247668331A023F32ED25B0386918BE0D0AA8445DB50B0D
                      SHA-512:FD45E28003A15DEC9916EA09D7554F105CF7C3B84B8475E1C110451D9949DE29B2FF5AA848D9E5F39DBDDFD329A269F300E302B9EF71332ED7E797CDFBB8E899
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"0e65bc82-3175-4b04-89ca-43c0e50f8d30","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711896500936,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):782
                      Entropy (8bit):5.366891660710241
                      Encrypted:false
                      SSDEEP:12:YvXKXXsYLSWZc0vpGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWhf:Yv6XXsY2WzvF168CgEXX5kcIfANh+f
                      MD5:BE841C1CF1BAAA9C986EBE68F9CF2D1A
                      SHA1:3AC8A02874DF6770FBE8835C650FE7B828384ACD
                      SHA-256:8E9EAF2105C339F804BABFC019FDA68E754AAC9B9B516FFD86EF49786938EF93
                      SHA-512:1DFC94C73C432F172955F1B36D010CB1C37CC2171B625113648F621D56D8DEC573E8520A37B347EAF2DFB65E1A5AF47C73BCE2EC115D16CC837E12BA2919949D
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"0e65bc82-3175-4b04-89ca-43c0e50f8d30","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711896500936,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1711721420967}}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4
                      Entropy (8bit):0.8112781244591328
                      Encrypted:false
                      SSDEEP:3:e:e
                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                      Malicious:false
                      Preview:....

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2813
                      Entropy (8bit):5.1213424060069
                      Encrypted:false
                      SSDEEP:48:Y7BOVKtHxZaTH8FHZA3HwHOHVercHKH8HrVRHW7HSh7HJCFHE49tHVQHaHt:hMxa8BZAX+44rScyrVVWT2JCBhpVest
                      MD5:37F3200219063773190EAA606FE893B2
                      SHA1:D5DC0FD7023AECA3DA2F0BAC227FE2528B43566C
                      SHA-256:602AC291C47056C000D5927A55BAF431369B3A2A2AC85410C072DAE14F2A47D5
                      SHA-512:1E337083AB994252DF22F7FAEE6BEF71BF7735A84495E37C6AC337E57251705F9B06204226DAFBB6AC7BD9D7C880D2B2B775CF333A2625EE4BD42469D2F28D7C
                      Malicious:false
                      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"26f7c76ed2d24aab14db42b68e57b18c","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1711721420000},{"id":"Edit_InApp_Aug2020","info":{"dg":"910da7744d9ccf36acac8b8df41df186","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1711721419000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"6d7bd1b6087775c1a3f8afdb35afac23","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1711721419000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"c184503cfc37f26f1df7f491f021ea4d","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1711721419000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"acab0423fdd0d9cf0e2b8f13a9761af2","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1711721419000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"e9560b4fc5144ca53ba0fe5100c4634d","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1711721419000},{

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                      Category:dropped
                      Size (bytes):12288
                      Entropy (8bit):1.1887169922323002
                      Encrypted:false
                      SSDEEP:48:TGufl2GL7msEHUUUUUUUU1gSvR9H9vxFGiDIAEkGVvp5+:lNVmswUUUUUUUU2+FGSItw
                      MD5:25508790A93C727484E08B32474916E3
                      SHA1:C8DE061BFC497E2F154A94B14CE8B85E6736A26A
                      SHA-256:B634B2EA27211BD2F894F2CC5363EA98CA17983D027ABD66D8F250945CBFB14E
                      SHA-512:C0B6BCE92C126653690495241A87E1EBFF1C824F8325EA843D28D24F36D213868D411FB7B69F9F235721A54E843CCA78261B637D4278392CA732A7954FA63C2B
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):1.6069755475838965
                      Encrypted:false
                      SSDEEP:48:7MgKUUUUUUUUUU1SvR9H9vxFGiDIAEkGVvwqFl2GL7msJ:7gUUUUUUUUUUEFGSItaKVmsJ
                      MD5:BF596FBD94A58D5A8C752FAD11605C13
                      SHA1:43963CFC46A06C6BD174244BBC4629393CA95348
                      SHA-256:40E35D66F54E4196F62816B03A22DAC55C8D47D6C905112D5AE1BA8CA9E296E9
                      SHA-512:8EE3BFF6F4BB39AEE98B91236C806B6679FED970F60C796579CFDAE204E3ECFE8E62B7B3504F1825BE53AF6CE0DC848335A443A9EB157D211FF49757AECBBFD9
                      Malicious:false
                      Preview:.... .c.....L.-.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):66726
                      Entropy (8bit):5.392739213842091
                      Encrypted:false
                      SSDEEP:768:RNOpblrU6TBH44ADKZEgIH7v2mP4x4QZbr2+bYULQSY+Yyu:6a6TZ44ADEIHL2K4xh2IvJK
                      MD5:314B26049494B9487DB7C07D80ADC7E3
                      SHA1:F2A60188183413D98A1444B310BC3931E662EFCF
                      SHA-256:03806A258FA0222248800423856B82F3A8CFEBCB6EEF3FE43EBB3718DBA5589C
                      SHA-512:C012A8774591228786E87A6935C4C0ED5BBFB1FDEAD36D4EF8ECEE7BF82D318EC4F88329E33C7B4D1318E99A001F81438147974784A909AAE454770B3371EEB5
                      Malicious:false
                      Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                      C:\Users\user\AppData\Local\Temp\MSI8730e.LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):246
                      Entropy (8bit):3.524398495091119
                      Encrypted:false
                      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8xUFRnBCH:Qw946cPbiOxDlbYnuRKvi
                      MD5:6D60977DE78F26687DEF7B9307A3C040
                      SHA1:C7D79AB3758691BA90EB0E1EDF6FDEED0495F5BC
                      SHA-256:FBF2D48ACD510332B711E52E01EF9B9C000A8B2DC70425C0C6E5EA3D75520B3E
                      SHA-512:350BB95CEEC4E0629F8B9EF7A762D8B43A22BD4B451B8A1F28915A1314B77BC93B337D2A4EEC2E90474FB74DBD2A154AD2B356F035EB7F391A0AC0F72BD4E7A8
                      Malicious:false
                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.9./.0.3./.2.0.2.4. . .1.5.:.1.0.:.2.3. .=.=.=.....

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-29 15-10-18-089.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393)
                      Category:dropped
                      Size (bytes):16525
                      Entropy (8bit):5.345946398610936
                      Encrypted:false
                      SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                      MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                      SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                      SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                      SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                      Malicious:false
                      Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393), with CRLF line terminators
                      Category:dropped
                      Size (bytes):15097
                      Entropy (8bit):5.344828542287071
                      Encrypted:false
                      SSDEEP:384:iHE8g8L8QxQxXx0xLx+xt0x+x+xlxBx7xYt5tbY5YbzgzIzlzo2cXlVl9ljln5uN:3+jk
                      MD5:FA35B4E27BFA2E3A3AC3B35C8F158389
                      SHA1:C89395D75C555EFAF6C8E82853BF2918F4F975C8
                      SHA-256:7CA2A8866A366420D3977D418AC578357027AB50150ED680E40DB65CD8461B2F
                      SHA-512:F4AEF551C97EAC6E81A56A1EE202A8EF68293FBCBD186CC79C71B47F13AD9F200B9175D948D63D9A63533A173C35F8E20E234B597A253DAC969A42AE61A52DAF
                      Malicious:false
                      Preview:SessionID=04c8ad07-9786-41e4-bccb-d3bcb7b189a4.1711721418105 Timestamp=2024-03-29T15:10:18:105+0100 ThreadID=5840 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=04c8ad07-9786-41e4-bccb-d3bcb7b189a4.1711721418105 Timestamp=2024-03-29T15:10:18:106+0100 ThreadID=5840 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=04c8ad07-9786-41e4-bccb-d3bcb7b189a4.1711721418105 Timestamp=2024-03-29T15:10:18:106+0100 ThreadID=5840 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=04c8ad07-9786-41e4-bccb-d3bcb7b189a4.1711721418105 Timestamp=2024-03-29T15:10:18:106+0100 ThreadID=5840 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=04c8ad07-9786-41e4-bccb-d3bcb7b189a4.1711721418105 Timestamp=2024-03-29T15:10:18:107+0100 ThreadID=5840 Component=ngl-lib_NglAppLib Description="SetConf

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):29752
                      Entropy (8bit):5.390256129328561
                      Encrypted:false
                      SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rc:Ah
                      MD5:3F7490AF3115DEDC8E21231ED3F9DB06
                      SHA1:40983CD2B9AE4381F1CBA717224566849D2585D1
                      SHA-256:F8FBA658C0B7EE2299E8CA74CE2BBFD3CD66ABBFAB06006A38E3198B3432FC3F
                      SHA-512:1623B63EF9FFEA068C41272EAC29CAFA49C96DD7B42735A366539D48C6F4C94BF2217157C7E0D1D1EF51AB476ACA14A69103DED37351022CB0DBA69F33324623
                      Malicious:false
                      Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                      C:\Users\user\AppData\Local\Temp\acrocef_low\2301d7c1-163e-433d-8cde-8fde8b18d86b.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                      Category:dropped
                      Size (bytes):1419751
                      Entropy (8bit):7.976496077007677
                      Encrypted:false
                      SSDEEP:24576:/xA7owWLkwYIGNPZGZTodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLkwZGzGZ83mlind9i4ufFXpAXkru
                      MD5:AB9AB7524370F33FCB9DC48C196C6192
                      SHA1:C0EB3BBE2884C9D081F2D09310D71F381818DDFD
                      SHA-256:BBE7F54A87E89788FA9E2DEB351A34B8DD5D2F4789EF86D13FE5B0C7450F8213
                      SHA-512:6532803EF05D96E197EEFC9AC1DCCC6C37B568F679379289220F84300C429410BE03C4E6A225589C774522097F61FDEBE8F5336B4165CD7CF9472DBD484FA3A3
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      C:\Users\user\AppData\Local\Temp\acrocef_low\4c795b8b-b442-4630-9c1d-15197c901a3c.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                      Category:dropped
                      Size (bytes):1407294
                      Entropy (8bit):7.97605879016224
                      Encrypted:false
                      SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                      MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                      SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                      SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                      SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      C:\Users\user\AppData\Local\Temp\acrocef_low\b804ef94-fbb9-47b1-8df7-c06d34b2c58d.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                      Category:dropped
                      Size (bytes):758601
                      Entropy (8bit):7.98639316555857
                      Encrypted:false
                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                      MD5:3A49135134665364308390AC398006F1
                      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                      Malicious:false
                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                      C:\Users\user\AppData\Local\Temp\acrocef_low\ccb10978-1422-443e-a6bc-f07c5729b05d.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                      Category:dropped
                      Size (bytes):386528
                      Entropy (8bit):7.9736851559892425
                      Encrypted:false
                      SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                      MD5:5C48B0AD2FEF800949466AE872E1F1E2
                      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                      Malicious:false
                      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                      C:\Users\user\AppData\Local\Temp\acrocef_low\e76f4d58-2f9b-46d0-89c4-a4a344533e9a.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 894778
                      Category:dropped
                      Size (bytes):669332
                      Entropy (8bit):7.976659911351141
                      Encrypted:false
                      SSDEEP:12288:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1mabFhOXZ/fEa+DNh3P6Q21IvHx75/eOMn:6JJJJm942egf6MNB1Dofjc3PJ21k7Rev
                      MD5:C4B24E98358EC87C7F853C86A641C2DD
                      SHA1:037F2682BE3AADCBB7149AC18ED434FE005FB132
                      SHA-256:88C547944F788B7B436D7AAE8530462183F5D714A5AAFCA3FF743E66D420E0AC
                      SHA-512:E91D631E4F145E4D9DB6AC5A2ABE3CCA4C096B97A1B092239FB3A694FEB6FE44382670F25B7602FBCBE6BDE5B03FEE5579E14A688CB6FECACE2358753BF38EC5
                      Malicious:false
                      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                      Static File Info

                      General

                      File type:PDF document, version 1.4, 0 pages
                      Entropy (8bit):5.044809903295322
                      TrID:
                      • Adobe Portable Document Format (5005/1) 100.00%
                      File name:287f30b29d08d.pdf
                      File size:34'155 bytes
                      MD5:c5e953f8ec611737a59e1f0cc8254383
                      SHA1:ca81719de5a329343b7b72042ff7e909f8568499
                      SHA256:342365d304a3c45d517c13f2dd1a6a53da1aee851f250637a1c4efedf6e61ea5
                      SHA512:acb2321e273de796dea791134175d467f9fff05cf92ef36dad65c737566092e47cef32d34d0f48eadb71e2be30a78b004e6d86ee3d55cf2dba668797f9f55517
                      SSDEEP:768:HCh4IvbkbudWdF7JcfIBonPvssPYWg1yG:fibNwzjoP0QqyG
                      TLSH:81E29E3092171E0EE8E74B597C7134098CBEF46281E4619278628EB6A48EF945F377F7
                      File Content Preview:%PDF-1.4.1 0 obj.<<./Title (??)./Creator (??.w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (??.Q.t. .4...8...7)./CreationDate (D:20240327171442+01'00').>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>>.endo

                      File Icon

                      Icon Hash:62cc8caeb29e8ae0

                      Static PDF Info

                      General

                      Header:%PDF-1.4
                      Total Entropy:5.044810
                      Total Bytes:34155
                      Stream Entropy:4.760253
                      Stream Bytes:29940
                      Entropy outside Streams:5.135514
                      Bytes outside Streams:4215
                      Number of EOF found:1
                      Bytes after EOF:

                      Keywords Statistics

                      NameCount
                      obj31
                      endobj31
                      stream7
                      endstream7
                      xref1
                      trailer1
                      startxref1
                      /Page1
                      /Encrypt0
                      /ObjStm0
                      /URI0
                      /JS0
                      /JavaScript0
                      /AA0
                      /OpenAction0
                      /AcroForm0
                      /JBIG2Decode0
                      /RichMedia0
                      /Launch0
                      /EmbeddedFile0

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Mar 29, 2024 15:10:28.972302914 CET49740443192.168.2.423.48.8.182
                      Mar 29, 2024 15:10:28.972336054 CET4434974023.48.8.182192.168.2.4
                      Mar 29, 2024 15:10:28.972418070 CET49740443192.168.2.423.48.8.182
                      Mar 29, 2024 15:10:28.972596884 CET49740443192.168.2.423.48.8.182
                      Mar 29, 2024 15:10:28.972609997 CET4434974023.48.8.182192.168.2.4
                      Mar 29, 2024 15:10:29.267375946 CET4434974023.48.8.182192.168.2.4
                      Mar 29, 2024 15:10:29.267911911 CET49740443192.168.2.423.48.8.182
                      Mar 29, 2024 15:10:29.267924070 CET4434974023.48.8.182192.168.2.4
                      Mar 29, 2024 15:10:29.268820047 CET4434974023.48.8.182192.168.2.4
                      Mar 29, 2024 15:10:29.268914938 CET49740443192.168.2.423.48.8.182
                      Mar 29, 2024 15:10:29.270766020 CET49740443192.168.2.423.48.8.182
                      Mar 29, 2024 15:10:29.270828009 CET4434974023.48.8.182192.168.2.4
                      Mar 29, 2024 15:10:29.271063089 CET49740443192.168.2.423.48.8.182
                      Mar 29, 2024 15:10:29.271070004 CET4434974023.48.8.182192.168.2.4
                      Mar 29, 2024 15:10:29.313333035 CET49740443192.168.2.423.48.8.182
                      Mar 29, 2024 15:10:29.367908001 CET4434974023.48.8.182192.168.2.4
                      Mar 29, 2024 15:10:29.367957115 CET4434974023.48.8.182192.168.2.4
                      Mar 29, 2024 15:10:29.368009090 CET49740443192.168.2.423.48.8.182
                      Mar 29, 2024 15:10:29.368359089 CET49740443192.168.2.423.48.8.182
                      Mar 29, 2024 15:10:29.368367910 CET4434974023.48.8.182192.168.2.4

                      HTTP Request Dependency Graph

                      • armmf.adobe.com

                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.44974023.48.8.1824437796C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      TimestampBytes transferredDirectionData
                      2024-03-29 14:10:29 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                      Host: armmf.adobe.com
                      Connection: keep-alive
                      Accept-Language: en-US,en;q=0.9
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                      Sec-Fetch-Site: same-origin
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      Accept-Encoding: gzip, deflate, br
                      If-None-Match: "78-5faa31cce96da"
                      If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                      2024-03-29 14:10:29 UTC198INHTTP/1.1 304 Not Modified
                      Content-Type: text/plain; charset=UTF-8
                      Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                      ETag: "78-5faa31cce96da"
                      Date: Fri, 29 Mar 2024 14:10:29 GMT
                      Connection: close


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:15:10:14
                      Start date:29/03/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\287f30b29d08d.pdf"
                      Imagebase:0x7ff6bc1b0000
                      File size:5'641'176 bytes
                      MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:false

                      General

                      Target ID:1
                      Start time:15:10:15
                      Start date:29/03/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                      Imagebase:0x7ff74bb60000
                      File size:3'581'912 bytes
                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:false

                      General

                      Target ID:3
                      Start time:15:10:15
                      Start date:29/03/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2072 --field-trial-handle=1560,i,8317152618337752444,12301217609217587103,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                      Imagebase:0x7ff74bb60000
                      File size:3'581'912 bytes
                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:false

                      Disassembly

                      No disassembly