Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
APEFT-Remit.pdf

Overview

General Information

Sample name:APEFT-Remit.pdf
Analysis ID:1430624
MD5:2a0dc631f6524b80081e228e32d23249
SHA1:5f68eac68959003035c87951f2fb60a197ee3996
SHA256:8c472eef2d4f66ca6d5d6e0492c041313ca57c5760ef27555b0af763ff4b96dc
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7444 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\APEFT-Remit.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7628 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7836 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1752,i,5616625130128595369,995304234985773419,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.4:49740 -> 72.247.96.179:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 72.247.96.179:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 72.247.96.179:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 72.247.96.179:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 72.247.96.179:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 72.247.96.179:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 72.247.96.179:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 72.247.96.179:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 72.247.96.179:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 72.247.96.179:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 72.247.96.179:443
Source: global trafficTCP traffic: 72.247.96.179:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 72.247.96.179:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 72.247.96.179:443
Source: global trafficTCP traffic: 72.247.96.179:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 72.247.96.179:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 72.247.96.179:443
Source: global trafficTCP traffic: 72.247.96.179:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 72.247.96.179:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 72.247.96.179:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 72.247.96.179:443
Source: global trafficTCP traffic: 72.247.96.179:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 72.247.96.179:443
Source: global trafficTCP traffic: 72.247.96.179:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 72.247.96.179:443
Source: global trafficTCP traffic: 72.247.96.179:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 72.247.96.179:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 72.247.96.179:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 72.247.96.179:443
Source: global trafficTCP traffic: 72.247.96.179:443 -> 192.168.2.4:49740
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 72.247.96.179
Source: unknownTCP traffic detected without corresponding DNS query: 72.247.96.179
Source: unknownTCP traffic detected without corresponding DNS query: 72.247.96.179
Source: unknownTCP traffic detected without corresponding DNS query: 72.247.96.179
Source: unknownTCP traffic detected without corresponding DNS query: 72.247.96.179
Source: unknownTCP traffic detected without corresponding DNS query: 72.247.96.179
Source: unknownTCP traffic detected without corresponding DNS query: 72.247.96.179
Source: unknownTCP traffic detected without corresponding DNS query: 72.247.96.179
Source: unknownTCP traffic detected without corresponding DNS query: 72.247.96.179
Source: unknownTCP traffic detected without corresponding DNS query: 72.247.96.179
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: classification engineClassification label: clean1.winPDF@14/43@0/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7500Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 00-51-15-400.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\APEFT-Remit.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1752,i,5616625130128595369,995304234985773419,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1752,i,5616625130128595369,995304234985773419,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: APEFT-Remit.pdfInitial sample: PDF keyword /JS count = 0
Source: APEFT-Remit.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: APEFT-Remit.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive12
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1430624 Sample: APEFT-Remit.pdf Startdate: 24/04/2024 Architecture: WINDOWS Score: 1 6 Acrobat.exe 20 72 2->6         started        process3 8 AcroCEF.exe 105 6->8         started        process4 10 AcroCEF.exe 2 8->10         started        dnsIp5 13 72.247.96.179, 443, 49740 AKAMAI-ASUS United States 10->13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
72.247.96.179
unknownUnited States
16625AKAMAI-ASUSfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1430624
Start date and time:2024-04-24 00:50:21 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 2s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:10
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:APEFT-Remit.pdf
Detection:CLEAN
Classification:clean1.winPDF@14/43@0/1
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 23.1.100.158, 23.22.254.206, 52.5.13.197, 52.202.204.11, 54.227.187.23, 23.220.73.15, 23.220.73.10, 172.64.41.3, 162.159.61.3
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
  • Not all processes where analyzed, report is missing behavior information
  • VT rate limit hit for: APEFT-Remit.pdf

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
72.247.96.179Laptop_Remco_2023-10-02_09_54_40.405.zipGet hashmaliciousUnknownBrowse

    Domains

    No context

    ASNs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    AKAMAI-ASUShttps://netorg442802-my.sharepoint.com/:b:/g/personal/darek_daronto_com/EeXtnEaZ3XJBqGk13it6odUB-K9vuYAC7zp7SfyciZ3BpQ?e=nkKu2wGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
    • 23.43.51.75
    EXTERNAL Bonnie St Dryden is inviting you to collaborate on One_docx(Apr 23) DOC3848493.msgGet hashmaliciousHTMLPhisherBrowse
    • 23.223.31.231
    https://lithiuimvalley.com/ssdGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
    • 96.17.33.186
    file.exeGet hashmaliciousVidarBrowse
    • 23.47.27.74
    https://sunhos-my.sharepoint.com/:b:/g/personal/mcaffrey_suncrestcare_com/EVEm8VhV9TBDp7AQUrliImYB4Kt7rXcd_m6-8qNUjxBhTA?e=P3XNTL&xsdata=MDV8MDJ8cHJpY2hhcmRzb25AY2FsdG9uLmNvbXxkM2U5ZTc1MTlkNDA0NmI2OWMzODA4ZGM2M2JhOTA4Y3w3YjU1NzU2YTg5NTg0ZWNlODFkYzVkYTZhYmRiNmE5N3wwfDB8NjM4NDk0OTAwMTUyMzMwMjUxfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=TldIbEg2OTJiSkRUS29RRElmU3dYbTBRQUlqUTBBMXZPcGlIaTlzNnlOQT0%3dGet hashmaliciousHTMLPhisherBrowse
    • 23.50.113.17
    file.exeGet hashmaliciousVidarBrowse
    • 23.65.246.108
    Remittance. #U0440df.htmlGet hashmaliciousHTMLPhisherBrowse
    • 23.193.106.150
    https://netorgft12232017-my.sharepoint.com:443/:f:/g/personal/lisa_imjts_com/EsnpAMoHQfhBluK8Y5tDE68BaHrT-12huxTJR_ZqVWR4tA?e=5%3aZZh3dZ&at=9Get hashmaliciousUnknownBrowse
    • 23.210.240.138
    https://www.msn.com/en-us/autos/enthusiasts/what-s-the-difference-between-a-shelby-mustang-and-a-regular-mustang/ar-AA1ntM5Z?ocid=entnewsntp&pc=U531&cvid=8b8aa9e3e14d4164a6a2181020104694&ei=36Get hashmaliciousUnknownBrowse
    • 23.54.44.246
    1mHUcsxKG6.elfGet hashmaliciousMiraiBrowse
    • 23.61.238.0

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.116512001298969
    Encrypted:false
    SSDEEP:6:whZi+q2Pwkn2nKuAl9OmbnIFUt8hhJ2SmWZmw+hhJ2SNVkwOwkn2nKuAl9OmbjLJ:whU+vYfHAahFUt8hhsW/+hhrV5JfHAae
    MD5:91BC546A97EAEE9E89C82601CC3E7A21
    SHA1:52D17F136D62DB3B3F765124AB3464F27CF63ECE
    SHA-256:38A6C0676E0EF8820BD268D975802CA5563203AC9B7D84FFC48D1B11624087E3
    SHA-512:BD767534250B5DB815705832E770F6AB71EDB2B4BC864106908BF437448895899C0195AD5554BBDB99F31A5DE4D78C77D1A37CA8D2001D50357280E629360493
    Malicious:false
    Reputation:low
    Preview:2024/04/24-00:51:13.220 1dec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/24-00:51:13.221 1dec Recovering log #3.2024/04/24-00:51:13.221 1dec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.116512001298969
    Encrypted:false
    SSDEEP:6:whZi+q2Pwkn2nKuAl9OmbnIFUt8hhJ2SmWZmw+hhJ2SNVkwOwkn2nKuAl9OmbjLJ:whU+vYfHAahFUt8hhsW/+hhrV5JfHAae
    MD5:91BC546A97EAEE9E89C82601CC3E7A21
    SHA1:52D17F136D62DB3B3F765124AB3464F27CF63ECE
    SHA-256:38A6C0676E0EF8820BD268D975802CA5563203AC9B7D84FFC48D1B11624087E3
    SHA-512:BD767534250B5DB815705832E770F6AB71EDB2B4BC864106908BF437448895899C0195AD5554BBDB99F31A5DE4D78C77D1A37CA8D2001D50357280E629360493
    Malicious:false
    Reputation:low
    Preview:2024/04/24-00:51:13.220 1dec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/24-00:51:13.221 1dec Recovering log #3.2024/04/24-00:51:13.221 1dec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):336
    Entropy (8bit):5.1547856920984945
    Encrypted:false
    SSDEEP:6:wh9Ak9+q2Pwkn2nKuAl9Ombzo2jMGIFUt8hhrJZmw+hhJ9VkwOwkn2nKuAl9OmbX:whiC+vYfHAa8uFUt8hhd/+hhTV5JfHAv
    MD5:C4C6281BE40BDC07F378C37D67C6DF15
    SHA1:FF7A4AB1A361212DC4B48FFD2B3F276219530F59
    SHA-256:42293846D0655E7219EFD8B8B57CEBAC0CC26EF3CCC00E9C8E53405683937B9B
    SHA-512:3202BD0E7FE72F73C5DAECF903E650C2EEC89759E07A7C387B9825520FCCDADB8398DD6671D54EFA2DB5E8E7923B3B4FE8E47FC7C3D561330388094B1742FBEF
    Malicious:false
    Reputation:low
    Preview:2024/04/24-00:51:13.269 1ebc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/24-00:51:13.270 1ebc Recovering log #3.2024/04/24-00:51:13.272 1ebc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):336
    Entropy (8bit):5.1547856920984945
    Encrypted:false
    SSDEEP:6:wh9Ak9+q2Pwkn2nKuAl9Ombzo2jMGIFUt8hhrJZmw+hhJ9VkwOwkn2nKuAl9OmbX:whiC+vYfHAa8uFUt8hhd/+hhTV5JfHAv
    MD5:C4C6281BE40BDC07F378C37D67C6DF15
    SHA1:FF7A4AB1A361212DC4B48FFD2B3F276219530F59
    SHA-256:42293846D0655E7219EFD8B8B57CEBAC0CC26EF3CCC00E9C8E53405683937B9B
    SHA-512:3202BD0E7FE72F73C5DAECF903E650C2EEC89759E07A7C387B9825520FCCDADB8398DD6671D54EFA2DB5E8E7923B3B4FE8E47FC7C3D561330388094B1742FBEF
    Malicious:false
    Reputation:low
    Preview:2024/04/24-00:51:13.269 1ebc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/24-00:51:13.270 1ebc Recovering log #3.2024/04/24-00:51:13.272 1ebc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4b8d8454-e6e7-49bd-9dc9-8bd3b2925465.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:modified
    Size (bytes):475
    Entropy (8bit):4.966215944377013
    Encrypted:false
    SSDEEP:12:YH/um3RA8sqZudQ5nsBdOg2H9Acaq3QYiubInP7E4T3y:Y2sRdsLddMH9r3QYhbG7nby
    MD5:0B720E75FAF8B754BA978A09F8E573B7
    SHA1:B987DB451B39177D4658D3D7A4AE301DE0521856
    SHA-256:ED494DE6A86BE7CF086C419DCB78FE5BF642DBA94D298CD7DCA593200FB9C267
    SHA-512:D9A743AB96FF5BC8C662AD712F0CFB32E835807AE537BD7D5304B08925DA65A5ED6CB6BB9909DA43CD7AA59CC5D8AC88D499E427C87577FC7B7DC6CB251E046D
    Malicious:false
    Reputation:low
    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358472685232901","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":155483},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):475
    Entropy (8bit):4.966215944377013
    Encrypted:false
    SSDEEP:12:YH/um3RA8sqZudQ5nsBdOg2H9Acaq3QYiubInP7E4T3y:Y2sRdsLddMH9r3QYhbG7nby
    MD5:0B720E75FAF8B754BA978A09F8E573B7
    SHA1:B987DB451B39177D4658D3D7A4AE301DE0521856
    SHA-256:ED494DE6A86BE7CF086C419DCB78FE5BF642DBA94D298CD7DCA593200FB9C267
    SHA-512:D9A743AB96FF5BC8C662AD712F0CFB32E835807AE537BD7D5304B08925DA65A5ED6CB6BB9909DA43CD7AA59CC5D8AC88D499E427C87577FC7B7DC6CB251E046D
    Malicious:false
    Reputation:low
    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358472685232901","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":155483},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):4730
    Entropy (8bit):5.258210738128984
    Encrypted:false
    SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7PZjP2GZ:etJCV4FiN/jTN/2r8Mta02fEhgO73gor
    MD5:219561C47CD9C44A9FE018D6194BA72A
    SHA1:9D0367F85DE88B50EF00FEE2E2231AA1ACCF716E
    SHA-256:81DB9367CCAFC8ACE805A3F8AAFD63B941274288C61A18BCBF404CBCC571B8E8
    SHA-512:A4F2C206A13C3C6085E13EC9E7C0B4C3442050CB1351A6669AE918E7EDE5994BE3A8CDA961B2E416FF37477D641DC1602F3F8980B8A727508AE9DB98945D72DB
    Malicious:false
    Reputation:low
    Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):324
    Entropy (8bit):5.187612508643361
    Encrypted:false
    SSDEEP:6:wh5I9+q2Pwkn2nKuAl9OmbzNMxIFUt8hh5KJZmw+hh5K9VkwOwkn2nKuAl9OmbzE:wh52+vYfHAa8jFUt8hh50/+hh5UV5Jfv
    MD5:5FA0B77C074183561C969A0A6EE74EF1
    SHA1:6A9ED2008572A10C7AB2E274CA4B0E3F6E04FB3E
    SHA-256:116B90A460436DF07BDCC27AD3D5B72B0E9C97105C310A5380F8E164738B92B4
    SHA-512:148D2DC8B90DA850D45C1FD9C243BE7763C82F8FB55C0BB062473BFE175177FFD6A25DD5DF7EEC4EDC4B36303AED72C054FB45835E3FD88571246096304340C9
    Malicious:false
    Reputation:low
    Preview:2024/04/24-00:51:13.376 1ebc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/24-00:51:13.378 1ebc Recovering log #3.2024/04/24-00:51:13.378 1ebc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):324
    Entropy (8bit):5.187612508643361
    Encrypted:false
    SSDEEP:6:wh5I9+q2Pwkn2nKuAl9OmbzNMxIFUt8hh5KJZmw+hh5K9VkwOwkn2nKuAl9OmbzE:wh52+vYfHAa8jFUt8hh50/+hh5UV5Jfv
    MD5:5FA0B77C074183561C969A0A6EE74EF1
    SHA1:6A9ED2008572A10C7AB2E274CA4B0E3F6E04FB3E
    SHA-256:116B90A460436DF07BDCC27AD3D5B72B0E9C97105C310A5380F8E164738B92B4
    SHA-512:148D2DC8B90DA850D45C1FD9C243BE7763C82F8FB55C0BB062473BFE175177FFD6A25DD5DF7EEC4EDC4B36303AED72C054FB45835E3FD88571246096304340C9
    Malicious:false
    Reputation:low
    Preview:2024/04/24-00:51:13.376 1ebc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/24-00:51:13.378 1ebc Recovering log #3.2024/04/24-00:51:13.378 1ebc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240423225117Z-160.bmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
    Category:dropped
    Size (bytes):71190
    Entropy (8bit):0.5277797009859785
    Encrypted:false
    SSDEEP:48:Wa7b51wwAwj6JoClOvaiPMM+pkrK8yKULg6+qVkH:FIeIlGMMqkWLH0
    MD5:1DA0CC4580C9A5E947232743C61F94B1
    SHA1:0D4BC4E525BA9913BA7CFAAA09D51DD5A5AB1CBA
    SHA-256:FD81A7F3CA249DA09AD8EF7BBCEA15B01776EDBCF789AD90754A854D6DD70106
    SHA-512:A43270B9B1CF1201677F7ADD26608A2FC2575B099938A50DA05A754AE5780F8A22F4364DD13500CE1B378637F7A6FAB660CB132320409DE39D5AF956CB680586
    Malicious:false
    Reputation:low
    Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
    Category:dropped
    Size (bytes):86016
    Entropy (8bit):4.445054926221518
    Encrypted:false
    SSDEEP:384:yezci5tWiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rZs3OazzU89UTTgUL
    MD5:DB3BF951417FCB82E6426265B0516DB3
    SHA1:D91BAE9EDF3C4326D54D143405A27F15B16D83AA
    SHA-256:A7FC8E37AA96DCD3B3BB053D11BFA4A945C98FF565ABD6119566644FB35AEED4
    SHA-512:7A95F87ADECF646434ADC4654A7F2E922AC4C9572E492CD028D390BF1B48C87C77FB18B5E17E521087051B9410BB1527E884970CDEE1FA868488C37EF4FF85FC
    Malicious:false
    Reputation:low
    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):8720
    Entropy (8bit):3.7745912569016262
    Encrypted:false
    SSDEEP:48:7M1p/E2ioyVvDioy9oWoy1Cwoy1qwKOioy1noy1AYoy1Wioy1hioybioy8soy1nH:7WpjuvDF50XKQz+Fb9IVXEBodRBkf
    MD5:8E019010E51EEC74220233E3917A85E3
    SHA1:E81FB7C04FC274AD94B41D4FEBBD72F848493BA8
    SHA-256:525D1FECDC030867622B39C9EF762B84A8B121FADB698B5C0A8F3A74409DC42D
    SHA-512:34DA088783CADE5EB6EEC1429E268274981976C2F89465812F1948D1BC3D325B6F5C8030264369FD83D1688A2E23768CFA4BC1594CAA2A9E5BE2C4975FDD5AC7
    Malicious:false
    Reputation:low
    Preview:.... .c......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7500

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PostScript document text
    Category:dropped
    Size (bytes):185099
    Entropy (8bit):5.182478651346149
    Encrypted:false
    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
    MD5:94185C5850C26B3C6FC24ABC385CDA58
    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
    Malicious:false
    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PostScript document text
    Category:dropped
    Size (bytes):185099
    Entropy (8bit):5.182478651346149
    Encrypted:false
    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
    MD5:94185C5850C26B3C6FC24ABC385CDA58
    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
    Malicious:false
    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):243196
    Entropy (8bit):3.3450692389394283
    Encrypted:false
    SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
    MD5:F5567C4FF4AB049B696D3BE0DD72A793
    SHA1:EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
    SHA-256:D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
    SHA-512:E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
    Malicious:false
    Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):295
    Entropy (8bit):5.374617539609132
    Encrypted:false
    SSDEEP:6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJM3g98kUwPeUkwRe9:YvXKX43GxEZc0v2LGMbLUkee9
    MD5:AA6FD79F49DA38BBE3C875B972DF4DD0
    SHA1:8649BC5C12E3528E611E9544ED77B4736E34DA34
    SHA-256:374D4BD3C6067C057975292AAB9FEF8A3D1733499AA1B295A29BC1ED48008CBC
    SHA-512:7BCC74DA8E577B7D9DBCA3DB58845B407ADCD6CED7A0F52BB6B256D647E6D763B0C9EBB0A95986F0122029A1B292E35186C93274493B3125D0AFB806194B5397
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"793c3e36-9760-45fb-a091-5dffd37539c6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714087054271,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.324115486998541
    Encrypted:false
    SSDEEP:6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJfBoTfXpnrPeUkwRe9:YvXKX43GxEZc0v2LGWTfXcUkee9
    MD5:FB3DB93F9569B1220BA2876C2AABCDD5
    SHA1:F2197A3123F1E9D2CB57B7C040C9109B7BDBD235
    SHA-256:CDDC8F1417431143CA3C1B709DE6D3DC5AA0CB03FB808FCF28EDF6D7AAD233C9
    SHA-512:E847D0B571C68F1A1F22988FB9AE613B287A5424995F0E7C3D57BB85CB5F4CA136471F6863AA1A0E4BF6E26ED019834FD58A106E32F802A4BB1519E21949B00E
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"793c3e36-9760-45fb-a091-5dffd37539c6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714087054271,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.302374982356348
    Encrypted:false
    SSDEEP:6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJfBD2G6UpnrPeUkwRe9:YvXKX43GxEZc0v2LGR22cUkee9
    MD5:6B006A78EFC2AF7851EDA906638C4B32
    SHA1:A3B21776B9B73B548665B7B2076A9BB62604903A
    SHA-256:BD7B5647EDB7A744E3CF0C643825EA4AA9573B0C79CD5705FE9D22D2772C1A3F
    SHA-512:D37ADF57B63592376E4CD167799A95D476DB48E66CC7629A6ADA09221FD01DB5EC4D04700FD845427E15BC6EB113B1DC5047CEAA4F01D7E8950FBF9418C13FCE
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"793c3e36-9760-45fb-a091-5dffd37539c6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714087054271,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):285
    Entropy (8bit):5.362022928375938
    Encrypted:false
    SSDEEP:6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJfPmwrPeUkwRe9:YvXKX43GxEZc0v2LGH56Ukee9
    MD5:42016F148F98B1D2AE118C40A11B2CD2
    SHA1:AA296D42E408A5B485E42B4BE07DA80470BCDBEB
    SHA-256:DB537225A4551155F4BA6498C2B109C968D3039CD211E51E69E5A81612FEE3C8
    SHA-512:F5FAA0725067BAD0F34F7F02B1C1DCA90E2DBE04523C5B583BF1B0BF9E508689FEF412D3AFC426C46328738FABAF06B2DBE175162BCEC9FF5CA5A2F54C57E7D1
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"793c3e36-9760-45fb-a091-5dffd37539c6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714087054271,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.322533739811728
    Encrypted:false
    SSDEEP:6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJfJWCtMdPeUkwRe9:YvXKX43GxEZc0v2LGBS8Ukee9
    MD5:EAFBA14CB2EC04A834D039682339A28B
    SHA1:9DD742C09A99D2143FC11A06C376530D2979A12A
    SHA-256:CF9F1DD7143C997252FF3CED90E84A09CF8E3B8AD3D1885F0C75358F1E667C95
    SHA-512:AE47AF63126235631191AF4940D897788A2D798ED4F8FE80448A726592766E43A1D8719B821166C1B159E42FD0835E75024A262EE3461945921367D4A2639109
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"793c3e36-9760-45fb-a091-5dffd37539c6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714087054271,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.309256454056443
    Encrypted:false
    SSDEEP:6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJf8dPeUkwRe9:YvXKX43GxEZc0v2LGU8Ukee9
    MD5:D26166CEF142860744632C9FFE2E60C1
    SHA1:2BF340323CC809F968144EC178B615A4F41563FF
    SHA-256:7159F094184F8EA37447E2B81E0EF455BF2764AFA859ABD9CCAECDF068070119
    SHA-512:9C04D9AC6AAAFEEE66BE31D34AC03216A0B7BA73AF77EC39DE77F4A82155E689F32C6B9B7411CDCFE9A9B0BBA939B40BC93A5FB1B8D8E6C05D317D9636F88388
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"793c3e36-9760-45fb-a091-5dffd37539c6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714087054271,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.3130437911393305
    Encrypted:false
    SSDEEP:6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJfQ1rPeUkwRe9:YvXKX43GxEZc0v2LGY16Ukee9
    MD5:073371B38AA90A11CCE766FD2607DA2F
    SHA1:1DACB42377AEB70A1346044CB2753AACE7F80C60
    SHA-256:61BD3D867A2DA49CF4E496510C4B0A318B9063080AE143EEB18A8D91C2E07F13
    SHA-512:EA98915F4E1BA7B2A37375C61FC6FB6F550784FFDC7416ED487837503CE24E4B1F9CD75B906DB00B77A3CD90E8184FA22FBDD587C603FB32E81D283B1CF14E2E
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"793c3e36-9760-45fb-a091-5dffd37539c6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714087054271,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.3185595381138535
    Encrypted:false
    SSDEEP:6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJfFldPeUkwRe9:YvXKX43GxEZc0v2LGz8Ukee9
    MD5:9480D4B6E2EC3F263A6C0A02EC7E216D
    SHA1:A9C5C2575B4B30EAE8AC779B4D94659974DC8C1D
    SHA-256:BF9888B385FD7D90196E592CF0A587C81FA26B3BA8BDD11539B30E436084DD0E
    SHA-512:373EEF72811DF713CE7F8AB84832B74F245891049AED79879536856B27449945A20CAE368BB233EE847D6D643871B50DA8E2631A86BDE3DE16985F4C3745F42D
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"793c3e36-9760-45fb-a091-5dffd37539c6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714087054271,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1372
    Entropy (8bit):5.740915754943822
    Encrypted:false
    SSDEEP:24:Yv6X4KEzvCKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJN4s1:YvT1qEgigrNt0wSJn+ns8cvFJSs1
    MD5:3787E96E376CE9DFCC114BF9963A49B6
    SHA1:C0C6398AC365C1214FA62059BC84A3A21EA44D07
    SHA-256:9C5318E1379E8B639DF68D378599792254220DD19D5EA039A9711DA488D8873D
    SHA-512:0E9C2942F8EE0B814F9D9E396DA727C516B0C069183ABE29A04B8BC69D0190B0F66A457EF21F1AE8393542095EBFFCFC0A210DB283B2EB46FE7058BF7A6F564C
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"793c3e36-9760-45fb-a091-5dffd37539c6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714087054271,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.3158409530045345
    Encrypted:false
    SSDEEP:6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJfYdPeUkwRe9:YvXKX43GxEZc0v2LGg8Ukee9
    MD5:4BBB1B878B4B05ECFAF57AE376B5B005
    SHA1:024F6FC62FDEB133A3A36393DE563FF3DBB5B811
    SHA-256:C85E95613B8827F623A2F8FC4E9D49E466FF3E5F3E514CAA02BEB397284DCF00
    SHA-512:30E257FEA1E97C26E77871822A79D70AA55C800CD653289B80688C5F95AD6B444F4F756076AB0428D9869828818B2A7772DE71CE683BA9D58F1A639395A1B0D0
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"793c3e36-9760-45fb-a091-5dffd37539c6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714087054271,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1395
    Entropy (8bit):5.776391436326464
    Encrypted:false
    SSDEEP:24:Yv6X4KEzvBrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNgs1:YvT1ZHgDv3W2aYQfgB5OUupHrQ9FJes1
    MD5:8F32D33DE23004B9A4907AAF13A374AE
    SHA1:961236D84F1FB8ACC5109081E7DDA43B4886D1E1
    SHA-256:40093B6225FE413BEDDD3FAC7BF71E3411F0E581EB204EC7A36A1D4ED765F276
    SHA-512:F0ECE7B4C6ABF9FFAFA9DE7EBD2771055D53EF481ECC3E03D2AF55C3F68536502C9ADB493602B3EE275695D3320BF39128FB34C72DF94D54314450C2035F2E6A
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"793c3e36-9760-45fb-a091-5dffd37539c6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714087054271,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):291
    Entropy (8bit):5.299279178149156
    Encrypted:false
    SSDEEP:6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJfbPtdPeUkwRe9:YvXKX43GxEZc0v2LGDV8Ukee9
    MD5:001D7610CE4FB76EC128966C94E3D7B0
    SHA1:6C0514F92EEF4370C0DD91566C6739E06F1A739D
    SHA-256:85FFF4300CE0D8CB857CEC71E6FA0EABB0FFD3770F2A8408B70B60137F3AC74D
    SHA-512:1EC4B2A8B40380D76106927E55A4992765CFC919E4CD313FAB5A9FD19113F3FEE6D4BBCBCF3618939577B67B012AC84A4B2DF834606FA3BC19803B41C749CE59
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"793c3e36-9760-45fb-a091-5dffd37539c6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714087054271,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):287
    Entropy (8bit):5.303835512619937
    Encrypted:false
    SSDEEP:6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJf21rPeUkwRe9:YvXKX43GxEZc0v2LG+16Ukee9
    MD5:397C8CF615E5D0CFF83937B31842ED73
    SHA1:A772FCCB9BC84A77E6517A27E34C207F8EFCC30F
    SHA-256:A16A0B07BBAA3279BD692A5A5134F1CC3F3BE44F197A0CB40E513AB2D074DA61
    SHA-512:9B16355B6218B72BB0F77EE453BA123754C91DB484E2F0388812709773EAEEAFA9E254C34674AE1806CD9F34F6806CEDC11C6DE8D157CBE1680FC995611AEF49
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"793c3e36-9760-45fb-a091-5dffd37539c6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714087054271,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.322382263688461
    Encrypted:false
    SSDEEP:6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJfbpatdPeUkwRe9:YvXKX43GxEZc0v2LGVat8Ukee9
    MD5:4043180C2EC8B92E5629967ED112344D
    SHA1:3CB8B75E34FD2DDD8F1B269A7F968846CCC192DA
    SHA-256:696BF4251B95BC4F799CBC12D9C4A035C551AEA3DC9B8677E26C9FD626BE4543
    SHA-512:174C5F923A2A7C69EE047B7507C28E55BCAA9ED53B6A496648C256D7086C32667E30491BFEBFE2DD9EC9105307515D9CD46F5635BC20D7AF84013118E1F4F47E
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"793c3e36-9760-45fb-a091-5dffd37539c6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714087054271,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):286
    Entropy (8bit):5.279550113055859
    Encrypted:false
    SSDEEP:6:YEQXJ2HX43GIwH9VoZcg1vRcR0Y9FKoAvJfshHHrPeUkwRe9:YvXKX43GxEZc0v2LGUUUkee9
    MD5:71D9E5E367BAF300A3942B339F903BD9
    SHA1:A371249CCCA991EE0892D5BFE54E7E01742B80D9
    SHA-256:ED862A7E2A33365BBF26F58A16B2798302BBDCBA30F700965BBF09C589BADAE7
    SHA-512:6948F4BF9619BF00511A6A65AA30775CAAC9DFA9016DF19985AFAB8684E53C72E26676FD76160F165AA0046ED06A11EB187E597682A3716A93B3E642817F883C
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"793c3e36-9760-45fb-a091-5dffd37539c6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714087054271,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):782
    Entropy (8bit):5.370189768516838
    Encrypted:false
    SSDEEP:12:YvXKX43GxEZc0v2LGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWEs1:Yv6X4KEzvQ168CgEXX5kcIfANhRs1
    MD5:BFE934E265011237F99A27B196E5CA11
    SHA1:2879FA620BC487CF0411098A615F0A2F8360A16E
    SHA-256:ADD23463B6408F3A39BDC7F772DC51DE1931C2985849CFEFD1BF5D319EFABDBA
    SHA-512:80B0FFED3A16737405CE4BDFCDF1647C3651F28C48E105B133FE0DE01999F6CE99544F9AEEA83EF8B6838EB2B3583D75CC9A8DA30FF28E7775C1CC5C0C78EBE1
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"793c3e36-9760-45fb-a091-5dffd37539c6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714087054271,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1713912679341}}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):4
    Entropy (8bit):0.8112781244591328
    Encrypted:false
    SSDEEP:3:e:e
    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
    Malicious:false
    Preview:....

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):2814
    Entropy (8bit):5.136924309834144
    Encrypted:false
    SSDEEP:24:YzX1z/B5CR+iK+T1eRB6sHjqaZayXGRrfNoaaejDQj0SOla2j92LSYzt5W5i9odY:YzXt/vziK+Tcn6whGpFRDilgqztki9t
    MD5:3312BBC2D712A888353F5330352E68B8
    SHA1:7BC97CEF4C06ABDFB41B8AE84FC9BFA0C1459DF8
    SHA-256:C08FA9BB33BECAD9BA904FBD630ECD626438257B8236FB5110EAC7469F7E86C5
    SHA-512:77DA85C255A0580F4EC24836942F843BA6C1606EABF055D89D3C38D7BA18C41CA71187903166912B905ACD0F8C46FF8B8C5E0504F4D7B49BBD8F176E6A64E5B1
    Malicious:false
    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"0db77879f39a6cd2b31897fe5e2fcdfe","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713912678000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"36f41581c168a1a60be59a68e6bd7ac7","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713912678000},{"id":"Edit_InApp_Aug2020","info":{"dg":"e07a8f830211cdcfa9610b68f26fc691","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713912678000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"5a876844a914e99cae64e724838ffea6","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713912678000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"253265897dd12135aa44250f9d29021e","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713912678000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"41669f7b0fc5e5c2ff1394b7e160e97c","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713912678000},

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
    Category:dropped
    Size (bytes):12288
    Entropy (8bit):1.1876887650691321
    Encrypted:false
    SSDEEP:48:TGufl2GL7msEHUUUUUUUUljrSvR9H9vxFGiDIAEkGVvpxjD:lNVmswUUUUUUUUl3+FGSItl3
    MD5:0719F32122084219F442052F9D36323F
    SHA1:15EC64BD9D7246EA0F68E1AAF98929B114F3241A
    SHA-256:820DA050AF8B9175664872E600113A064826C092C3FADB6356047D6BECD16700
    SHA-512:599411D3F2E190FA04A0DC402D87E13451B5007A94DCDFFBED50ACFB085EC6A6685AFA763689D7B9C06E8903D9965337600A9F02E6746DB975E4B0A6419D76EF
    Malicious:false
    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):8720
    Entropy (8bit):1.6063345034393857
    Encrypted:false
    SSDEEP:48:7MFKUUUUUUUUUUlj/vR9H9vxFGiDIAEkGVvXwqFl2GL7msT:7/UUUUUUUUUUlbFGSItpwKVmsT
    MD5:33175D7E65BBDF81B6E23061055960C9
    SHA1:F50005E1C09A190F382350EE37BB8C98CF5CDACA
    SHA-256:C83E0F17F088900DB71A31D58C034F62B9B9F5999E51E467D312F1416B9F4C00
    SHA-512:7148DB896D86CC4DDCAC60AB22606B56E36D0BBBDED66C9205343A28CE7362F1E1480EDA255C5FC7D30C32F049C35699D277A7898992BF25C224A48A63C3C0EC
    Malicious:false
    Preview:.... .c......5O......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\MSIe2c61.LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):246
    Entropy (8bit):3.4985264301455885
    Encrypted:false
    SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c+glYH:Qw946cPbiOxDlbYnuRKHrYH
    MD5:A7899F5C3F80188730F95574E9EB7FBA
    SHA1:A378BD6BB2CA724DC9522F863892F4DC187B3F19
    SHA-256:F77E5CE050E2F13C3CF2D8857957EE91C14EEC71C0A9B0D5598BD93285C9CA0C
    SHA-512:EE4139BC42B7CEB8ECA9E0AB0902BA503ED86B44D336A46DD0E1710F0F2B89D019B18E3348F250AD069EEB9B0F4A58F99C4FD5708DA7F4CBC99AB2C4160B4848
    Malicious:false
    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.0.4./.2.0.2.4. . .0.0.:.5.1.:.2.0. .=.=.=.....

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 00-51-15-400.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393)
    Category:dropped
    Size (bytes):16525
    Entropy (8bit):5.345946398610936
    Encrypted:false
    SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
    MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
    SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
    SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
    SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
    Malicious:false
    Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393), with CRLF line terminators
    Category:dropped
    Size (bytes):16603
    Entropy (8bit):5.3459923546863175
    Encrypted:false
    SSDEEP:384:b481UIJElGAKfGmCQT0OyUAw/MuLjXkQTCUmS06vRu0GMabLMb0dadg1sKkmxBlw:wKb
    MD5:0673D83A039EC5F13903EBB5148B8A33
    SHA1:A6CE2EF18DBA673DA6AACAD08548E145E37FA286
    SHA-256:884D6BDAF9199CF416095F552454545F476B94010069A2A9DA07636BA9E411A5
    SHA-512:C7AA12DFBE30F72D5BA25346B83AC990A1B6227CB8B0DF3992F45E51E0A0E208B4A90B6806360B1583181AD54DA84385D8F3AA7FA100D1BA7D33D94D49222C00
    Malicious:false
    Preview:SessionID=7e108e08-8f0b-44b2-ba5c-bf5cefc1f806.1713912675425 Timestamp=2024-04-24T00:51:15:425+0200 ThreadID=5752 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=7e108e08-8f0b-44b2-ba5c-bf5cefc1f806.1713912675425 Timestamp=2024-04-24T00:51:15:426+0200 ThreadID=5752 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=7e108e08-8f0b-44b2-ba5c-bf5cefc1f806.1713912675425 Timestamp=2024-04-24T00:51:15:426+0200 ThreadID=5752 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=7e108e08-8f0b-44b2-ba5c-bf5cefc1f806.1713912675425 Timestamp=2024-04-24T00:51:15:426+0200 ThreadID=5752 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=7e108e08-8f0b-44b2-ba5c-bf5cefc1f806.1713912675425 Timestamp=2024-04-24T00:51:15:426+0200 ThreadID=5752 Component=ngl-lib_NglAppLib Description="SetConf

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):29845
    Entropy (8bit):5.384557467093507
    Encrypted:false
    SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rx:F
    MD5:CE186F30E3C43185FD3F3755A6AEB7E1
    SHA1:18F9062F474BF38255240F695A540C11DCD559D5
    SHA-256:37EA90D781C66E5041C762359AC7FEF0E7940C6CC99B851FD72C0F3692A49A2C
    SHA-512:D9A1010B34ACA6CD89AFD33D49F9413C13685C29548AB579CC274FCD8EB37D1613FB0C8F1594511E4E591500E3B0FFD3A06E2071EDEE9CB3E00EA7AB921AB08C
    Malicious:false
    Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

    C:\Users\user\AppData\Local\Temp\acrocef_low\35ba79be-77f4-48b8-a25b-c165cd8f815d.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
    Category:dropped
    Size (bytes):1419751
    Entropy (8bit):7.976496077007677
    Encrypted:false
    SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
    MD5:18E3D04537AF72FDBEB3760B2D10C80E
    SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
    SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
    SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
    Malicious:false
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    C:\Users\user\AppData\Local\Temp\acrocef_low\3d42f450-6734-4bb7-8f4f-d4560f82fca9.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
    Category:dropped
    Size (bytes):758601
    Entropy (8bit):7.98639316555857
    Encrypted:false
    SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
    MD5:3A49135134665364308390AC398006F1
    SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
    SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
    SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
    Malicious:false
    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

    C:\Users\user\AppData\Local\Temp\acrocef_low\a2331c65-8b63-4134-be8f-debf07f4ef67.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
    Category:dropped
    Size (bytes):1407294
    Entropy (8bit):7.97605879016224
    Encrypted:false
    SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
    MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
    SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
    SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
    SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
    Malicious:false
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    C:\Users\user\AppData\Local\Temp\acrocef_low\e8daefcb-2d4c-4ad9-a08e-3d4373e08b66.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
    Category:dropped
    Size (bytes):386528
    Entropy (8bit):7.9736851559892425
    Encrypted:false
    SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
    MD5:5C48B0AD2FEF800949466AE872E1F1E2
    SHA1:337D617AE142815EDDACB48484628C1F16692A2F
    SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
    SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
    Malicious:false
    Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

    Static File Info

    General

    File type:PDF document, version 1.7, 1 pages
    Entropy (8bit):7.798830405891438
    TrID:
    • Adobe Portable Document Format (5005/1) 100.00%
    File name:APEFT-Remit.pdf
    File size:8'523 bytes
    MD5:2a0dc631f6524b80081e228e32d23249
    SHA1:5f68eac68959003035c87951f2fb60a197ee3996
    SHA256:8c472eef2d4f66ca6d5d6e0492c041313ca57c5760ef27555b0af763ff4b96dc
    SHA512:6f7f0ccda910dfd37fc477174076d52255a4f85ade7654d86d1e405426d4668db84b6b61c8633d4830106e66ac4783698a95cf8752a6d508239e7523ad0e5751
    SSDEEP:192:b0UOhdi0E7OW6Th918Hr2SAeGRAJ979o7VEOf04TOULUjxUbf9LtdM:b0JEX7v6l9OL25kzgf0GYjxUb9tdM
    TLSH:12027C5B19488EC9F49AC7D93F0A1DD25FCA8310A2257CC739EC4F8B7301D87A88261B
    File Content Preview:%PDF-1.7..2 0 obj..[/PDF /Text /ImageB /ImageC /ImageI]..endobj..7 0 obj..<</Length 8 0 R../Filter /FlateDecode >>..stream..X..ZYo.7.~......-........#u..TR.E...&QaJ.,......g.rO.9.+..7.83.1...W.#..X.*. .H..".P..]F~'....RR...'...i..5Q.{.$'...&IB...+~.>....q

    File Icon

    Icon Hash:62cc8caeb29e8ae0

    Static PDF Info

    General

    Header:%PDF-1.7
    Total Entropy:7.798830
    Total Bytes:8523
    Stream Entropy:7.858603
    Stream Bytes:7280
    Entropy outside Streams:5.201466
    Bytes outside Streams:1243
    Number of EOF found:1
    Bytes after EOF:

    Keywords Statistics

    NameCount
    obj11
    endobj11
    stream3
    endstream3
    xref0
    trailer0
    startxref1
    /Page1
    /Encrypt0
    /ObjStm0
    /URI0
    /JS0
    /JavaScript0
    /AA0
    /OpenAction0
    /AcroForm0
    /JBIG2Decode0
    /RichMedia0
    /Launch0
    /EmbeddedFile0

    Image Streams

    IDDHASHMD5Preview
    5009c2d2d1c37070bc25d3da4102f87340f1961ca2b376448

    Network Behavior

    Network Port Distribution

    TCP Packets

    TimestampSource PortDest PortSource IPDest IP
    Apr 24, 2024 00:51:25.988162041 CEST49740443192.168.2.472.247.96.179
    Apr 24, 2024 00:51:25.988246918 CEST4434974072.247.96.179192.168.2.4
    Apr 24, 2024 00:51:25.988358974 CEST49740443192.168.2.472.247.96.179
    Apr 24, 2024 00:51:25.988567114 CEST49740443192.168.2.472.247.96.179
    Apr 24, 2024 00:51:25.988590002 CEST4434974072.247.96.179192.168.2.4
    Apr 24, 2024 00:51:26.475649118 CEST4434974072.247.96.179192.168.2.4
    Apr 24, 2024 00:51:26.478240967 CEST49740443192.168.2.472.247.96.179
    Apr 24, 2024 00:51:26.478286028 CEST4434974072.247.96.179192.168.2.4
    Apr 24, 2024 00:51:26.479787111 CEST4434974072.247.96.179192.168.2.4
    Apr 24, 2024 00:51:26.479885101 CEST49740443192.168.2.472.247.96.179
    Apr 24, 2024 00:51:26.481848001 CEST49740443192.168.2.472.247.96.179
    Apr 24, 2024 00:51:26.481945992 CEST4434974072.247.96.179192.168.2.4
    Apr 24, 2024 00:51:26.482707024 CEST49740443192.168.2.472.247.96.179
    Apr 24, 2024 00:51:26.482724905 CEST4434974072.247.96.179192.168.2.4
    Apr 24, 2024 00:51:26.526019096 CEST49740443192.168.2.472.247.96.179
    Apr 24, 2024 00:51:26.643876076 CEST4434974072.247.96.179192.168.2.4
    Apr 24, 2024 00:51:26.643950939 CEST4434974072.247.96.179192.168.2.4
    Apr 24, 2024 00:51:26.644166946 CEST49740443192.168.2.472.247.96.179
    Apr 24, 2024 00:51:26.644567013 CEST49740443192.168.2.472.247.96.179
    Apr 24, 2024 00:51:26.644610882 CEST4434974072.247.96.179192.168.2.4

    HTTP Request Dependency Graph

    • armmf.adobe.com

    HTTPS Proxied Packets

    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    0192.168.2.44974072.247.96.1794437836C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    TimestampBytes transferredDirectionData
    2024-04-23 22:51:26 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
    Host: armmf.adobe.com
    Connection: keep-alive
    Accept-Language: en-US,en;q=0.9
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: no-cors
    Sec-Fetch-Dest: empty
    Accept-Encoding: gzip, deflate, br
    If-None-Match: "78-5faa31cce96da"
    If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
    2024-04-23 22:51:26 UTC198INHTTP/1.1 304 Not Modified
    Content-Type: text/plain; charset=UTF-8
    Last-Modified: Mon, 01 May 2023 15:02:33 GMT
    ETag: "78-5faa31cce96da"
    Date: Tue, 23 Apr 2024 22:51:26 GMT
    Connection: close


    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    High Level Behavior Distribution

    Click to dive into process behavior distribution

    Behavior

    Click to jump to process

    System Behavior

    General

    Target ID:0
    Start time:00:51:12
    Start date:24/04/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\APEFT-Remit.pdf"
    Imagebase:0x7ff6bc1b0000
    File size:5'641'176 bytes
    MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:moderate
    Has exited:true

    General

    Target ID:1
    Start time:00:51:12
    Start date:24/04/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
    Imagebase:0x7ff74bb60000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:moderate
    Has exited:true

    General

    Target ID:3
    Start time:00:51:13
    Start date:24/04/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1752,i,5616625130128595369,995304234985773419,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    Imagebase:0x7ff74bb60000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:moderate
    Has exited:true

    Disassembly

    No disassembly