Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
I&A_mileageForm.pdf

Overview

General Information

Sample name:I&A_mileageForm.pdf
Analysis ID:1429077
MD5:b568796cfd232fbac356dee878e8bfe5
SHA1:4c4faf0406d299c7763f7e2c166a180f88fdb35b
SHA256:625134da02fcda22e28fb938495e38717ddcf61df6df1f90cee39d712e3c0c9d
Infos:

Detection

Score:3
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Contains long sleeps (>= 3 min)
IP address seen in connection with other malware
PDF has an OpenAction (likely to launch a dropper script)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Analysis Advice

No malicious behavior found, analyze the document also on other version of Office / Acrobat
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 4828 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\I&A_mileageForm.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AdobeCollabSync.exe (PID: 6352 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 7192 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6352 MD5: 8A41FC5F946230805512B943C45AC9D8)
        • FullTrustNotifier.exe (PID: 8120 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri MD5: 92366A2F482926C3D0DD02D6F952F742)
    • AdobeCollabSync.exe (PID: 7316 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 7356 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7316 MD5: 8A41FC5F946230805512B943C45AC9D8)
    • AdobeCollabSync.exe (PID: 7416 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 7464 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7416 MD5: 8A41FC5F946230805512B943C45AC9D8)
    • AdobeCollabSync.exe (PID: 7524 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 7564 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7524 MD5: 8A41FC5F946230805512B943C45AC9D8)
    • AdobeCollabSync.exe (PID: 7628 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 7668 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7628 MD5: 8A41FC5F946230805512B943C45AC9D8)
    • AdobeCollabSync.exe (PID: 7728 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 7768 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7728 MD5: 8A41FC5F946230805512B943C45AC9D8)
    • AcroCEF.exe (PID: 7840 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 8044 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1540,i,13543496977365774410,5141392604321544278,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.54.200.159:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.54.200.159:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.54.200.159:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.54.200.159:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.54.200.159:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.54.200.159:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.54.200.159:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.54.200.159:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.54.200.159:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.54.200.159:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.54.200.159:443
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49737
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49737
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49737
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49737
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49737
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49737
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49737
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49737
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49737
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49737
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49737
Source: global trafficTCP traffic: 192.168.2.4:49737 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49738
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49738
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49738
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49738
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49738
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49738
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49738
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49738
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49738
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49738
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49738
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49738
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 192.168.2.4:49738 -> 52.5.13.197:443
Source: global trafficTCP traffic: 52.5.13.197:443 -> 192.168.2.4:49738
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.54.200.159:443
Source: global trafficTCP traffic: 23.54.200.159:443 -> 192.168.2.4:49745
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.54.200.159:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.54.200.159:443
Source: global trafficTCP traffic: 23.54.200.159:443 -> 192.168.2.4:49745
Source: global trafficTCP traffic: 23.54.200.159:443 -> 192.168.2.4:49745
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.54.200.159:443
Source: global trafficTCP traffic: 23.54.200.159:443 -> 192.168.2.4:49745
Source: global trafficTCP traffic: 23.54.200.159:443 -> 192.168.2.4:49745
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.54.200.159:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.54.200.159:443
Source: global trafficTCP traffic: 23.54.200.159:443 -> 192.168.2.4:49745
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.54.200.159:443
Source: global trafficTCP traffic: 23.54.200.159:443 -> 192.168.2.4:49745
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.54.200.159:443
Source: global trafficTCP traffic: 23.54.200.159:443 -> 192.168.2.4:49745
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.54.200.159:443
Source: global trafficTCP traffic: 23.54.200.159:443 -> 192.168.2.4:49745
Source: global trafficTCP traffic: 23.54.200.159:443 -> 192.168.2.4:49745
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.54.200.159:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.54.200.159:443
Source: global trafficTCP traffic: 23.54.200.159:443 -> 192.168.2.4:49745
Source: Joe Sandbox ViewIP Address: 52.5.13.197 52.5.13.197
Source: Joe Sandbox ViewIP Address: 23.54.200.159 23.54.200.159
Source: global trafficHTTP traffic detected: OPTIONS /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-aliveAccept: */*Access-Control-Request-Method: GETAccess-Control-Request-Headers: x-adobe-uuid,x-adobe-uuid-type,x-api-keyOrigin: https://rna-resource.acrobat.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Mode: corsSec-Fetch-Site: cross-siteSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01x-adobe-uuid: a4ecfc44-3976-4051-8c45-0a7e26b55a37x-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.200.159
Source: unknownTCP traffic detected without corresponding DNS query: 23.54.200.159
Source: global trafficHTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01x-adobe-uuid: a4ecfc44-3976-4051-8c45-0a7e26b55a37x-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: I&A_mileageForm.pdfString found in binary or memory: http://www.aiim.org/pdfua/ns/id/
Source: FullTrustNotifier.exe, 00000010.00000002.1813207671.0000000000E1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
Source: FullTrustNotifier.exe, 00000010.00000002.1813207671.0000000000E1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
Source: FullTrustNotifier.exe, 00000010.00000002.1813207671.0000000000E1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSr
Source: AdobeCollabSync.exe, 00000002.00000002.2971304927.000002C527264000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io
Source: AdobeCollabSync.exe, 00000002.00000002.2972363435.000002C529260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/s
Source: AdobeCollabSync.exe, 00000002.00000002.2971863917.000002C52906F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/bulk_entity_v1.json
Source: AdobeCollabSync.exe, 00000002.00000002.2971863917.000002C52908E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/e
Source: AdobeCollabSync.exe, 00000002.00000002.2971863917.000002C52908E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/entity_v1.json
Source: AdobeCollabSync.exe, 00000002.00000002.2971863917.000002C52908E000.00000004.00000020.00020000.00000000.sdmp, EntitySync-2024-04-20.log.2.drString found in binary or memory: https://comments.adobe.io/sync/
Source: AdobeCollabSync.exe, 00000002.00000002.2971863917.000002C52908E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/&u
Source: AdobeCollabSync.exe, 00000002.00000003.2716714595.000002C52926C000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2286813002.000002C529268000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2350913944.000002C52926D000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2297374515.000002C52926D000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000002.2972363435.000002C52926D000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2676306990.000002C52926C000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2879713769.000002C52926C000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2797758676.000002C52926C000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2318202667.000002C52926C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/-
Source: AdobeCollabSync.exe, 00000002.00000002.2971863917.000002C52908E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/.esuser.
Source: AdobeCollabSync.exe, 00000002.00000003.2716714595.000002C52926C000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2286813002.000002C529268000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2350913944.000002C52926D000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2297374515.000002C52926D000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000002.2972363435.000002C52926D000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2676306990.000002C52926C000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2879713769.000002C52926C000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2797758676.000002C52926C000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2318202667.000002C52926C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/0
Source: AdobeCollabSync.exe, 00000002.00000002.2971863917.000002C52908E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/0t
Source: AdobeCollabSync.exe, 00000002.00000003.2286813002.000002C529268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/3
Source: AdobeCollabSync.exe, 00000002.00000003.2286813002.000002C529268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/5
Source: AdobeCollabSync.exe, 00000002.00000003.2286813002.000002C529268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/8
Source: AdobeCollabSync.exe, 00000002.00000002.2971863917.000002C52908E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/:t
Source: AdobeCollabSync.exe, 00000002.00000002.2971863917.000002C52908E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/Cu
Source: AdobeCollabSync.exe, 00000002.00000003.2286813002.000002C529268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/D
Source: AdobeCollabSync.exe, 00000002.00000002.2972363435.000002C529260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/S
Source: AdobeCollabSync.exe, 00000002.00000003.2716714595.000002C52926C000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2286813002.000002C529268000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2350913944.000002C52926D000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2297374515.000002C52926D000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000002.2972363435.000002C52926D000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2676306990.000002C52926C000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2879713769.000002C52926C000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2797758676.000002C52926C000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2318202667.000002C52926C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/Windows
Source: AdobeCollabSync.exe, 00000002.00000003.2286813002.000002C529268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/e
Source: AdobeCollabSync.exe, 00000002.00000002.2971863917.000002C52908E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/ju
Source: AdobeCollabSync.exe, 00000002.00000003.2286813002.000002C529268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/n
Source: AdobeCollabSync.exe, 00000002.00000002.2971863917.000002C52908E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/pi-clien
Source: AdobeCollabSync.exe, 00000002.00000003.2286813002.000002C529268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/r
Source: AdobeCollabSync.exe, 00000002.00000002.2971304927.000002C527264000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io28)
Source: AdobeCollabSync.exe, 00000001.00000002.2970690946.00000294587BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: AdobeCollabSync.exe, 00000002.00000002.2971863917.000002C52908E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reviews.adobe.io
Source: FullTrustNotifier.exe, 00000010.00000002.1813207671.0000000000E1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/47
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: classification engineClassification label: clean3.winPDF@40/61@0/2
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9h8w0s7_1winam8_140.tmpJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: AdobeCollabSync.exe, 00000002.00000002.2971863917.000002C529039000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS resource_revisions ( revision_id TEXT PRIMARY KEY NOT NULL, rel_to_content_item TEXT NOT NULL, resource_type TEXT NOT NULL, media_type TEXT NOT NULL, locator TEXT NOT NULL, committed INTEGER NOT NULL, hashType TEXT DEFAULT NULL, hash TEXT DEFAULT NULL, storageSize INTEGER DEFAULT 0, width INTEGER DEFAULT 0, height INTEGER DEFAULT 0);
Source: AdobeCollabSync.exe, 00000002.00000002.2971863917.000002C529039000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS resource_revisions ( revision_id TEXT PRIMARY KEY NOT NULL, rel_to_content_item TEXT NOT NULL, resource_type TEXT NOT NULL, media_type TEXT NOT NULL, locator TEXT NOT NULL, committed INTEGER NOT NULL, hashType TEXT DEFAULT NULL, hash TEXT DEFAULT NULL, storageSize INTEGER DEFAULT 0, width INTEGER DEFAULT 0, height INTEGER DEFAULT 0);G
Source: AdobeCollabSync.exe, 00000002.00000002.2971863917.000002C529039000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE resource_revisions ( revision_id TEXT PRIMARY KEY NOT NULL, rel_to_content_item TEXT NOT NULL, resource_type TEXT NOT NULL, media_type TEXT NOT NULL, locator TEXT NOT NULL, committed INTEGER NOT NULL, hashType TEXT DEFAULT NULL, hash TEXT DEFAULT NULL, storageSize INTEGER DEFAULT 0, width INTEGER DEFAULT 0, height INTEGER DEFAULT 0));_
Source: AdobeCollabSync.exe, 00000002.00000002.2971863917.000002C529039000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS sync_tokens ( content_item_id TEXT PRIMARY KEY NOT NULL, token TEXT DEFAULT NULL, last_sync_time TIMESTAMP DEFAULT NULL, device_mapping_id TEXT DEFAULT NULL);
Source: AdobeCollabSync.exe, 00000002.00000002.2971863917.000002C5290AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT pending_request_id, request_type, content_item_id, context, pending_request_created, request_status, message, status_code, device_mapping_id FROM pending_requests;
Source: AdobeCollabSync.exe, 00000002.00000002.2971863917.000002C5290BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS content_item_resources ( content_item_revision_id TEXT NOT NULL, resource_revision_id TEXT NOT NULL, resource_id TEXT DEFAULT NULL, resource_cloud_etag TEXT DEFAULT NULL, resource_cloud_version_id TEXT DEFAULT NULL, resource_local_etag TEXT DEFAULT NULL, resource_local_version_id TEXT DEFAULT NULL, PRIMARY KEY (content_item_revision_id, resource_revision_id));
Source: AdobeCollabSync.exe, 00000002.00000002.2971863917.000002C52908E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: select rid, url, state, lastsynchronized, ttl, skiphours, skipdays, synchpriority, synchretries, flags, contentsize, cursyncetag, cursynclastmodified, cursynccontentsize, cursynctotalsynced, responsecode, hash, guid from resources where synchpriority< 50 and state !=0 and state !=5 and ttl!=2147483647 and flags & ? == 0 order by synchpriority asc limit ?=;~
Source: AdobeCollabSync.exe, 00000002.00000003.2716714595.000002C52926C000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2286813002.000002C529268000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2350913944.000002C52926D000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2297374515.000002C52926D000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000002.2972363435.000002C52926D000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2676306990.000002C52926C000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2879713769.000002C52926C000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2797758676.000002C52926C000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2318202667.000002C52926C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE sync_tokens ( content_item_id TEXT PRIMARY KEY NOT NULL, token TEXT DEFAULT NULL, last_sync_time TIMESTAMP DEFAULT NULL, device_mapping_id TEXT DEFAULT NULL)T NULL, pending_request_created TIMESTAMP DEFAULT (strftime('%Y-%m-%dT%H:%M:%SZ', 'now', 'localtime')) NOT NULL, request_status TEXT DEFAULT "CREATED" NOT NULL, message TEXT DEFAULT NULL, status_code INTEGER DEFAULT -1 NOT NULL, device_mapping_id TEXT DEFAULT NULL, UNIQUE (content_item_id, request_type, request_status))UNIQUE (content_item_id, branch))<;~
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\I&A_mileageForm.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6352
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7316
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7416
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7524
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7628
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7728
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1540,i,13543496977365774410,5141392604321544278,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6352Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUriJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7316Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7416Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7524Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7628Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7728Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1540,i,13543496977365774410,5141392604321544278,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: apphelp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: vccorlib140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: msvcp140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: vcruntime140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: vcruntime140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: msvcp140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: vcruntime140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: appcontracts.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: wintypes.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: cdprt.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: cdp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: windows.storage.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: wldp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: umpdc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: propsys.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: dsreg.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: cryptsp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: I&A_mileageForm.pdfInitial sample: PDF keyword /JS count = 0
Source: I&A_mileageForm.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: A9h8w0s7_1winam8_140.tmp.0.drInitial sample: PDF keyword /JS count = 0
Source: A9h8w0s7_1winam8_140.tmp.0.drInitial sample: PDF keyword /JavaScript count = 0
Source: A913kty8z_1winama_140.tmp.0.drInitial sample: PDF keyword /JS count = 0
Source: A913kty8z_1winama_140.tmp.0.drInitial sample: PDF keyword /JavaScript count = 0
Source: I&A_mileageForm.pdfInitial sample: PDF keyword stream count = 97
Source: I&A_mileageForm.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: I&A_mileageForm.pdfInitial sample: PDF keyword /ObjStm count = 12
Source: I&A_mileageForm.pdfInitial sample: PDF keyword obj count = 101
Source: I&A_mileageForm.pdfInitial sample: PDF keyword /OpenAction
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeThread delayed: delay time: 86400000Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeThread delayed: delay time: 30000Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeThread delayed: delay time: 86400000Jump to behavior
Source: AdobeCollabSync.exe, 00000001.00000002.2970690946.00000294586DC000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.1706311165.0000018B814C9000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000004.00000002.1705333970.000001BDE919A000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000005.00000002.1725526727.00000266248A8000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000006.00000002.1724500565.00000254CE199000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000002.1746043376.000001C70BEFA000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000008.00000002.1744578255.0000022C75698000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000009.00000002.1766045414.000002582199B000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000009.00000003.1765630948.000002582199A000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000A.00000002.1764877053.0000023B81588000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: AdobeCollabSync.exe, 00000002.00000002.2971304927.000002C527208000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000C.00000002.1785175847.000001D0A6028000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll{{
Source: AdobeCollabSync.exe, 0000000B.00000002.1786467257.000001AF4C688000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllgg
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		11
Virtualization/Sandbox Evasion		LSASS Memory11
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager2
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive12
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1429077 Sample: I&A_mileageForm.pdf Startdate: 20/04/2024 Architecture: WINDOWS Score: 3 7 Acrobat.exe 18 82 2->7         started        process3 9 AcroCEF.exe 105 7->9         started        11 AdobeCollabSync.exe 1 13 7->11         started        13 AdobeCollabSync.exe 1 7->13         started        15 4 other processes 7->15 process4 17 AcroCEF.exe 9->17         started        20 AdobeCollabSync.exe 2 24 11->20         started        22 AdobeCollabSync.exe 13->22         started        24 AdobeCollabSync.exe 15->24         started        26 AdobeCollabSync.exe 15->26         started        28 AdobeCollabSync.exe 15->28         started        30 AdobeCollabSync.exe 15->30         started        dnsIp5 34 52.5.13.197, 443, 49737, 49738 AMAZON-AESUS United States 17->34 36 23.54.200.159, 443, 49745 AKAMAI-ASUS United States 17->36 32 FullTrustNotifier.exe 20->32         started        process6

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
I&A_mileageForm.pdf0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://wns.windows.com/47FullTrustNotifier.exe, 00000010.00000002.1813207671.0000000000E1E000.00000004.00000020.00020000.00000000.sdmpfalse
    		high
    http://www.aiim.org/pdfua/ns/id/I&A_mileageForm.pdffalse
      		high
      https://android.notify.windows.com/iOSFullTrustNotifier.exe, 00000010.00000002.1813207671.0000000000E1E000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        https://android.notify.windows.com/iOSrFullTrustNotifier.exe, 00000010.00000002.1813207671.0000000000E1E000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppFullTrustNotifier.exe, 00000010.00000002.1813207671.0000000000E1E000.00000004.00000020.00020000.00000000.sdmpfalse
            		high

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            52.5.13.197
            		unknownUnited States
            		14618AMAZON-AESUSfalse
            23.54.200.159
            		unknownUnited States
            		16625AKAMAI-ASUSfalse

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1429077
            Start date and time:2024-04-20 16:29:32 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 6m 1s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowspdfcookbook.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:23
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:I&A_mileageForm.pdf
            Detection:CLEAN
            Classification:clean3.winPDF@40/61@0/2
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 0
            • Number of non-executed functions: 0
            Cookbook Comments:
            • Found application associated with file extension: .pdf
            • Found PDF document
            • Close Viewer

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 184.25.164.138, 162.159.61.3, 172.64.41.3, 23.201.212.159, 104.84.231.73, 104.84.231.81, 23.34.82.6, 23.34.82.7
            • Excluded domains from analysis (whitelisted): chrome.cloudflare-dns.com, e4578.dscg.akamaiedge.net, fs.microsoft.com, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, acroipm2.adobe.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
            • Not all processes where analyzed, report is missing behavior information
            • Report size exceeded maximum capacity and may have missing behavior information.
            • Report size getting too big, too many NtCreateFile calls found.
            • Report size getting too big, too many NtCreateKey calls found.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.

            Simulations

            Behavior and APIs

            TimeTypeDescription
            16:30:25API Interceptor374930x Sleep call for process: AdobeCollabSync.exe modified

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            52.5.13.197PO_983888123.xlsGet hashmaliciousUnknownBrowse
              https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6InJlc3VsdDMxNzdAZ21haWwuY29tIiwicmVxdWVzdElkIjoiZmE2MjkzNzktOGVlOS00ZDkxLTU2NGYtODZlN2Q1MjBhMTgxIiwibGluayI6Imh0dHBzOi8vYWNyb2JhdC5hZG9iZS5jb20vaWQvdXJuOmFhaWQ6c2M6VkE2QzI6NTIyMzBiMDgtOTVhMi00YWM0LWE1NzUtODJlOGU4OGQ0ZDQxIiwibGFiZWwiOiIxMSIsImxvY2FsZSI6ImVuX1VTIn0.6QK9gd12KmAWhogZmxgLuCkLGY2E_zrbMQmdhhDyRIOYPSXcqy0OWeli3WNWeGYHCbKTmQtprFT1CJf99ywr0gGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                https://hon6yh6idrd.jp.larksuite.com/file/HRUubUMKZoc3TLxj8cbjnZPfpbhGet hashmaliciousUnknownBrowse
                  https://acrobat.adobe.com/id/urn:aaid:sc:US:9e302e2f-d0ed-45a9-8388-cab11cb350efGet hashmaliciousHTMLPhisherBrowse
                    https://acrobat.adobe.com/id/urn:aaid:sc:US:b1c915de-7158-4dd9-aa63-db461c226178Get hashmaliciousHTMLPhisherBrowse
                      BL.xlsGet hashmaliciousUnknownBrowse
                        NorthStar Memorial Funding -Portfolio and Statement`.msgGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                          ENQUIRY_No_67543.xla.xlsxGet hashmaliciousUnknownBrowse
                            https://indd.adobe.com/view/51d58930-d96e-48dc-a566-f8851e59953fGet hashmaliciousHTMLPhisherBrowse
                              https://kc9x74kj8sh.larksuite.com/file/RrqJb5F1ooBLNoxX9qyuac4NsjhGet hashmaliciousUnknownBrowse
                                23.54.200.159https://edbullardcompany-my.sharepoint.com/:f:/g/personal/eric_rosario_bullard_com/EoLKvcaqSE1Go3fA5to5CQABtxAftKTD0ktrakp7rbi4Xg?e=Mvbf0DGet hashmaliciousHTMLPhisherBrowse
                                  vivek_support.imgGet hashmaliciousUnknownBrowse
                                    EES Offer VT.xlsGet hashmaliciousUnknownBrowse
                                      Wezwanie_swiadka.pdf.exeGet hashmaliciousLimeRATBrowse
                                        Purchase Order List 1 & 2.xlsGet hashmaliciousUnknownBrowse
                                          http://jimdo-storage.global.ssl.fastly.net/file/d84078ba-6799-4efe-a9ce-6a49e5d637d8/12423872027.pdfGet hashmaliciousUnknownBrowse
                                            https://app.box.com/s/cf3xjx2mmpt2vnadnh2br5kbeknr6bvwGet hashmaliciousUnknownBrowse
                                              phish_alert_iocp_v1.4.48 (23).emlGet hashmaliciousSTRRATBrowse
                                                https://hon6yh6idrd.jp.larksuite.com/file/HRUubUMKZoc3TLxj8cbjnZPfpbhGet hashmaliciousUnknownBrowse
                                                  CI-20231030-057.xlsGet hashmaliciousUnknownBrowse

                                                    Domains

                                                    No context

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    AMAZON-AESUShttps://track.enterprisetechsol.com/z.z?l=aHR0cHM6Ly9yZXNvdXJjZS5pdGJ1c2luZXNzdG9kYXkuY29tL3doaXRlcGFwZXJzLzQ0ODAzLU1pY3Jvc29mdC1DUEwtUTItUE1HLUFCTS1HZXItMS1sYW5kaW5nLnBocD9lPWJvbnVjY2VsbGkuZGFyaW9AZGVtZS1ncm91cC5jb20=&r=14547470367&d=12037165&p=1&t=h&h=fb97401a549b1167a78f6002a0aef94dGet hashmaliciousUnknownBrowse
                                                    • 44.217.248.49
                                                    jNeaezBuo8.exeGet hashmaliciousGlupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                    • 3.5.28.111
                                                    74fa486WVX.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                    • 18.205.93.0
                                                    qk9TaBBxh8.exeGet hashmaliciousLummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                    • 18.205.93.1
                                                    https://19apmic17.z13.web.core.windows.net/Get hashmaliciousTechSupportScamBrowse
                                                    • 34.204.28.10
                                                    https://bestjavporn58xxcom.z13.web.core.windows.net/index.htmlGet hashmaliciousUnknownBrowse
                                                    • 52.72.129.147
                                                    https://hentaieracomxx.z13.web.core.windows.net/index.htmlGet hashmaliciousUnknownBrowse
                                                    • 54.161.134.69
                                                    https://19apmic11.z13.web.core.windows.net/Get hashmaliciousTechSupportScamBrowse
                                                    • 34.202.38.219
                                                    https://allmylinkswebgt.z13.web.core.windows.net/index.htmlGet hashmaliciousUnknownBrowse
                                                    • 52.72.129.147
                                                    https://runrun.it/share/portal/EfC1XUoTbGbNOUmdGet hashmaliciousHTMLPhisherBrowse
                                                    • 3.226.50.252
                                                    AKAMAI-ASUSqk9TaBBxh8.exeGet hashmaliciousLummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                    • 184.30.122.179
                                                    https://url.us.m.mimecastprotect.com/s/kCCtC5yEz0tWp5ANrfz_KPV?domain=paplastics365-my.sharepoint.comGet hashmaliciousHTMLPhisherBrowse
                                                    • 23.50.120.10
                                                    https://edbullardcompany-my.sharepoint.com/:f:/g/personal/eric_rosario_bullard_com/EoLKvcaqSE1Go3fA5to5CQABtxAftKTD0ktrakp7rbi4Xg?e=Mvbf0DGet hashmaliciousHTMLPhisherBrowse
                                                    • 23.54.200.159
                                                    file.exeGet hashmaliciousVidarBrowse
                                                    • 184.30.122.179
                                                    ppop_verification_request.zipGet hashmaliciousUnknownBrowse
                                                    • 184.31.60.185
                                                    order.exeGet hashmaliciousUnknownBrowse
                                                    • 23.208.128.100
                                                    H6ccnU1094.elfGet hashmaliciousMirai, OkiruBrowse
                                                    • 104.120.66.73
                                                    https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:24e81d17-b801-4fad-ae25-120d655923c5Get hashmaliciousRemcosBrowse
                                                    • 184.31.61.57
                                                    tA6etkt3gb.exeGet hashmaliciousAmadey, PureLog Stealer, RedLine, RisePro Stealer, zgRATBrowse
                                                    • 23.44.104.130
                                                    BzmhHwFpCV.elfGet hashmaliciousMiraiBrowse
                                                    • 172.225.191.4

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):292
                                                    Entropy (8bit):5.230811128335341
                                                    Encrypted:false
                                                    SSDEEP:6:aAuVAQ+q2Pwkn2nKuAl9OmbnIFUt8roXAgZmw+roXAQVkwOwkn2nKuAl9OmbjLJ:aRqVvYfHAahFUt8rTg/+rTI5JfHAaSJ
                                                    MD5:6322022EE3DD97FD8D8ADA9C95A5B50E
                                                    SHA1:6BC822898CA5AF4F435FB14063985A0F77BF2AD8
                                                    SHA-256:4701035F5CA29ABB9F1B281CE580E619B19098E1B028C5C9EDB7030CCAF350B7
                                                    SHA-512:FD6E77CEAECCF66248B4CE2D6EA2328A3BF834858928BCAEF228547465E64C53EE038A4A37BF9BDD5A2EDE5E1408B5B1E59A06C209E81272DBF698696BCC9EEF
                                                    Malicious:false
                                                    Preview:2024/04/20-16:30:37.326 1f48 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/20-16:30:37.350 1f48 Recovering log #3.2024/04/20-16:30:37.350 1f48 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):292
                                                    Entropy (8bit):5.230811128335341
                                                    Encrypted:false
                                                    SSDEEP:6:aAuVAQ+q2Pwkn2nKuAl9OmbnIFUt8roXAgZmw+roXAQVkwOwkn2nKuAl9OmbjLJ:aRqVvYfHAahFUt8rTg/+rTI5JfHAaSJ
                                                    MD5:6322022EE3DD97FD8D8ADA9C95A5B50E
                                                    SHA1:6BC822898CA5AF4F435FB14063985A0F77BF2AD8
                                                    SHA-256:4701035F5CA29ABB9F1B281CE580E619B19098E1B028C5C9EDB7030CCAF350B7
                                                    SHA-512:FD6E77CEAECCF66248B4CE2D6EA2328A3BF834858928BCAEF228547465E64C53EE038A4A37BF9BDD5A2EDE5E1408B5B1E59A06C209E81272DBF698696BCC9EEF
                                                    Malicious:false
                                                    Preview:2024/04/20-16:30:37.326 1f48 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/20-16:30:37.350 1f48 Recovering log #3.2024/04/20-16:30:37.350 1f48 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):336
                                                    Entropy (8bit):5.196517729322329
                                                    Encrypted:false
                                                    SSDEEP:6:amaHMq2Pwkn2nKuAl9Ombzo2jMGIFUt8rq9Zmw+rqPkwOwkn2nKuAl9Ombzo2jM4:amasvYfHAa8uFUt8ra/+rm5JfHAa8RJ
                                                    MD5:30F615F36481456ADD980387D1986D3B
                                                    SHA1:E50D504834EEB059792C652BC447DFB544A70D1E
                                                    SHA-256:CECCF8E0593219187BE3D0BCC02BEEDA9CC2F5E573BFB152094F6DE9C1F78A0E
                                                    SHA-512:69A9B51C05F4826FF10FD173CFF098CDEF7BE10B29203FFF61DA3066E3C758F1CB7B810F537F3817EF9D48E62F7135AA91CE156A56BD33616C83A624C1EB59A3
                                                    Malicious:false
                                                    Preview:2024/04/20-16:30:37.452 1fb4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/20-16:30:37.453 1fb4 Recovering log #3.2024/04/20-16:30:37.453 1fb4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):336
                                                    Entropy (8bit):5.196517729322329
                                                    Encrypted:false
                                                    SSDEEP:6:amaHMq2Pwkn2nKuAl9Ombzo2jMGIFUt8rq9Zmw+rqPkwOwkn2nKuAl9Ombzo2jM4:amasvYfHAa8uFUt8ra/+rm5JfHAa8RJ
                                                    MD5:30F615F36481456ADD980387D1986D3B
                                                    SHA1:E50D504834EEB059792C652BC447DFB544A70D1E
                                                    SHA-256:CECCF8E0593219187BE3D0BCC02BEEDA9CC2F5E573BFB152094F6DE9C1F78A0E
                                                    SHA-512:69A9B51C05F4826FF10FD173CFF098CDEF7BE10B29203FFF61DA3066E3C758F1CB7B810F537F3817EF9D48E62F7135AA91CE156A56BD33616C83A624C1EB59A3
                                                    Malicious:false
                                                    Preview:2024/04/20-16:30:37.452 1fb4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/20-16:30:37.453 1fb4 Recovering log #3.2024/04/20-16:30:37.453 1fb4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9e3c9560-4ba7-477e-8f52-1faf900f2741.tmp

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:JSON data
                                                    Category:modified
                                                    Size (bytes):475
                                                    Entropy (8bit):4.967105522201735
                                                    Encrypted:false
                                                    SSDEEP:12:YH/um3RA8sqZz8sBdOg2HDAcaq3QYiubInP7E4T3y:Y2sRdsUBdMHv3QYhbG7nby
                                                    MD5:CA4A39EDA2CE4C5E54E7C21DFED12474
                                                    SHA1:ADBAC989F03D511E0FF935497BBE0093749D7B97
                                                    SHA-256:ABA5FDC71103F69A78D1738B823208B432206059ABD3F4E9CF34A9E04B3DAF61
                                                    SHA-512:C8ED99D82D54874A5AA716C047725DC7E3904B02F1B1643B267F724BB028CC53E95E618E6A13AF52919E827CAED798DC4B13065C23BEC1E8DBCEBD513ACF851C
                                                    Malicious:false
                                                    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358183449135871","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":105769},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):475
                                                    Entropy (8bit):4.967105522201735
                                                    Encrypted:false
                                                    SSDEEP:12:YH/um3RA8sqZz8sBdOg2HDAcaq3QYiubInP7E4T3y:Y2sRdsUBdMHv3QYhbG7nby
                                                    MD5:CA4A39EDA2CE4C5E54E7C21DFED12474
                                                    SHA1:ADBAC989F03D511E0FF935497BBE0093749D7B97
                                                    SHA-256:ABA5FDC71103F69A78D1738B823208B432206059ABD3F4E9CF34A9E04B3DAF61
                                                    SHA-512:C8ED99D82D54874A5AA716C047725DC7E3904B02F1B1643B267F724BB028CC53E95E618E6A13AF52919E827CAED798DC4B13065C23BEC1E8DBCEBD513ACF851C
                                                    Malicious:false
                                                    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358183449135871","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":105769},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):4730
                                                    Entropy (8bit):5.24964111690034
                                                    Encrypted:false
                                                    SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7HRZmRxZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goq
                                                    MD5:AC47984606CA09E4B1A7DEAABE9828F3
                                                    SHA1:605CD7E6757F31CE17387BA3BA96FD636F5BBB68
                                                    SHA-256:D851DA14C00406EA4118B6285562D4EB4569868CD87FEE90E70BFF55C534B0F0
                                                    SHA-512:F4834B4AC0258D479E25596250F2036D11CB9A9B18D88584B14435F0715F495389280D2F13347A98DE03FE9F86376B1963A0B53B06C04A8EEDC9B83A751D3A94
                                                    Malicious:false
                                                    Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):324
                                                    Entropy (8bit):5.226472275436719
                                                    Encrypted:false
                                                    SSDEEP:6:a/Oq2Pwkn2nKuAl9OmbzNMxIFUt8ruXZmw+reakwOwkn2nKuAl9OmbzNMFLJ:a/OvYfHAa8jFUt8r+/+rT5JfHAa84J
                                                    MD5:41260219F147821A0EB93DA474628FC7
                                                    SHA1:B6C86BC3DD6F4C706B07C9E993EDD7E266C2F095
                                                    SHA-256:F04F16A97A57B5DBFDBB53509E21F0FDF5150EBB8695AAB7EB1D6C2010F03248
                                                    SHA-512:58BD9719C4700FB0DD041938D81548F475AF623D986033E4AB1F0CD5218E8B3D15FF73D275F8DEFCF2AF565C70AFA9B18B4410D1DD8C8F6DBF345311C2C6DE41
                                                    Malicious:false
                                                    Preview:2024/04/20-16:30:37.788 1fb4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/20-16:30:37.790 1fb4 Recovering log #3.2024/04/20-16:30:37.791 1fb4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):324
                                                    Entropy (8bit):5.226472275436719
                                                    Encrypted:false
                                                    SSDEEP:6:a/Oq2Pwkn2nKuAl9OmbzNMxIFUt8ruXZmw+reakwOwkn2nKuAl9OmbzNMFLJ:a/OvYfHAa8jFUt8r+/+rT5JfHAa84J
                                                    MD5:41260219F147821A0EB93DA474628FC7
                                                    SHA1:B6C86BC3DD6F4C706B07C9E993EDD7E266C2F095
                                                    SHA-256:F04F16A97A57B5DBFDBB53509E21F0FDF5150EBB8695AAB7EB1D6C2010F03248
                                                    SHA-512:58BD9719C4700FB0DD041938D81548F475AF623D986033E4AB1F0CD5218E8B3D15FF73D275F8DEFCF2AF565C70AFA9B18B4410D1DD8C8F6DBF345311C2C6DE41
                                                    Malicious:false
                                                    Preview:2024/04/20-16:30:37.788 1fb4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/20-16:30:37.790 1fb4 Recovering log #3.2024/04/20-16:30:37.791 1fb4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, writer version 2, read version 2, file counter 1, database pages 1, cookie 0, schema 0, unknown 0 encoding, version-valid-for 1
                                                    Category:dropped
                                                    Size (bytes):4096
                                                    Entropy (8bit):0.08728080750134917
                                                    Encrypted:false
                                                    SSDEEP:3:lSWFN3sl+ltlFlo1Xll:l9Fys1fo
                                                    MD5:863BB379B267B2404CB64A3BC9B4A650
                                                    SHA1:139EDCE2C64569B81175543D1DE743EF474F4432
                                                    SHA-256:F7C1BC02F430EBD015E45159D9FD9E18643C4CDCCBB7E7733A248C8393CAA88C
                                                    SHA-512:6AFF907DDAFC78AF2186F58D7102A88527BCE5473D72C03607EFC49C56ABAA157191D391A1ED9350CC058E9BB37040C29DBA9E3A668F640DE0100A639F1D2F51
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-journal

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    File Type:SQLite Rollback Journal
                                                    Category:dropped
                                                    Size (bytes):512
                                                    Entropy (8bit):0.28499812076190567
                                                    Encrypted:false
                                                    SSDEEP:3:7FEG2l/1LlFll:7+/l/1
                                                    MD5:313473EDEC38417C49B6E71B30D03631
                                                    SHA1:20CDE9646CA2F51FE5A7BBDF5A7D442DC7A04F8D
                                                    SHA-256:BFB7A77DE9A83E5615B40DCC3648827F019641A0C05677B1698CD3AA16A485FC
                                                    SHA-512:775F5098F63AB8DFE53E048306D70CB3C3BCD8D57B65AD10A8F34F0C9CF73A24F3F02DFB7C83E841CF1DB9ED592757BD10153332A1B2FDFC85F90390DB1EFD23
                                                    Malicious:false
                                                    Preview:.... .c.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-shm

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):32768
                                                    Entropy (8bit):0.06141870391140545
                                                    Encrypted:false
                                                    SSDEEP:6:GzColzaeL9X8vl/UFl/Ojl/gZl/KgufS8f8/8il:J4WOCcl/8cl/xufd8T
                                                    MD5:54954F3FF758D7E09E2CEA17214207B7
                                                    SHA1:3D61AFBD96C6634A0C30E48804B69118E0BE0406
                                                    SHA-256:D662D9D7F738BEED162FF8510D919B9DE85808660A2CCDD9AFB21AC8FA0CD5ED
                                                    SHA-512:0ADCCB2F439E58B6B5665A0FD4BC3B51B7D8A96E647633A61D84027CB8B34CD5DE6EAFC18EE79CB9B345E67915346893EF3342D03A5DFACD9747ADAAC8D57864
                                                    Malicious:false
                                                    Preview:..-.....................G..............V...x....-.....................G..............V...x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-wal

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    File Type:SQLite Write-Ahead Log, version 3007000
                                                    Category:dropped
                                                    Size (bytes):119512
                                                    Entropy (8bit):0.9653256783219051
                                                    Encrypted:false
                                                    SSDEEP:192:ZS4TaQ3SiQjmnG4N7aQ3SiBo4mH4q4WiIaQ3N:g4BAjh4NZxPU4KN
                                                    MD5:81DFE50F65AC4EEAEA6DDC594015248D
                                                    SHA1:BE4A96780CA2BC021ED56FBCEFD41573F60E2E4C
                                                    SHA-256:FD4CAAC0D32ED94BD042131141FCD0526DEF11DC4BC2AAC342BA6FDA3BC1B8E6
                                                    SHA-512:3944AE6E984384888C16D3F406D1D40F0EAD91AACAA37906C1B394C987D7350FFF5DF2C75815F30EB2B62D3B37ECC9B14633FF9FF6D0128B5F0B0BBEDC0147B5
                                                    Malicious:false
                                                    Preview:7....-.................V......ih...............Vp..HP]..SQLite format 3......@ ..........................................................................c....................A...}...~...............D....................................................?...S-..indexsqlite_autoindex_pending_requests_1pending_requests..<...++../tabledevice_mappingsdevice_mappings.CREATE TABLE device_mappings ( .device_mapping_id TEXT PRIMARY KEY NOT NULL, .content_item_id TEXT NOT NULL, .content_item_type TEXT NOT NULL, .include_rel_types TEXT DEFAULT NULL, .include_depth INTEGER DEFAULT 0 NOT NULL, .branch TEXT DEFAULT NULL, .device_mapping_created TIMESTAMP DEFAULT (strftime('%s', 'now')) NOT NULL, .collection_id TEXT DEFAULT NULL, .TTL INTEGER DEFAULT 0 NOT NULL, .Priority INTEGER DEFAULT 0 NOT NULL, .app_info TEXT NOT NULL, .unPinned INTEGER DEFAULT 0 NOT NULL, .UNIQUE (content_item_id, branch))=...Q+..indexsqlite_autoindex_device_mappings_2device_mappings.=...Q+..indexsqlite_autoindex_device_mappings

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-04-20.log

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):1115
                                                    Entropy (8bit):5.202321687320472
                                                    Encrypted:false
                                                    SSDEEP:24:D07A18lP2H27A1gGMeAgGMeAgGI30rcMHX04MHXEKI4MHXM:DNOlapMeqMeqRIwJw1wM
                                                    MD5:38AE504E59136955422A804D0973A64F
                                                    SHA1:4EAC82C57F60EC92C0F32F605F8FC3C1DC0104FB
                                                    SHA-256:8E135A7ED45648D41ED7D471A61164E600F1070E3B5FE32EECFBD6531891598E
                                                    SHA-512:542970E1D3F380B3CC179A36140E1D24B6D06DC4B02572C6160B2C9C2B268B34487399CE6113D40211683242E3653BCD9B4503FBF35EFA0E940662E7E01F6D10
                                                    Malicious:false
                                                    Preview:20240420-163107.342: t=1fd4: Info: app: Begin Starting up (AppController.cpp.musync::AppControllerImpl::startHandler.305)..20240420-163107.357: t=1c1c: Info: AppShell: End start (AppShell.cpp.musync::AppShell::startup.173)..20240420-163107.357: t=1fd4: Info: app: End Starting up (AppController.cpp.musync::AppControllerImpl::startHandler.305)..20240420-163107.357: t=1c1c: Info: Cosylib: getContext. baseUrl: https://comments.adobe.io/sync/ (CosyLibImpl.h.cosylib::CosyLibImpl::getContext.181)..20240420-163107.357: t=1c1c: Info: Cosylib: getContext. baseUrl: https://comments.adobe.io/sync/ (CosyLibImpl.h.cosylib::CosyLibImpl::getContext.181)..20240420-163107.357: t=1c1c: Info: Cosylib: getEntityClient (CosyLibImpl.h.cosylib::CosyLibImpl::getEntityClient.166)..20240420-163107.357: t=1c1c: Info: ES::cosylib: EntityClientImpl::getRegisteredLoginInfo : (EntityClientImpl.cpp.cosylib::EntityClientImpl::getRegisteredLoginInfo.944)..20240420-163107.357: t=1c1c: Info: ES::cosylib: RequestHandle :

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-04-21.log

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):742
                                                    Entropy (8bit):5.04217774860295
                                                    Encrypted:false
                                                    SSDEEP:12:jcL1u+LEmkIC2YU1cy9z1u+LEJC2YZEcUA/kxCIC2A/kVsWEcPb4yDC2A/ke:sE+omkPc59zE+oYRhlFOEF5
                                                    MD5:31988E8AB69D330DCC4333F26EA98880
                                                    SHA1:66AC8553B991B5CDCCF6A1A76D5A61F129BDCAE3
                                                    SHA-256:7AF776BF54FF3ADDBB9F4D1B0A9F7976CE9AD031EB00EEF181A0DDFB5B08DAFE
                                                    SHA-512:655A4885A9FC9602E0C57B5A8614036CB764A355E7A36BE97412B425DBCEE36FFCC09A8079A5D4445C5C70AEF111BE0FA53E8636F79EA0B4198464627AE5599F
                                                    Malicious:false
                                                    Preview:20240421-163107.376: t=1fc0: Info: ES::cosylib: messageType :entitysync.out.response.get.register.login.info responseJSON : (EntityClientImpl.cpp.cosylib::EntityClientImpl::processEntitySyncResponse.1492)..20240421-163107.460: t=1fc0: Info: ES::cosylib: Dispatch callback for : entitysync.out.response.get.register.login.info (EntityClientImpl.cpp.cosylib::EntityClientImpl::processEntitySyncResponse.1580)..20240421-163107.460: t=1c1c: Info: ES::cosylib: EntityClientImpl::registerLoginInfo : (EntityClientImpl.cpp.cosylib::EntityClientImpl::registerLoginInfo.866)..20240421-163107.476: t=1c1c: Info: ES::cosylib: RequestHandle : 83d744c2-c653-4f28-bed4-f066fd369355 (EntityClientImpl.cpp.cosylib::EntityClientImpl::registerLoginInfo.902)..

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-04-22.log

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):563
                                                    Entropy (8bit):5.001937574969025
                                                    Encrypted:false
                                                    SSDEEP:12:AjASVv9cjI/kkwpcL1dLEmkIC2YUAwpcy9z1dLEJC2YA:AAmv953omkPc99z3oYo
                                                    MD5:36CFE0A6C62C535A7D9DF41E208C2594
                                                    SHA1:82715265AB3EFB22FD10FD93AED7E1B998D3F2FF
                                                    SHA-256:4200278C93E29ED6261C09FA9182E7B9D0D261711137E568ED37E415EF42FE00
                                                    SHA-512:07AF98CEB77DA3890FCACA600C1E1B430947A4766D756C4A193BA944D018C11A24AF18CF99EF30B4913B9FEE22644923358DFB3EB2BAD72F927C77FA670A59E5
                                                    Malicious:false
                                                    Preview:20240422-163107.407: t=1fc0: Info: ES::esprovider: DB initialized (EntityStoreController.cpp.esprovider::EntityStoreControllerImpl::registerLoginInfoHandler.969)..20240422-163107.454: t=1fc0: Info: ES::cosylib: messageType :entitysync.out.response.register.login.info responseJSON : (EntityClientImpl.cpp.cosylib::EntityClientImpl::processEntitySyncResponse.1492)..20240422-163107.454: t=1fc0: Info: ES::cosylib: Dispatch callback for : entitysync.out.response.register.login.info (EntityClientImpl.cpp.cosylib::EntityClientImpl::processEntitySyncResponse.1580)..

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 8, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                    Category:dropped
                                                    Size (bytes):32768
                                                    Entropy (8bit):0.36835287347338636
                                                    Encrypted:false
                                                    SSDEEP:24:TLi7egbVH5hCAZIlE/F7iMXBxIV24bMo1Jllew:To1ZhCW0QfxHQd1
                                                    MD5:F391306DD8BAA3198B26D3C80A906E19
                                                    SHA1:6CD1B24D186F1CC68BF9097177DA5676C4A56422
                                                    SHA-256:62604481C477AF3F8813122011B9CEC6DDEE9A3992F3FAFE236E3E92FC62E680
                                                    SHA-512:5AD524078462D761F0F01933EBFC3714B44C93296BD4EDAB34B59CB833D1D9334CE830E196D2BD2BDA82837914E91B2B53E848EDC9BD04B7EDCC31D7DFD9DD53
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ ..........................................................................c.......2........h...2................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230-journal

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    File Type:SQLite Rollback Journal
                                                    Category:dropped
                                                    Size (bytes):512
                                                    Entropy (8bit):0.28499812076190567
                                                    Encrypted:false
                                                    SSDEEP:3:7FEG2l/TOcX//lFll:7+/l/TOc
                                                    MD5:A878E63ED339D5DD4610F63621E6B34C
                                                    SHA1:8227BA90A3065E144637E3B03C4F44BC629D5991
                                                    SHA-256:B369BBA287E99CA6C5513971C5CE7EE46FA8EABBC2D39C557A4FC73EF29B5BBC
                                                    SHA-512:FAFA335283E09278684834965F65C0B0F2F6E9A6B92690EEA981800E0A27A7754CCC21D48B20D7F489AF1549B9BCA7846DD174855F2B1C6964A8978BEFDBB425
                                                    Malicious:false
                                                    Preview:.... .c........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240420143044Z-639.bmp

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                                                    Category:dropped
                                                    Size (bytes):71190
                                                    Entropy (8bit):1.9350071099246895
                                                    Encrypted:false
                                                    SSDEEP:96:ZnTMMMMMMMMMMnMMMMMMMMMMMMMMMXMMMMMMMMMM077/sFWJo2VfbUQJqpm96A97:uPqTUQcqWxsImHNTiJN8AEx
                                                    MD5:9228E81137A0DD888F2A51969C52D9A8
                                                    SHA1:1681E02D03A65137F6E817F073E179D6B05E2CC0
                                                    SHA-256:7B45B3153A7C5C6847613EBA60546D5D8AD381DC77C13B454CE91FE2B93916EB
                                                    SHA-512:D13557B3CDBC4B70F29779813EDE43FD2A8F4BE0B1F8A3B82B87DB5C0DB86D435A9D08B593C27416783896C973DBD9F414E291609AD4CCC7FFE762573A56BEED
                                                    Malicious:false
                                                    Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                                                    Category:dropped
                                                    Size (bytes):86016
                                                    Entropy (8bit):4.445119419535096
                                                    Encrypted:false
                                                    SSDEEP:384:yezci5teiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rxs3OazzU89UTTgUL
                                                    MD5:1BE35575AAC8E9DF164F3899FEA1BF21
                                                    SHA1:D995D3F24D30316D3A7B04AE6429EED4F9FFC09D
                                                    SHA-256:840905BE0DB7CAD6115C87D2B69C050C167D4484064874320B657621110235F3
                                                    SHA-512:ABE16EA51533550B1A8C149EC6471C9E404B0AD21B34F086E6F88BF54EE8A6C0BAE698083B5FBBC1618BCF54F91ABFC16D908FDB834E6CF2750A3B8C2A582BF2
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:SQLite Rollback Journal
                                                    Category:dropped
                                                    Size (bytes):8720
                                                    Entropy (8bit):3.7749378519426258
                                                    Encrypted:false
                                                    SSDEEP:48:7Ms9p/E2ioyVNioy9oWoy1Cwoy1pKOioy1noy1AYoy1Wioy1hioybioyhoy1noyr:7ppjuNFQXKQ8Wb9IVXEBodRBkm
                                                    MD5:0745D7F3A07F15E1734F1BA1CF997862
                                                    SHA1:8B6ABBCA39625876553E399C309AB58B15EB0607
                                                    SHA-256:CE438F56476BB24664D3FA07F36DE5074C61DE79C1F9E9A82F125630CD21B153
                                                    SHA-512:6D8F1A159722C33827939A5D6DBC1A63D5ECFC4EF59E59CD481812C692B1F588F12C3F7F56493FD96B099B0F0133AF3E74FDCD80925F626CAA5FC13D73E9D410
                                                    Malicious:false
                                                    Preview:.... .c.....+.G................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 23, cookie 0x11, schema 4, UTF-8, version-valid-for 1
                                                    Category:dropped
                                                    Size (bytes):94208
                                                    Entropy (8bit):0.9951370817377893
                                                    Encrypted:false
                                                    SSDEEP:192:hxoGsTzoU2uCTaUxmaAxNoGsTzoU2uCTaUxoALZWLGjZ5Pj5vHAxNoGsT:hZgCeNgCaN
                                                    MD5:DCD066A1C8CA38D94ACA4E5DF6CA20BF
                                                    SHA1:0C670E7CB31FE1CFD952082C3629AD8861BFD799
                                                    SHA-256:E484D26709945669E18A3D0A7F95E3EA943D4170736EDD8FEDFE3F69A7B8D25E
                                                    SHA-512:C07D385DB9B836F106E1951FDCD911D7FFF44AAE6EE7406CA665B211236E8ABE3395789E10200644343779983E9AD7B5E484B3B1567CA6EAB890A88E4FF9500B
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ ..........................................................................c......................7...4.....d...k.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Z...-%.qindexdependencies_diddependencies.CREATE INDEX dependencies_did o

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer-journal

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    File Type:SQLite Rollback Journal
                                                    Category:dropped
                                                    Size (bytes):512
                                                    Entropy (8bit):0.28109187076190567
                                                    Encrypted:false
                                                    SSDEEP:3:7FEG2l/gtl//lFll:7+/l/
                                                    MD5:6445A1EF229AC4EE281D2FEE004B1D54
                                                    SHA1:4F65CFBD5603417D53A3DEFA21396694B177A4E3
                                                    SHA-256:F9BD7DC9A31F6D537077A1E56924E13B95BC14A7591D49B4C99C26A813CCCCB0
                                                    SHA-512:D6D01755029106D8CD72ADED5CD4B3683DCA1B48A04775DC87A73976F1EFD14CE1E08355DDB286B429F2006FBE50ABFBB65EB847020804DDA7A772AED7BA550A
                                                    Malicious:false
                                                    Preview:.... .c.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1440

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:PostScript document text
                                                    Category:dropped
                                                    Size (bytes):185099
                                                    Entropy (8bit):5.182478651346149
                                                    Encrypted:false
                                                    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                    MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                    Malicious:false
                                                    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:PostScript document text
                                                    Category:dropped
                                                    Size (bytes):185099
                                                    Entropy (8bit):5.182478651346149
                                                    Encrypted:false
                                                    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                    MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                    Malicious:false
                                                    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):245874
                                                    Entropy (8bit):3.34657369685054
                                                    Encrypted:false
                                                    SSDEEP:1536:ZKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgAErRo+RQn:YPClJ/3AYvYwgLFo+RQn
                                                    MD5:7938102842DA76FBBAFB494874190C8C
                                                    SHA1:906F05823571478195A00737B82A1281B04DC305
                                                    SHA-256:3C7EF06D6BBCA859833DAFBCECFFE16E53C1FEFD27120F0A65D66D6A94674664
                                                    SHA-512:4FA16D553AD14355F2F06B9C9C4786F3E9F6D94D0D1DA48D97B7ED70FAA777EDD975ECB6434B19516F62F4313BC5BD6FCD07DADC2CAA1D5983BF99BFBB94901A
                                                    Malicious:false
                                                    Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):295
                                                    Entropy (8bit):5.368960857660036
                                                    Encrypted:false
                                                    SSDEEP:6:YEQXJ2HXHOiC5OUG19VoZcg1vRcR0YnoAvJM3g98kUwPeUkwRe9:YvXKXurO5EZc0v7GMbLUkee9
                                                    MD5:CA3A914867C62696146B0887D12A4AB7
                                                    SHA1:58A27983644762139276832F69D40F74ECF79292
                                                    SHA-256:D79DAC3A39C65689C3285EEB12E4617F06F0CFE739DE8E8A0C3A800F84105CE0
                                                    SHA-512:E11550F1C2ABA75CC2C43F5A609730F755EAACA3B73D022CE8546F9AFD776EDF7EED621320672C8EEED1B5EBCD19A91BAD9DAA529327BC4A50760AB40118A22C
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"00f2bb69-eedf-4d97-82b3-7fd7ca1445f4","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713797581414,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):294
                                                    Entropy (8bit):5.316953767604005
                                                    Encrypted:false
                                                    SSDEEP:6:YEQXJ2HXHOiC5OUG19VoZcg1vRcR0YnoAvJfBoTfXpnrPeUkwRe9:YvXKXurO5EZc0v7GWTfXcUkee9
                                                    MD5:D4885F52A772B513E2611C32153A42DE
                                                    SHA1:514A55004C28EDC94A171E5CE30741A0047FD19C
                                                    SHA-256:6DFBC99495597EF506E4D7F7B198E3EDA10D0EAFBAC83B5B33D796A92769B4A2
                                                    SHA-512:BEECE61681D87A0F88BFD00B53FA41EB076C7BEFF134D70380C08438A7A4B716E1B50734225A2C4402BB0C37415C7907C0AD830ED9298F50BF410C45F2623581
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"00f2bb69-eedf-4d97-82b3-7fd7ca1445f4","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713797581414,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):294
                                                    Entropy (8bit):5.295948802999081
                                                    Encrypted:false
                                                    SSDEEP:6:YEQXJ2HXHOiC5OUG19VoZcg1vRcR0YnoAvJfBD2G6UpnrPeUkwRe9:YvXKXurO5EZc0v7GR22cUkee9
                                                    MD5:DBF3DBE2BBEC92DEF7D9C2F253477415
                                                    SHA1:4E6DD9744425F7593D318FB5D99D1C0925005584
                                                    SHA-256:83522F95AFC51D396080375DE8B956C16A10DD5DC35D8033B5528ECBC8624B71
                                                    SHA-512:332724B176450825C77939B197C57D34D0096F75024F80BBC3FE0EA18B753FA1FF4303F963B16B6049B1C73D1F997B224F2DD9670E3B7D88D30158DC70A107EE
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"00f2bb69-eedf-4d97-82b3-7fd7ca1445f4","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713797581414,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):285
                                                    Entropy (8bit):5.356167766358452
                                                    Encrypted:false
                                                    SSDEEP:6:YEQXJ2HXHOiC5OUG19VoZcg1vRcR0YnoAvJfPmwrPeUkwRe9:YvXKXurO5EZc0v7GH56Ukee9
                                                    MD5:DCF5D8E969103520D01C9A38176B5F04
                                                    SHA1:351DBDF5C7BD824683948080C9165ABDB1EA4565
                                                    SHA-256:74726173CA044E79BF9A6335580CFC316EDEEE6A8276E7D32E01481225F16419
                                                    SHA-512:038504C096147C102F33941BE63F051E1AE4B855294C77A7633FA4C7AF76B057730CE1467E85DEE7F1B4720890042AA943994462B371FFE6636A3D350C437AFF
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"00f2bb69-eedf-4d97-82b3-7fd7ca1445f4","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713797581414,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):292
                                                    Entropy (8bit):5.314541464530324
                                                    Encrypted:false
                                                    SSDEEP:6:YEQXJ2HXHOiC5OUG19VoZcg1vRcR0YnoAvJfJWCtMdPeUkwRe9:YvXKXurO5EZc0v7GBS8Ukee9
                                                    MD5:8EE03C28DEE7D55DEA50426E9B7F3040
                                                    SHA1:FEE05902C9D2DE33013EF9A53EC2EADDAE8EBE07
                                                    SHA-256:B9E943C363CB6895855DDA9AF376B288B7CB6E102AC7B359B3ED13EB4EEB6084
                                                    SHA-512:517C0A50D603EFAF7ABB6B534B6A1BA818FA27D3866E04FA4C3A15167A25708EFF74304CE3BBFFD78EEDBFF97AA75118958D25904E177B601A6805AB57084896
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"00f2bb69-eedf-4d97-82b3-7fd7ca1445f4","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713797581414,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):289
                                                    Entropy (8bit):5.301975069840263
                                                    Encrypted:false
                                                    SSDEEP:6:YEQXJ2HXHOiC5OUG19VoZcg1vRcR0YnoAvJf8dPeUkwRe9:YvXKXurO5EZc0v7GU8Ukee9
                                                    MD5:56F1E853689C1D2B6CFE93A1DDFBDFAB
                                                    SHA1:E59969EF81D9D438FD1EC9A45B92269438D7C524
                                                    SHA-256:6DA98EA9BFF55FD7E9B9DE94E68DFD8719A7D712EDA609EC418F811FCB9B414E
                                                    SHA-512:53EEACEC11D52F128E8E0DAF4B0694914F6E7E33A1ECF28B02D35B99322D0BF524F29C7FF65128CEC94087766B088DE4BBBD0B059677D33CA7CB61CD076B6B8E
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"00f2bb69-eedf-4d97-82b3-7fd7ca1445f4","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713797581414,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):292
                                                    Entropy (8bit):5.305546416269719
                                                    Encrypted:false
                                                    SSDEEP:6:YEQXJ2HXHOiC5OUG19VoZcg1vRcR0YnoAvJfQ1rPeUkwRe9:YvXKXurO5EZc0v7GY16Ukee9
                                                    MD5:A617E3F83538F1788775A36783984C2F
                                                    SHA1:02E20AC6AB77A71E6EF0002B87F341E029251278
                                                    SHA-256:66BDC68160BA5FC8DA122C22F8774E49C144FF498B97D2647D0621ECAF799230
                                                    SHA-512:80C4DB68B958F8C0080D093DE32CC010DE192F41B0FD5FD0254BC5E7E5CF0FA5D8CFAADD0B73460DB719A688B3802BC454D146557B3FBB0CA9FCA4F8E25AEEC3
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"00f2bb69-eedf-4d97-82b3-7fd7ca1445f4","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713797581414,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):289
                                                    Entropy (8bit):5.309942216733555
                                                    Encrypted:false
                                                    SSDEEP:6:YEQXJ2HXHOiC5OUG19VoZcg1vRcR0YnoAvJfFldPeUkwRe9:YvXKXurO5EZc0v7Gz8Ukee9
                                                    MD5:79F50581A725B3D4CD6492B30BA73449
                                                    SHA1:DE7BB4AD4C052F6B6062266797BB47F17D559807
                                                    SHA-256:E70F8308A19A21B956A820E59623637DC36084870F95C67371FD027E4C1EEDB4
                                                    SHA-512:54E08E70B8DF57FB37EFC0178485610C7EAFE212C988FF2557FC60F91247708A09BEDFD01419AB7DAA1305B107D7817E0EA8548C142C3CD6567F9B4B015E17B8
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"00f2bb69-eedf-4d97-82b3-7fd7ca1445f4","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713797581414,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):1372
                                                    Entropy (8bit):5.7397676786923295
                                                    Encrypted:false
                                                    SSDEEP:24:Yv6XQ7zvDKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJN3:Yvln7EgigrNt0wSJn+ns8cvFJl
                                                    MD5:7CF3C50CA34631E2693A60AA8953E45F
                                                    SHA1:DEF9A6012CB0C93957131CE23BE7FB4D320F4F15
                                                    SHA-256:83535E84F77D533D31F8B6C14DFFB77914F8692733A93B389D09408188AE13F0
                                                    SHA-512:D064C849AB20D9864FA815CD00847AB6FF234EDA97711061242305BEDCB165210A00BDA0B335C27A3C79B7DDA9B61F0A44DD9A71D6C291265AC03E34C7160253
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"00f2bb69-eedf-4d97-82b3-7fd7ca1445f4","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713797581414,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):289
                                                    Entropy (8bit):5.307765712927821
                                                    Encrypted:false
                                                    SSDEEP:6:YEQXJ2HXHOiC5OUG19VoZcg1vRcR0YnoAvJfYdPeUkwRe9:YvXKXurO5EZc0v7Gg8Ukee9
                                                    MD5:F719FF88867F4AE3D9E271B625274D14
                                                    SHA1:2940F7914F114FC902ADFBB55A513E469A61447D
                                                    SHA-256:5B9A05E137ACEDEBCE49937561D3EF493922E161DF79B9D0B259E52B877EFCFA
                                                    SHA-512:956F6AE20E701E70AAAF00592BB945E8182E0BF6B3F82D87A16650961AF5B5A0E043CB03A695CC483212A1C03415A05395588CE20C8D7C8FEF4EC9FF9D556BDD
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"00f2bb69-eedf-4d97-82b3-7fd7ca1445f4","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713797581414,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):1395
                                                    Entropy (8bit):5.780891252333461
                                                    Encrypted:false
                                                    SSDEEP:24:Yv6XQ7zverLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNu:YvlnmHgDv3W2aYQfgB5OUupHrQ9FJI
                                                    MD5:4F4E6B4D2683171750A8C6D75AAA1DEB
                                                    SHA1:BA936117ACC5C70961844D55E0911A184D96CF42
                                                    SHA-256:28E29E778A98AEDD13570B9E6E6B98E5289D8303CD6204C847BF149333FAD068
                                                    SHA-512:1606DAB1B100241A21A2895B0E7A553086C4B7EB27BF8DF496B87E7EEE3BD81BF02CBD88CAE376DDADA2635A466DEA5D633CF022AFF71E57B507EA78C74F6FE2
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"00f2bb69-eedf-4d97-82b3-7fd7ca1445f4","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713797581414,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):291
                                                    Entropy (8bit):5.291259438004243
                                                    Encrypted:false
                                                    SSDEEP:6:YEQXJ2HXHOiC5OUG19VoZcg1vRcR0YnoAvJfbPtdPeUkwRe9:YvXKXurO5EZc0v7GDV8Ukee9
                                                    MD5:502FCAD34B2ADC5EAD0B46053D7C3414
                                                    SHA1:329320C922333F6D2BA1EB38A78A02F6C00A053D
                                                    SHA-256:E8FBDB2543E93E244DC470A2811617B3E50CB702F17E05291D2C4E6BAD217901
                                                    SHA-512:480FDE8C763F1A13E990D4094D71A41D1DD1F5067A1210D57067255CEF28781766B45E89E742166FE3ACD80D2197C2DB211ED2D3CD3C661778AD3F62C8054B5D
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"00f2bb69-eedf-4d97-82b3-7fd7ca1445f4","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713797581414,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):287
                                                    Entropy (8bit):5.295703999093212
                                                    Encrypted:false
                                                    SSDEEP:6:YEQXJ2HXHOiC5OUG19VoZcg1vRcR0YnoAvJf21rPeUkwRe9:YvXKXurO5EZc0v7G+16Ukee9
                                                    MD5:0C7FECE3E98C630CA722667BDD2DE214
                                                    SHA1:B9ACA104753A09B75A45D8FDCAAD1050F8ED47B0
                                                    SHA-256:6356E787F413039F47EF49BF2E0FA275E2FC16C422D01DFC25ED6658ED331CE4
                                                    SHA-512:4CFB4C06DA902E9AC73FFE00245AC9E5FD7E49B63D213FF116AB3AAE2696F1128B2A5B5A35D9487FAC0E8C5E8A7A106BEB00A8494334035B0C6D2BA12BDD0818
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"00f2bb69-eedf-4d97-82b3-7fd7ca1445f4","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713797581414,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):289
                                                    Entropy (8bit):5.314600841685969
                                                    Encrypted:false
                                                    SSDEEP:6:YEQXJ2HXHOiC5OUG19VoZcg1vRcR0YnoAvJfbpatdPeUkwRe9:YvXKXurO5EZc0v7GVat8Ukee9
                                                    MD5:52F11E5112892AC6ADF272D9B2E16DE2
                                                    SHA1:6952317DA952277ACEE89E7E7B5F56C1F99EEAB4
                                                    SHA-256:FDE6DB59B42D9F5608B9A846724EECECD9E52D59CA2C6AEC130C87A21099F74F
                                                    SHA-512:8162D90DD065AD2FA86B3A03D7AFACDF8F218F9B76E43C91CD5F9B4E59745F26E8705AF5D610D398E794B961721FB299D6B5E1FDAE3DBCA7A50FA6E756C77F59
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"00f2bb69-eedf-4d97-82b3-7fd7ca1445f4","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713797581414,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):286
                                                    Entropy (8bit):5.27084240019255
                                                    Encrypted:false
                                                    SSDEEP:6:YEQXJ2HXHOiC5OUG19VoZcg1vRcR0YnoAvJfshHHrPeUkwRe9:YvXKXurO5EZc0v7GUUUkee9
                                                    MD5:08F40DA913A618D3E5747EFB887234D8
                                                    SHA1:E79B4D54ED4E2752E7A13CE2351856F427E3CDDF
                                                    SHA-256:A8443E88DC08AD03B173ADC6CB552BD7237272469B34F8F267FECF3D42E6878C
                                                    SHA-512:D2FFA34B6799DCABC0AF39A3FD35270052FF0595F801EC5DACD5D1F2CC7A4AE5C411760CADF2E3BC5D85F3049265017B2AD26E861ADC1710DECCBDE88800E8B8
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"00f2bb69-eedf-4d97-82b3-7fd7ca1445f4","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713797581414,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):782
                                                    Entropy (8bit):5.375364082611538
                                                    Encrypted:false
                                                    SSDEEP:12:YvXKXurO5EZc0v7GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWb:Yv6XQ7zvb168CgEXX5kcIfANhK
                                                    MD5:E10159B10A708B2C20208DA964E8C5B7
                                                    SHA1:3BC9AFE906F18348F1463FC696AA9F43C912B544
                                                    SHA-256:A285F3B343826E3883AA05CA4589696F95FFC147CD4AFA61B889A94454EA8DD5
                                                    SHA-512:C7BCF48FD6344A75AA1801A7EBB7DBD256EC428B04CEC98C2D13A6EEBDC5F4894E5AD104807C8113151B04EB482425696D0EFCAC69418E6FEF4DBD6C661D611B
                                                    Malicious:false
                                                    Preview:{"analyticsData":{"responseGUID":"00f2bb69-eedf-4d97-82b3-7fd7ca1445f4","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1713797581414,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1713623446447}}}}

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):4
                                                    Entropy (8bit):0.8112781244591328
                                                    Encrypted:false
                                                    SSDEEP:3:e:e
                                                    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                    Malicious:false
                                                    Preview:....

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):2814
                                                    Entropy (8bit):5.129022961875817
                                                    Encrypted:false
                                                    SSDEEP:24:YnFzoZCMfIVy5a4Qqa69ay5VN/daWjVXOj0SS3i62gV2LS8UZJ5HctR9EqxunvOG:YqrfIE5vz/NCSd/VSUZJhc39A
                                                    MD5:9B48161B28B3F9E8B4F6E45E5894D6C9
                                                    SHA1:4C6085F483F5C9350390327C4573762D105F3D67
                                                    SHA-256:E1F8BC835B7FED3314FFC0CED7B873305C69E316BE0A7473001A2F046D4B2810
                                                    SHA-512:5EAD494C01969320A88AB07B74D36BBF7DD284635D93844777D4A2187947323E1F6BF0FB33403B8A410140AAD74DC891B77A2F828039F8CA60D3C38CBBED0931
                                                    Malicious:false
                                                    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"f71ef63ed9c003ba0dd13b2dd1b1095b","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713623446000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"6d46cbb4988fbf93aaf4f09f25411403","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713623446000},{"id":"Edit_InApp_Aug2020","info":{"dg":"72fe0d49cfa3cce8e3f1a53a1691e63f","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713623446000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"526fb4290ffaecb10d594c0e5f2a4617","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713623446000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"bc676c4cdf9d78547c3124b8ef080dd3","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713623446000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"403a26dec69c75971f6083dd0a912388","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713623446000},

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 30, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 30
                                                    Category:dropped
                                                    Size (bytes):12288
                                                    Entropy (8bit):1.1893743786127347
                                                    Encrypted:false
                                                    SSDEEP:48:Tll2GL7msEIwnvR9H9vxFGiDfZRgk8kAk:fVmscFGS22
                                                    MD5:DA4ACD4411691A799796659CF6D7DEF3
                                                    SHA1:BB80F09DBE063F88C9A8F4F1DF6A1146B5C4146E
                                                    SHA-256:05045FA77C83E878EA2E27CC97CFB6ED3A71E6D2597F48B0F035985A19580EF1
                                                    SHA-512:75CA282E97A88E5D1A7CE975CB2DFA8BF58BB587DC1F0D95F4B4CE495E5FB966E762B63920CEA979AE9DBF86A26AE04DA02CCCF7BD412107FA2646FC46426628
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:SQLite Rollback Journal
                                                    Category:dropped
                                                    Size (bytes):8720
                                                    Entropy (8bit):1.6133778297088295
                                                    Encrypted:false
                                                    SSDEEP:48:7M0QBFvR9H9vxFGiDIAvgk8kA4q1l2GL7mso:70FGSIZW6Vmso
                                                    MD5:D71949411186C6B643E89A0267352E64
                                                    SHA1:6E67F8395F78D17E17D4F7DAD35F47378100CF69
                                                    SHA-256:E233EBCEB58ED20452D43CE98F2376D5F75BADBE93DD5393807ADA6FCA7A0603
                                                    SHA-512:0B04B02C92B9FB91151B5FEFB171B9C9D5D86A414DF93D88B2D9487615C8129EA162D159C97A22E70469206361632B549DD5DB806A4A00F102CD6A135AEEA428
                                                    Malicious:false
                                                    Preview:.... .c......h.K......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f...)..).....8.....).).).).).).).)................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\MSIee400.LOG

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):246
                                                    Entropy (8bit):3.5278731006694652
                                                    Encrypted:false
                                                    SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8QdWarNCuw:Qw946cPbiOxDlbYnuRKZdnNO
                                                    MD5:818D18AC3DB93FA52BEAD1825CE5EC6C
                                                    SHA1:5950B6E38A0D30D0184DAB880376B0E134EBBADF
                                                    SHA-256:45954769AB20B0D0F8BC8F23000A485CECE81289BAFB36678285F116A5006E3E
                                                    SHA-512:8D477C20DA93B44DD38D554A4AB1D5D9B9217BAC7D649BB033620E9F4ABDD14520B3A734122C73AFC7AE344A8D3C7B51D1D2069EF4A75E072890945FA39DD994
                                                    Malicious:false
                                                    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.0./.0.4./.2.0.2.4. . .1.6.:.3.0.:.4.8. .=.=.=.....

                                                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\A913kty8z_1winama_140.tmp

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:PDF document, version 1.6, 0 pages
                                                    Category:dropped
                                                    Size (bytes):358
                                                    Entropy (8bit):5.086441660422443
                                                    Encrypted:false
                                                    SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOyd+g2d+FCSyAAO:IngVMre9T0HQIDmy9g06JX+u6lX
                                                    MD5:340166471EEE92CBE0E107A3B2B7CE53
                                                    SHA1:6AAB7B186E17743814AEBDE9CA9F9837F2DAC03B
                                                    SHA-256:99775880B3A095F9CF878B376EE37E501735B8E60CAA079720E2EE597C4A4099
                                                    SHA-512:2F5350A65113414471AAEC4818EAABEDD5474A5957548716966E5E67356BF76D67BCE82639D48293A63B3ADD5581906DE36F42B69E48B17039D78989403DF716
                                                    Malicious:false
                                                    Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<0B2A37E8B9D13F4EBAA8525FF5E64E22><0B2A37E8B9D13F4EBAA8525FF5E64E22>]>>..startxref..127..%%EOF..

                                                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\A918mvra3_1winam9_140.tmp

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:TrueType Font data, digitally signed, 25 tables, 1st "DSIG", 58 names, Unicode, \251 2017 The Monotype Corporation. All Rights Reserved.
                                                    Category:dropped
                                                    Size (bytes):1036584
                                                    Entropy (8bit):6.560220128816804
                                                    Encrypted:false
                                                    SSDEEP:24576:ozjo/Y7wjgTmKJ4WxA7EAD4OBfDamXKE6AMMzvwFo:8o/Y7wjgTm0PxAwJHE6hMbwFo
                                                    MD5:73E8F40755D7CEA2720894C6586AAA43
                                                    SHA1:F078A6015C664983172C86BB28175020654E4EEE
                                                    SHA-256:C78F9A4198762CCEF5CCCBF8E804F9241B24109D24BB934F02CD76A75F37F332
                                                    SHA-512:5D913CC537F29F3E5CACD4C68E361C24869D0439B726B7E5A349A7B897720041A9D6FFEDFB0EFFBD915270DF317A16775AB83F4A70075DFBE2EF71EAF115F371
                                                    Malicious:false
                                                    Preview:............DSIG..3L........GDEF.......P...RGPOS2.....".....GSUB..k...:.....JSTFm*i.........LTSH..Y.........OS/2.J]....L...`PCLT.{>C......6VDMXP.j.........cmap>......x..'.cvt ......(...nfpgm8..+........gasp...!...H....glyf...^...X..0\hdmx{....L.....head.KV....\...6hhea.3._......$hmtxVh.......FZkern7a96..:....`loca^j2...Ot..F`maxp........... meta...a.......`name-1.....T....post.*......... prep.........../............................0.....*.H..........0..~...1.0...+......0a..+.....7....S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..............g......\......S0...0..........3......7v.........0...*.H........0w1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1!0...U....Microsoft Time-Stamp PCA0...160907175851Z..180907175851Z0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1.0...U....AOC1&0$..U....Thales TSS ESN:C3B0-0F6A-41111%0#..U....Microsoft Time-Stamp Service0.."0...*.H.............0..........=

                                                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91ntni4a_1winamo_140.tmp

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):880128
                                                    Entropy (8bit):2.0812965547625697
                                                    Encrypted:false
                                                    SSDEEP:6144:uEUnEiv7ocYM3ogIQ0yPzGf8R9knG0kYzrGNrYrypghhGjOAvnr8woWWS/cYOq/e:uEUn4
                                                    MD5:44CB7CC7CADD525702D05857FD112189
                                                    SHA1:A3BCD3134EFDCD21457D2E4B106F1EA69DF0D9DB
                                                    SHA-256:856B125CD77D6A7FFBD2FB78B5BF047B304C7474CE4CB8613BF7816E7BF38E66
                                                    SHA-512:E5E17E3CFD7F5AFB8830EDA90C20783D062020B738865CC616432567EE4BDFCCFCE981EF20BDDCAC51C37DE900C248C536051A42D740AFBF3C7EBCDF312FA307
                                                    Malicious:false
                                                    Preview:............................................................................................................................................................................-...)...A12_acrobat_multiFile_generic_dark_32.pdf...................................................................................................8...........................................................................................................%...!...A12_acrobat_parcel_generic_64.pdf...........................................................................................................9...........................................................................................................*...&...A12_acrobat_parcel_generic_dark_32.pdf......................................................................................................:...........................................................................................................*...&...A12_acrobat_parcel_generic_dark_64.pdf..............

                                                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9h8w0s7_1winam8_140.tmp

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:PDF document, version 1.6, 0 pages
                                                    Category:dropped
                                                    Size (bytes):358
                                                    Entropy (8bit):5.052835368211586
                                                    Encrypted:false
                                                    SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROONmcsWMcsWeLCSyAAO:IngVMre9T0HQIDmy9g06JX9rsWdsWeLR
                                                    MD5:6FEC7E5DFC5AA3CBFDFC45D81ED95D0F
                                                    SHA1:724C9CB496D7733AAC911A30E46616FFFF3D3B02
                                                    SHA-256:AAAC248D8CEAE541BFC159C4BBEE7C03CE767F8F63712513C07CB84D8151AE5F
                                                    SHA-512:296B840BC03EE48483B7FAD4033FDFDCC2F7E7315558CC25B20ED734DA57F428584D70A98C437B8EACEDC3E87985861763091DAFB8708BA6B3AEE1CEF022991C
                                                    Malicious:false
                                                    Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<14AAAE05FAC1BC4290E39E28338AEFF1><14AAAE05FAC1BC4290E39E28338AEFF1>]>>..startxref..127..%%EOF..

                                                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-20 16-30-42-889.log

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:ASCII text, with very long lines (393)
                                                    Category:dropped
                                                    Size (bytes):16525
                                                    Entropy (8bit):5.345946398610936
                                                    Encrypted:false
                                                    SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                                                    MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                                                    SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                                                    SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                                                    SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                                                    Malicious:false
                                                    Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):16603
                                                    Entropy (8bit):5.377570121480353
                                                    Encrypted:false
                                                    SSDEEP:384:Ys41QMOHC5pMy8dI6GBMSejD0Hm66OgRqoO84+G27l0QiK4oTDjqhqnS28X5Kq+Z:pq2D2O
                                                    MD5:674D0517FC5159F124928CD4B0DF0653
                                                    SHA1:CE82CD2D2127B807AE04FAA8686E39FDF4B2B0A4
                                                    SHA-256:B51C49CF309456444E68BE8521935D2BCC5C4B6DF4163B38BC1F7F3CB566DEE5
                                                    SHA-512:BD5AD68FD1EB26945B1C33195C6E0B9640B49849CB6C6AAB6AC27273CE6F4D8ABFF364E523551AD75350B6B742750D123014A6FACEEFB3D3A43E9C3F0A8F8826
                                                    Malicious:false
                                                    Preview:SessionID=2b885406-f45a-46d6-8bb4-f35501cf8fce.1713623442921 Timestamp=2024-04-20T16:30:42:921+0200 ThreadID=6528 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=2b885406-f45a-46d6-8bb4-f35501cf8fce.1713623442921 Timestamp=2024-04-20T16:30:42:921+0200 ThreadID=6528 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=2b885406-f45a-46d6-8bb4-f35501cf8fce.1713623442921 Timestamp=2024-04-20T16:30:42:921+0200 ThreadID=6528 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=2b885406-f45a-46d6-8bb4-f35501cf8fce.1713623442921 Timestamp=2024-04-20T16:30:42:921+0200 ThreadID=6528 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=2b885406-f45a-46d6-8bb4-f35501cf8fce.1713623442921 Timestamp=2024-04-20T16:30:42:921+0200 ThreadID=6528 Component=ngl-lib_NglAppLib Description="SetConf

                                                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):29845
                                                    Entropy (8bit):5.377584002478233
                                                    Encrypted:false
                                                    SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rI:k
                                                    MD5:90E612273AD335E63D555F66B603454F
                                                    SHA1:BAA166651EB99762AA7527F69EE401662FE971C8
                                                    SHA-256:A75FB7206406B94133088B131CC689ED512C958E2757F54CBA4B6DAFE65BE6A6
                                                    SHA-512:67087130B2C1573FA9BF4452651C2E058FAD4D91865F04902AEB22C06C7842BAB986DADAB5586DF130E8ECDE2335B413363A97E4A46E91D4F3E6280FAB7A7391
                                                    Malicious:false
                                                    Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                                                    C:\Users\user\AppData\Local\Temp\acrocef_low\346c0aee-8634-40a9-9f3d-beb58f1294ef.tmp

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 921996
                                                    Category:dropped
                                                    Size (bytes):386528
                                                    Entropy (8bit):7.9736851559892425
                                                    Encrypted:false
                                                    SSDEEP:6144:rBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOFjNOX1Lj3vfE4JvWTlP:r+Tegs661ybxrr/IxkB1mabFhOXZ/fEh
                                                    MD5:C14EBC9A03804BAB863F67F539F142C6
                                                    SHA1:FD44F63771819778149B24DD4B073940F5D95BFA
                                                    SHA-256:A495629FA5E71EE50BB96F9C4CAEAC46E8B44BFC3F910A073348258F63DFAFCE
                                                    SHA-512:8ED832A54A3925914E3BCFC96A3ABFF63A511ADAC79A869AD1569BB175CC1AF84E6C2BD20FA2187A5C3B733625EDE5D95C2172B24ED2F252835689F6D4A0F5A2
                                                    Malicious:false
                                                    Preview:...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..

                                                    C:\Users\user\AppData\Local\Temp\acrocef_low\479c758e-0eaf-41c1-bae4-3e2fadc726fe.tmp

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                    Category:dropped
                                                    Size (bytes):1407294
                                                    Entropy (8bit):7.97605879016224
                                                    Encrypted:false
                                                    SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                                                    MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                                                    SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                                                    SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                                                    SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                                                    Malicious:false
                                                    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                    C:\Users\user\AppData\Local\Temp\acrocef_low\8061cff2-101f-42d5-88d8-7d5187f20fcb.tmp

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                    Category:dropped
                                                    Size (bytes):1419751
                                                    Entropy (8bit):7.976496077007677
                                                    Encrypted:false
                                                    SSDEEP:24576:ZDA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:lVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                                                    MD5:FE1669C6A66EA60C977202606F8DA6DB
                                                    SHA1:054250FECC9293AF02C8D8E6910134CD74BC3A23
                                                    SHA-256:B9BFC61A0E9F6D2FBAD4A401CBB676B9A300ECDE2357F73BFB62505216477D54
                                                    SHA-512:50ABA4E1B7ECAA2EA52D0F241E632040DE04D47B1E28F1A6B564D8CDE6DB10A44DBA1D5D50DAB75D418A01C9263D3D5D789B94D1FE84041AFEF1C5A35D521921
                                                    Malicious:false
                                                    Preview:...........]..8.}. .)."{g.-.}plw.A........,..Y.tI.g.....)Q.H..'p#p`.U.S.H.)....e....a.><..w.....Dw..9.0Y~.......1.._......j.....Oh.q.\,....tn.....w..i.f..?A../.h.D..........n^......M..w......C....!..4.........w4q..F.1I.!A....(.........TN..'8...Q.........^...za..0Hm/.....{.....\....' ..1..0.qzD........'Y...... .m..8Bh... ...4...z..}.9..Lqp..M \Xe......Q..0..+C.B.4Ijm...o..co..q.d.~.8...\/.4.]....8...1.].D....K.|...hp\..... .ch.....\.g..Qpf.{N....n<......'.....KS(.k..$Q.R...6..'.....7.!....{.....b....C.v~...x...FO^..O.d.>'>...........&.. ..WR...6...^.D..A...d1|..F.g..g;.\...m..V..0..le.......4J..p.(..l'.....n_........n.0..P...Y.KJ.S.B.><.\C.}..~....,..k..V....XI#w..B..Q.B...t..\.lB;&!.n.(._=..>...+..a.......N.X{.{..ly.$V......@..E.....R.j.x[..V.....Ij.....mQ....-D....U1..J...F+.%...6.g.T.....X....(...w...8a..\1..^z.6...@R....l.i.A..,.......o..~^bM.E..qW^?.......!..)u.(&*.v....."c.H..Pp..uy...DP8.m3.:T..U=............0-~.B..w...D..'

                                                    C:\Users\user\AppData\Local\Temp\acrocef_low\d512b327-69fd-4610-8fb6-0eb6cdc20fc1.tmp

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                    Category:dropped
                                                    Size (bytes):758601
                                                    Entropy (8bit):7.98639316555857
                                                    Encrypted:false
                                                    SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                    MD5:3A49135134665364308390AC398006F1
                                                    SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                    SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                    SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                    Malicious:false
                                                    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                    C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):24
                                                    Entropy (8bit):3.66829583405449
                                                    Encrypted:false
                                                    SSDEEP:3:So6FwHn:So6FwHn
                                                    MD5:DD4A3BD8B9FF61628346391EA9987E1D
                                                    SHA1:474076C122CACAAF112469FC62976BB69187AA2B
                                                    SHA-256:7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
                                                    SHA-512:FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
                                                    Malicious:false
                                                    Preview:<</Settings [/c <<>>].>>

                                                    C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):36
                                                    Entropy (8bit):4.294653473544341
                                                    Encrypted:false
                                                    SSDEEP:3:8QvCyKGziFLpn:8QayKGyLpn
                                                    MD5:5C6B932A79952B4B27833691305E61DB
                                                    SHA1:09804DB0986A989C2C49CDCEA563567FB4C7B1A0
                                                    SHA-256:DEE5A5925227B125F4AC6D9B70A277E6EC8494FFC73D1CCE9E08CC7A78D6208A
                                                    SHA-512:4FAA9585BB10156D5DEA3B62D3A3A1BFA92430BA6E1E3381FC4C76C3071C85E53D5CBCE0016DBA1D1F9EA1B7AF37B4A4EFBAF4F3106B7D958B6E2E90AA0DF059
                                                    Malicious:false
                                                    Preview:%PDFTrustManagerDocsData 1.0........

                                                    C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav

                                                    Download File
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):54
                                                    Entropy (8bit):3.7119196645733785
                                                    Encrypted:false
                                                    SSDEEP:3:8QvCxXLV1AiLKltVln:8QaRhJ2ltPn
                                                    MD5:6A614A7743B0C781AAECA60448E861D6
                                                    SHA1:67B7DF5EBEB4527E4C31F3F9B7E52A0581DC4B6D
                                                    SHA-256:9703120DC62C2C3F843BAD5B1E77594682CA7820F0345AE0BBD73021C1427146
                                                    SHA-512:3A45B27ED6F3AAA8C2113FBB21637675CC91D1239754447A7032D1A86CB1E7381575B28F992E5FFC9986354C2B9C173C614F1F703CA4C2BEE63AB3BC6ED909A6
                                                    Malicious:false
                                                    Preview:%PDFTrustManagerGroupPerms 1.0........................

                                                    Static File Info

                                                    General

                                                    File type:PDF document, version 1.6 (zip deflate encoded)
                                                    Entropy (8bit):7.996148177354592
                                                    TrID:
                                                    • Adobe Portable Document Format (5005/1) 100.00%
                                                    File name:I&A_mileageForm.pdf
                                                    File size:862'829 bytes
                                                    MD5:b568796cfd232fbac356dee878e8bfe5
                                                    SHA1:4c4faf0406d299c7763f7e2c166a180f88fdb35b
                                                    SHA256:625134da02fcda22e28fb938495e38717ddcf61df6df1f90cee39d712e3c0c9d
                                                    SHA512:3f4df3fabbbeb1e971565f1287da68c81bcdc9dfb7c06b49f0b31e084175b70a855b55eb8280104904c6e82009e504635e6b73d378e5f481e070ba74d3084b41
                                                    SSDEEP:12288:DFfNlVtptmTxXDLNTI4s4U3+O/T5i/Z5coEYPfABqu6HKd+KrtXpdZ77lhqUrNPR:DFfNliz6jTcwyPZRKrtJvtdZX
                                                    TLSH:7D0523D4C64B1A6E14113B6563499DA2C3C3D2CA906C563B7E0C87B60704EDABCE5EEF
                                                    File Content Preview:%PDF-1.6.%......506 0 obj.<</Linearized 1/L 862829/O 509/E 267135/N 1/T 862414/H [ 870 386]>>.endobj. ..579 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<73AFED8F25D5E99610FF2967BBB6C2A0><18C235C86F62C64C8186A62B1FC70B

                                                    File Icon

                                                    Icon Hash:62cc8caeb29e8ae0

                                                    Static PDF Info

                                                    General

                                                    Header:%PDF-1.6
                                                    Total Entropy:7.996148
                                                    Total Bytes:862829
                                                    Stream Entropy:7.997813
                                                    Stream Bytes:852555
                                                    Entropy outside Streams:5.150864
                                                    Bytes outside Streams:10274
                                                    Number of EOF found:2
                                                    Bytes after EOF:

                                                    Keywords Statistics

                                                    NameCount
                                                    obj101
                                                    endobj101
                                                    stream97
                                                    endstream97
                                                    xref0
                                                    trailer0
                                                    startxref2
                                                    /Page1
                                                    /Encrypt0
                                                    /ObjStm12
                                                    /URI0
                                                    /JS0
                                                    /JavaScript0
                                                    /AA0
                                                    /OpenAction1
                                                    /AcroForm1
                                                    /JBIG2Decode0
                                                    /RichMedia0
                                                    /Launch0
                                                    /EmbeddedFile0

                                                    Network Behavior

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Apr 20, 2024 16:30:45.487684011 CEST49737443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:45.487704039 CEST4434973752.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:45.487756014 CEST49737443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:45.488128901 CEST49737443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:45.488140106 CEST4434973752.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:45.738641024 CEST4434973752.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:45.738974094 CEST49737443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:45.738981962 CEST4434973752.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:45.740434885 CEST4434973752.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:45.740531921 CEST49737443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:45.740539074 CEST4434973752.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:45.740617990 CEST49737443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:45.743222952 CEST49737443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:45.743364096 CEST4434973752.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:45.743494987 CEST49737443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:45.743505001 CEST4434973752.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:45.818641901 CEST49737443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:45.968774080 CEST4434973752.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:45.968998909 CEST4434973752.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:45.969057083 CEST49737443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:45.970562935 CEST49737443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:45.970562935 CEST49737443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:45.970578909 CEST4434973752.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:45.970619917 CEST49737443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:45.972640038 CEST49738443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:45.972693920 CEST4434973852.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:45.972768068 CEST49738443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:45.972995043 CEST49738443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:45.973038912 CEST4434973852.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:46.215823889 CEST4434973852.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:46.216139078 CEST49738443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:46.216176033 CEST4434973852.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:46.217636108 CEST4434973852.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:46.217700958 CEST49738443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:46.217716932 CEST4434973852.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:46.217773914 CEST49738443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:46.218164921 CEST49738443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:46.218245029 CEST4434973852.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:46.218419075 CEST49738443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:46.218445063 CEST4434973852.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:46.318640947 CEST49738443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:46.509088993 CEST4434973852.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:46.509147882 CEST4434973852.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:46.509222031 CEST49738443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:46.509242058 CEST4434973852.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:46.509277105 CEST4434973852.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:46.509296894 CEST49738443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:46.509329081 CEST49738443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:46.514378071 CEST49738443192.168.2.452.5.13.197
                                                    Apr 20, 2024 16:30:46.514416933 CEST4434973852.5.13.197192.168.2.4
                                                    Apr 20, 2024 16:30:49.682816982 CEST49745443192.168.2.423.54.200.159
                                                    Apr 20, 2024 16:30:49.682904959 CEST4434974523.54.200.159192.168.2.4
                                                    Apr 20, 2024 16:30:49.683243990 CEST49745443192.168.2.423.54.200.159
                                                    Apr 20, 2024 16:30:49.683443069 CEST49745443192.168.2.423.54.200.159
                                                    Apr 20, 2024 16:30:49.683466911 CEST4434974523.54.200.159192.168.2.4
                                                    Apr 20, 2024 16:30:50.004528046 CEST4434974523.54.200.159192.168.2.4
                                                    Apr 20, 2024 16:30:50.004910946 CEST49745443192.168.2.423.54.200.159
                                                    Apr 20, 2024 16:30:50.004947901 CEST4434974523.54.200.159192.168.2.4
                                                    Apr 20, 2024 16:30:50.008503914 CEST4434974523.54.200.159192.168.2.4
                                                    Apr 20, 2024 16:30:50.008578062 CEST49745443192.168.2.423.54.200.159
                                                    Apr 20, 2024 16:30:50.043982029 CEST49745443192.168.2.423.54.200.159
                                                    Apr 20, 2024 16:30:50.044204950 CEST4434974523.54.200.159192.168.2.4
                                                    Apr 20, 2024 16:30:50.044229984 CEST49745443192.168.2.423.54.200.159
                                                    Apr 20, 2024 16:30:50.088144064 CEST4434974523.54.200.159192.168.2.4
                                                    Apr 20, 2024 16:30:50.099160910 CEST49745443192.168.2.423.54.200.159
                                                    Apr 20, 2024 16:30:50.099183083 CEST4434974523.54.200.159192.168.2.4
                                                    Apr 20, 2024 16:30:50.146033049 CEST49745443192.168.2.423.54.200.159
                                                    Apr 20, 2024 16:30:50.149957895 CEST4434974523.54.200.159192.168.2.4
                                                    Apr 20, 2024 16:30:50.150034904 CEST4434974523.54.200.159192.168.2.4
                                                    Apr 20, 2024 16:30:50.150093079 CEST49745443192.168.2.423.54.200.159
                                                    Apr 20, 2024 16:30:50.150615931 CEST49745443192.168.2.423.54.200.159
                                                    Apr 20, 2024 16:30:50.150659084 CEST4434974523.54.200.159192.168.2.4

                                                    HTTP Request Dependency Graph

                                                    • https:
                                                      • p13n.adobe.io
                                                    • armmf.adobe.com

                                                    HTTPS Proxied Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.2.44973752.5.13.1974438044C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-04-20 14:30:45 UTC1353OUTOPTIONS /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1
                                                    Host: p13n.adobe.io
                                                    Connection: keep-alive
                                                    Accept: */*
                                                    Access-Control-Request-Method: GET
                                                    Access-Control-Request-Headers: x-adobe-uuid,x-adobe-uuid-type,x-api-key
                                                    Origin: https://rna-resource.acrobat.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                                    Sec-Fetch-Mode: cors
                                                    Sec-Fetch-Site: cross-site
                                                    Sec-Fetch-Dest: empty
                                                    Referer: https://rna-resource.acrobat.com/
                                                    Accept-Encoding: gzip, deflate, br
                                                    Accept-Language: en-US,en;q=0.9
                                                    2024-04-20 14:30:45 UTC508INHTTP/1.1 204 No Content
                                                    Server: openresty
                                                    Date: Sat, 20 Apr 2024 14:30:45 GMT
                                                    Content-Type: text/plain
                                                    Content-Length: 0
                                                    Connection: close
                                                    Access-Control-Allow-Origin: *
                                                    Access-Control-Allow-Methods: GET, OPTIONS
                                                    Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id
                                                    Access-Control-Allow-Credentials: true
                                                    Access-Control-Expose-Headers: x-request-id
                                                    X-Request-Id: PI6r99AJdAhaytNGkovrsU6zTN0sDrN5


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    1192.168.2.44973852.5.13.1974438044C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-04-20 14:30:46 UTC1473OUTGET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1
                                                    Host: p13n.adobe.io
                                                    Connection: keep-alive
                                                    sec-ch-ua: "Chromium";v="105"
                                                    sec-ch-ua-mobile: ?0
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                                    Accept: application/json, text/javascript, */*; q=0.01
                                                    x-adobe-uuid: a4ecfc44-3976-4051-8c45-0a7e26b55a37
                                                    x-adobe-uuid-type: visitorId
                                                    x-api-key: AdobeReader9
                                                    sec-ch-ua-platform: "Windows"
                                                    Origin: https://rna-resource.acrobat.com
                                                    Accept-Language: en-US,en;q=0.9
                                                    Sec-Fetch-Site: cross-site
                                                    Sec-Fetch-Mode: cors
                                                    Sec-Fetch-Dest: empty
                                                    Referer: https://rna-resource.acrobat.com/
                                                    Accept-Encoding: gzip, deflate, br
                                                    2024-04-20 14:30:46 UTC544INHTTP/1.1 200
                                                    Server: openresty
                                                    Date: Sat, 20 Apr 2024 14:30:46 GMT
                                                    Content-Type: application/json;charset=UTF-8
                                                    Content-Length: 3120
                                                    Connection: close
                                                    x-request-id: 2Rn8kgpBCcGW6baY7iYmWo4b0LWz2k3p
                                                    vary: accept-encoding
                                                    Access-Control-Allow-Origin: *
                                                    Access-Control-Allow-Methods: GET, OPTIONS
                                                    Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id
                                                    Access-Control-Allow-Credentials: true
                                                    Access-Control-Expose-Headers: x-request-id
                                                    2024-04-20 14:30:46 UTC3120INData Raw: 7b 22 73 75 72 66 61 63 65 73 22 3a 7b 22 44 43 5f 52 65 61 64 65 72 5f 52 48 50 5f 42 61 6e 6e 65 72 22 3a 7b 22 63 6f 6e 74 61 69 6e 65 72 73 22 3a 5b 7b 22 63 6f 6e 74 61 69 6e 65 72 49 64 22 3a 31 2c 22 63 6f 6e 74 61 69 6e 65 72 4c 61 62 65 6c 22 3a 22 4a 53 4f 4e 20 66 6f 72 20 52 65 61 64 65 72 20 44 43 20 52 48 50 20 42 61 6e 6e 65 72 22 2c 22 64 61 74 61 54 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 2c 22 64 61 74 61 22 3a 22 65 79 4a 6a 64 47 45 69 4f 6e 73 69 64 48 6c 77 5a 53 49 36 49 6d 4a 31 64 48 52 76 62 69 49 73 49 6e 52 6c 65 48 51 69 4f 69 4a 47 63 6d 56 6c 49 44 63 74 52 47 46 35 49 46 52 79 61 57 46 73 49 69 77 69 5a 32 39 66 64 58 4a 73 49 6a 6f 69 61 48 52 30 63 48 4d 36 4c 79 39 68 59 33 4a 76 59 6d 46 30
                                                    Data Ascii: {"surfaces":{"DC_Reader_RHP_Banner":{"containers":[{"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","dataType":"application/json","data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    2192.168.2.44974523.54.200.1594438044C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    TimestampBytes transferredDirectionData
                                                    2024-04-20 14:30:50 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                                                    Host: armmf.adobe.com
                                                    Connection: keep-alive
                                                    Accept-Language: en-US,en;q=0.9
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                                    Sec-Fetch-Site: same-origin
                                                    Sec-Fetch-Mode: no-cors
                                                    Sec-Fetch-Dest: empty
                                                    Accept-Encoding: gzip, deflate, br
                                                    If-None-Match: "78-5faa31cce96da"
                                                    If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                                                    2024-04-20 14:30:50 UTC198INHTTP/1.1 304 Not Modified
                                                    Content-Type: text/plain; charset=UTF-8
                                                    Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                                                    ETag: "78-5faa31cce96da"
                                                    Date: Sat, 20 Apr 2024 14:30:50 GMT
                                                    Connection: close


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:16:30:24
                                                    Start date:20/04/2024
                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\I&A_mileageForm.pdf"
                                                    Imagebase:0x7ff6bc1b0000
                                                    File size:5'641'176 bytes
                                                    MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:moderate
                                                    Has exited:true

                                                    General

                                                    Target ID:1
                                                    Start time:16:30:24
                                                    Start date:20/04/2024
                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
                                                    Imagebase:0x7ff701040000
                                                    File size:11'469'784 bytes
                                                    MD5 hash:8A41FC5F946230805512B943C45AC9D8
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:false

                                                    General

                                                    Target ID:2
                                                    Start time:16:30:25
                                                    Start date:20/04/2024
                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6352
                                                    Imagebase:0x7ff701040000
                                                    File size:11'469'784 bytes
                                                    MD5 hash:8A41FC5F946230805512B943C45AC9D8
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:false

                                                    General

                                                    Target ID:3
                                                    Start time:16:30:26
                                                    Start date:20/04/2024
                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
                                                    Imagebase:0x7ff701040000
                                                    File size:11'469'784 bytes
                                                    MD5 hash:8A41FC5F946230805512B943C45AC9D8
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:4
                                                    Start time:16:30:26
                                                    Start date:20/04/2024
                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7316
                                                    Imagebase:0x7ff701040000
                                                    File size:11'469'784 bytes
                                                    MD5 hash:8A41FC5F946230805512B943C45AC9D8
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:5
                                                    Start time:16:30:28
                                                    Start date:20/04/2024
                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
                                                    Imagebase:0x7ff701040000
                                                    File size:11'469'784 bytes
                                                    MD5 hash:8A41FC5F946230805512B943C45AC9D8
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:6
                                                    Start time:16:30:28
                                                    Start date:20/04/2024
                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7416
                                                    Imagebase:0x7ff701040000
                                                    File size:11'469'784 bytes
                                                    MD5 hash:8A41FC5F946230805512B943C45AC9D8
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:7
                                                    Start time:16:30:30
                                                    Start date:20/04/2024
                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
                                                    Imagebase:0x7ff701040000
                                                    File size:11'469'784 bytes
                                                    MD5 hash:8A41FC5F946230805512B943C45AC9D8
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:8
                                                    Start time:16:30:30
                                                    Start date:20/04/2024
                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7524
                                                    Imagebase:0xfb0000
                                                    File size:11'469'784 bytes
                                                    MD5 hash:8A41FC5F946230805512B943C45AC9D8
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:9
                                                    Start time:16:30:32
                                                    Start date:20/04/2024
                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
                                                    Imagebase:0x7ff701040000
                                                    File size:11'469'784 bytes
                                                    MD5 hash:8A41FC5F946230805512B943C45AC9D8
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:10
                                                    Start time:16:30:32
                                                    Start date:20/04/2024
                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7628
                                                    Imagebase:0x7ff701040000
                                                    File size:11'469'784 bytes
                                                    MD5 hash:8A41FC5F946230805512B943C45AC9D8
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:11
                                                    Start time:16:30:34
                                                    Start date:20/04/2024
                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
                                                    Imagebase:0x7ff701040000
                                                    File size:11'469'784 bytes
                                                    MD5 hash:8A41FC5F946230805512B943C45AC9D8
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:12
                                                    Start time:16:30:34
                                                    Start date:20/04/2024
                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7728
                                                    Imagebase:0x7ff701040000
                                                    File size:11'469'784 bytes
                                                    MD5 hash:8A41FC5F946230805512B943C45AC9D8
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:13
                                                    Start time:16:30:37
                                                    Start date:20/04/2024
                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                    Imagebase:0x7ff74bb60000
                                                    File size:3'581'912 bytes
                                                    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:15
                                                    Start time:16:30:37
                                                    Start date:20/04/2024
                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1540,i,13543496977365774410,5141392604321544278,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                    Imagebase:0x7ff74bb60000
                                                    File size:3'581'912 bytes
                                                    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    General

                                                    Target ID:16
                                                    Start time:16:30:37
                                                    Start date:20/04/2024
                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
                                                    Imagebase:0x370000
                                                    File size:218'280 bytes
                                                    MD5 hash:92366A2F482926C3D0DD02D6F952F742
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Has exited:true

                                                    Disassembly

                                                    No disassembly