Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Beneficiary Contract Sheet.pdf

Overview

General Information

Sample name:Beneficiary Contract Sheet.pdf
Analysis ID:1430627
MD5:014fbc355a22792ee23e460e82dd52ff
SHA1:c9b9512496624203adfbc90a4fe46964b5165c56
SHA256:051591c74050eb80d7ddb316e591bd5fb2edb9a848dae95c5cd1f7a579e4940b
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 7056 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Beneficiary Contract Sheet.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6384 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6300 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1608,i,8949762994089980583,15343716455467206411,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.16:49705 -> 23.15.136.202:443
Source: global trafficTCP traffic: 192.168.2.16:49705 -> 23.15.136.202:443
Source: global trafficTCP traffic: 192.168.2.16:49705 -> 23.15.136.202:443
Source: global trafficTCP traffic: 192.168.2.16:49705 -> 23.15.136.202:443
Source: global trafficTCP traffic: 192.168.2.16:49705 -> 23.15.136.202:443
Source: global trafficTCP traffic: 192.168.2.16:49705 -> 23.15.136.202:443
Source: global trafficTCP traffic: 192.168.2.16:49705 -> 23.15.136.202:443
Source: global trafficTCP traffic: 192.168.2.16:49705 -> 23.15.136.202:443
Source: global trafficTCP traffic: 192.168.2.16:49705 -> 23.15.136.202:443
Source: global trafficTCP traffic: 192.168.2.16:49705 -> 23.15.136.202:443
Source: global trafficTCP traffic: 192.168.2.16:49705 -> 23.15.136.202:443
Source: global trafficTCP traffic: 192.168.2.16:49705 -> 23.15.136.202:443
Source: global trafficTCP traffic: 23.15.136.202:443 -> 192.168.2.16:49705
Source: global trafficTCP traffic: 192.168.2.16:49705 -> 23.15.136.202:443
Source: global trafficTCP traffic: 192.168.2.16:49705 -> 23.15.136.202:443
Source: global trafficTCP traffic: 23.15.136.202:443 -> 192.168.2.16:49705
Source: global trafficTCP traffic: 23.15.136.202:443 -> 192.168.2.16:49705
Source: global trafficTCP traffic: 192.168.2.16:49705 -> 23.15.136.202:443
Source: global trafficTCP traffic: 23.15.136.202:443 -> 192.168.2.16:49705
Source: global trafficTCP traffic: 23.15.136.202:443 -> 192.168.2.16:49705
Source: global trafficTCP traffic: 192.168.2.16:49705 -> 23.15.136.202:443
Source: global trafficTCP traffic: 192.168.2.16:49705 -> 23.15.136.202:443
Source: global trafficTCP traffic: 192.168.2.16:49705 -> 23.15.136.202:443
Source: global trafficTCP traffic: 23.15.136.202:443 -> 192.168.2.16:49705
Source: global trafficTCP traffic: 192.168.2.16:49705 -> 23.15.136.202:443
Source: global trafficTCP traffic: 23.15.136.202:443 -> 192.168.2.16:49705
Source: global trafficTCP traffic: 192.168.2.16:49705 -> 23.15.136.202:443
Source: global trafficTCP traffic: 23.15.136.202:443 -> 192.168.2.16:49705
Source: global trafficTCP traffic: 23.15.136.202:443 -> 192.168.2.16:49705
Source: global trafficTCP traffic: 192.168.2.16:49705 -> 23.15.136.202:443
Source: global trafficTCP traffic: 192.168.2.16:49705 -> 23.15.136.202:443
Source: global trafficTCP traffic: 23.15.136.202:443 -> 192.168.2.16:49705
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br
Source: unknownTCP traffic detected without corresponding DNS query: 23.15.136.202
Source: unknownTCP traffic detected without corresponding DNS query: 23.15.136.202
Source: unknownTCP traffic detected without corresponding DNS query: 23.15.136.202
Source: unknownTCP traffic detected without corresponding DNS query: 23.15.136.202
Source: unknownTCP traffic detected without corresponding DNS query: 23.15.136.202
Source: unknownTCP traffic detected without corresponding DNS query: 23.15.136.202
Source: unknownTCP traffic detected without corresponding DNS query: 23.15.136.202
Source: unknownTCP traffic detected without corresponding DNS query: 23.15.136.202
Source: unknownTCP traffic detected without corresponding DNS query: 23.15.136.202
Source: unknownTCP traffic detected without corresponding DNS query: 23.15.136.202
Source: unknownTCP traffic detected without corresponding DNS query: 23.15.136.202
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br
Source: 0e1eac64-599c-4aff-a258-e48683c7e142.tmp.3.dr, b91f9ec6-56df-4663-9fc3-dca6243b5ee1.tmp.3.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: classification engineClassification label: clean1.winPDF@15/44@0/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7144Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 00-56-45-035.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Beneficiary Contract Sheet.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1608,i,8949762994089980583,15343716455467206411,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1608,i,8949762994089980583,15343716455467206411,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Beneficiary Contract Sheet.pdfInitial sample: PDF keyword /JS count = 0
Source: Beneficiary Contract Sheet.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Beneficiary Contract Sheet.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive12
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1430627 Sample: Beneficiary Contract Sheet.pdf Startdate: 24/04/2024 Architecture: WINDOWS Score: 1 6 Acrobat.exe 20 66 2->6         started        process3 8 AcroCEF.exe 106 6->8         started        process4 10 AcroCEF.exe 6 8->10         started        dnsIp5 13 23.15.136.202, 443, 49705 AKAMAI-ASUS United States 10->13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Beneficiary Contract Sheet.pdf17%ReversingLabsWin32.Trojan.Generic

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://chrome.cloudflare-dns.com0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://chrome.cloudflare-dns.com0e1eac64-599c-4aff-a258-e48683c7e142.tmp.3.dr, b91f9ec6-56df-4663-9fc3-dca6243b5ee1.tmp.3.drfalse
  • URL Reputation: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
23.15.136.202
unknownUnited States
16625AKAMAI-ASUSfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1430627
Start date and time:2024-04-24 00:56:18 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 39s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:17
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:Beneficiary Contract Sheet.pdf
Detection:CLEAN
Classification:clean1.winPDF@15/44@0/1
Cookbook Comments:
  • Found application associated with file extension: .pdf

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 23.1.100.158, 52.5.13.197, 52.202.204.11, 23.22.254.206, 54.227.187.23, 172.64.41.3, 162.159.61.3, 23.220.73.10, 23.220.73.15
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, ssl-delivery.adobe.com.edgekey.net, acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, ctldl.windowsupdate.com, p13n.adobe.io, geo2.adobe.com, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing behavior information.
  • VT rate limit hit for: Beneficiary Contract Sheet.pdf

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
23.15.136.202desktop-20a11ho.lnkGet hashmaliciousUnknownBrowse

    Domains

    No context

    ASNs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    AKAMAI-ASUShttps://netorg442802-my.sharepoint.com/:b:/g/personal/darek_daronto_com/EeXtnEaZ3XJBqGk13it6odUB-K9vuYAC7zp7SfyciZ3BpQ?e=nkKu2wGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
    • 23.43.51.75
    EXTERNAL Bonnie St Dryden is inviting you to collaborate on One_docx(Apr 23) DOC3848493.msgGet hashmaliciousHTMLPhisherBrowse
    • 23.223.31.231
    https://lithiuimvalley.com/ssdGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
    • 96.17.33.186
    file.exeGet hashmaliciousVidarBrowse
    • 23.47.27.74
    https://sunhos-my.sharepoint.com/:b:/g/personal/mcaffrey_suncrestcare_com/EVEm8VhV9TBDp7AQUrliImYB4Kt7rXcd_m6-8qNUjxBhTA?e=P3XNTL&xsdata=MDV8MDJ8cHJpY2hhcmRzb25AY2FsdG9uLmNvbXxkM2U5ZTc1MTlkNDA0NmI2OWMzODA4ZGM2M2JhOTA4Y3w3YjU1NzU2YTg5NTg0ZWNlODFkYzVkYTZhYmRiNmE5N3wwfDB8NjM4NDk0OTAwMTUyMzMwMjUxfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=TldIbEg2OTJiSkRUS29RRElmU3dYbTBRQUlqUTBBMXZPcGlIaTlzNnlOQT0%3dGet hashmaliciousHTMLPhisherBrowse
    • 23.50.113.17
    file.exeGet hashmaliciousVidarBrowse
    • 23.65.246.108
    Remittance. #U0440df.htmlGet hashmaliciousHTMLPhisherBrowse
    • 23.193.106.150
    https://netorgft12232017-my.sharepoint.com:443/:f:/g/personal/lisa_imjts_com/EsnpAMoHQfhBluK8Y5tDE68BaHrT-12huxTJR_ZqVWR4tA?e=5%3aZZh3dZ&at=9Get hashmaliciousUnknownBrowse
    • 23.210.240.138
    https://www.msn.com/en-us/autos/enthusiasts/what-s-the-difference-between-a-shelby-mustang-and-a-regular-mustang/ar-AA1ntM5Z?ocid=entnewsntp&pc=U531&cvid=8b8aa9e3e14d4164a6a2181020104694&ei=36Get hashmaliciousUnknownBrowse
    • 23.54.44.246
    1mHUcsxKG6.elfGet hashmaliciousMiraiBrowse
    • 23.61.238.0

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):290
    Entropy (8bit):5.154358127215489
    Encrypted:false
    SSDEEP:6:wv++q2PRN2nKuAl9OmbnIFUt8hviZmw+hv+VkwORN2nKuAl9OmbjLJ:wvvvaHAahFUt8hvi/+hvO5JHAaSJ
    MD5:24B6F7CCF1FDB6D03637DF4F6C9A8AB0
    SHA1:F704A035D52206200D469804D029B016B8D143B0
    SHA-256:1C082AC501394A407A0983249723758CCD1B83F8ED4F8438DF311AAF2D1F51B0
    SHA-512:CFBE66701A1748C2D2FE9476A34461572DEC5EC01E1DE6C2F3FA635C1539035ECF65059B91BFC7111E567FCFFD2BB3253593C5BEB868D04B3147CE966DB7450A
    Malicious:false
    Reputation:low
    Preview:2024/04/24-00:56:43.403 18a8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/24-00:56:43.403 18a8 Recovering log #3.2024/04/24-00:56:43.403 18a8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):290
    Entropy (8bit):5.154358127215489
    Encrypted:false
    SSDEEP:6:wv++q2PRN2nKuAl9OmbnIFUt8hviZmw+hv+VkwORN2nKuAl9OmbjLJ:wvvvaHAahFUt8hvi/+hvO5JHAaSJ
    MD5:24B6F7CCF1FDB6D03637DF4F6C9A8AB0
    SHA1:F704A035D52206200D469804D029B016B8D143B0
    SHA-256:1C082AC501394A407A0983249723758CCD1B83F8ED4F8438DF311AAF2D1F51B0
    SHA-512:CFBE66701A1748C2D2FE9476A34461572DEC5EC01E1DE6C2F3FA635C1539035ECF65059B91BFC7111E567FCFFD2BB3253593C5BEB868D04B3147CE966DB7450A
    Malicious:false
    Reputation:low
    Preview:2024/04/24-00:56:43.403 18a8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/24-00:56:43.403 18a8 Recovering log #3.2024/04/24-00:56:43.403 18a8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):334
    Entropy (8bit):5.1383737109513214
    Encrypted:false
    SSDEEP:6:wv4jyq2PRN2nKuAl9Ombzo2jMGIFUt8hvV1Zmw+hvIvlRkwORN2nKuAl9Ombzo23:wv0yvaHAa8uFUt8hv3/+hvI9R5JHAa8z
    MD5:93D6F503EBA262B8B31BCDCA67785886
    SHA1:1A601B445EBCF3E58A804C948BEBC0C009857954
    SHA-256:16F1323338B10B2C5EFF2330FBDED8382ECC1F98C5857EC5B84EC8E5EDCC8459
    SHA-512:B2634A2AFF45FF78207407478CF907E86D5808605CE128092F36F2E4BEB7639889B72C91A7A1D8EDB3E8F6D97389D5FFC7797275C3A008CDFD5AF182B80E0F91
    Malicious:false
    Reputation:low
    Preview:2024/04/24-00:56:43.299 1930 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/24-00:56:43.302 1930 Recovering log #3.2024/04/24-00:56:43.303 1930 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):334
    Entropy (8bit):5.1383737109513214
    Encrypted:false
    SSDEEP:6:wv4jyq2PRN2nKuAl9Ombzo2jMGIFUt8hvV1Zmw+hvIvlRkwORN2nKuAl9Ombzo23:wv0yvaHAa8uFUt8hv3/+hvI9R5JHAa8z
    MD5:93D6F503EBA262B8B31BCDCA67785886
    SHA1:1A601B445EBCF3E58A804C948BEBC0C009857954
    SHA-256:16F1323338B10B2C5EFF2330FBDED8382ECC1F98C5857EC5B84EC8E5EDCC8459
    SHA-512:B2634A2AFF45FF78207407478CF907E86D5808605CE128092F36F2E4BEB7639889B72C91A7A1D8EDB3E8F6D97389D5FFC7797275C3A008CDFD5AF182B80E0F91
    Malicious:false
    Reputation:low
    Preview:2024/04/24-00:56:43.299 1930 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/24-00:56:43.302 1930 Recovering log #3.2024/04/24-00:56:43.303 1930 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0e1eac64-599c-4aff-a258-e48683c7e142.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:modified
    Size (bytes):403
    Entropy (8bit):4.984291744275657
    Encrypted:false
    SSDEEP:12:YHO8sqZdKsBdOg2H+caq3QYiubrP7E4T3y:YXsUvdMHB3QYhbz7nby
    MD5:ECDE38D74CC226C17BA5280E1907E655
    SHA1:D296508679014CAB2F2A451519A8A4984979667C
    SHA-256:54585E35682F41FF0258C65C7228BAFF70C6DF90BB0123921446346249A7A0DB
    SHA-512:EBD954C551439F6E5D21A43CD44AF034E3D048A153FB0ABC6EC9DD67ED44BB0C3814EFE5CDC848AF33FE2A886B81ECBA537BB88EA687CAEB38D60B4E0FEE856E
    Malicious:false
    Reputation:low
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358473014891731","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":155274},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):403
    Entropy (8bit):4.953858338552356
    Encrypted:false
    SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
    MD5:4C313FE514B5F4E7E89329630909F8DC
    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
    Malicious:false
    Reputation:moderate, very likely benign file
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5fb48c.TMP (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):403
    Entropy (8bit):4.953858338552356
    Encrypted:false
    SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
    MD5:4C313FE514B5F4E7E89329630909F8DC
    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
    Malicious:false
    Reputation:moderate, very likely benign file
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b91f9ec6-56df-4663-9fc3-dca6243b5ee1.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):403
    Entropy (8bit):4.953858338552356
    Encrypted:false
    SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
    MD5:4C313FE514B5F4E7E89329630909F8DC
    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
    Malicious:false
    Reputation:moderate, very likely benign file
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):4099
    Entropy (8bit):5.234825212758961
    Encrypted:false
    SSDEEP:96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xeWCuGc:OLT0bTIeYa51Ogu/0OZARBT8kN88WCu9
    MD5:F5C351A415D5B42FE20CE5EA174CB982
    SHA1:4208C42BF4C91D77B940E471E4CD80EEE8975286
    SHA-256:175F95276F2816FF9CEE9E00F8BD2790D0561F315FECE02DC558C41FE29FC4D7
    SHA-512:4EFFC9F70654BFC49EB91241CB82E55BCF03B3A34A16A3A827A9C1D35936E104090632181F71B89639F3B438D54F0355DD7133741F3883886D8ABBDA16E57592
    Malicious:false
    Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):322
    Entropy (8bit):5.162643861398066
    Encrypted:false
    SSDEEP:6:wv12lyq2PRN2nKuAl9OmbzNMxIFUt8hvU1Zmw+hvIa9RkwORN2nKuAl9OmbzNMFd:wv16yvaHAa8jFUt8hvK/+hvIa9R5JHAo
    MD5:628204CA63B6B6AFEF392BFEFFEB6A72
    SHA1:1DD5B0768D9916312D1C1CFAB755B6537AB7E664
    SHA-256:0C79EF9B2C11E2F42A588C6313D1A4358B2B4F88B092D3D0051A30FE0855AEF7
    SHA-512:B0DA7F3DDB41B9E0006C281575F34883665FA5057DFF5FD36738680D0F92B45E6FCE42DFE30BB700112218F349169434F43D1B101A749EC8520F33B0F3B705ED
    Malicious:false
    Preview:2024/04/24-00:56:43.453 1930 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/24-00:56:43.455 1930 Recovering log #3.2024/04/24-00:56:43.456 1930 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):322
    Entropy (8bit):5.162643861398066
    Encrypted:false
    SSDEEP:6:wv12lyq2PRN2nKuAl9OmbzNMxIFUt8hvU1Zmw+hvIa9RkwORN2nKuAl9OmbzNMFd:wv16yvaHAa8jFUt8hvK/+hvIa9R5JHAo
    MD5:628204CA63B6B6AFEF392BFEFFEB6A72
    SHA1:1DD5B0768D9916312D1C1CFAB755B6537AB7E664
    SHA-256:0C79EF9B2C11E2F42A588C6313D1A4358B2B4F88B092D3D0051A30FE0855AEF7
    SHA-512:B0DA7F3DDB41B9E0006C281575F34883665FA5057DFF5FD36738680D0F92B45E6FCE42DFE30BB700112218F349169434F43D1B101A749EC8520F33B0F3B705ED
    Malicious:false
    Preview:2024/04/24-00:56:43.453 1930 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/24-00:56:43.455 1930 Recovering log #3.2024/04/24-00:56:43.456 1930 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240423225647Z-155.bmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
    Category:dropped
    Size (bytes):65110
    Entropy (8bit):2.7445622217496233
    Encrypted:false
    SSDEEP:384:jxDp+AOY+TDtPNg+KhPJFZHGqqJ2oWilUEvsbWLDQJenRMH2p7xZrgzn52:lVmDVtKnFZH6J2ovUEvsbWdMH2p7ne2
    MD5:F7DB2DE5B924E6C61557BD673A23857D
    SHA1:ACB96CBA9A02ED1211EB133F9422F24423774683
    SHA-256:0DC7CD6C34AEEE03AA0890D7EF51BA6284C4EB885CD8E7543CB3A2FA9C00C735
    SHA-512:AEF37869AFA43CC4D829B4A7C61E16BC4002F9232F247E20EF69F970ED908CC7928A25B13343293621E6A2FE920A4BE71CD93CBC1DDF48384B5E81F547B0ECA0
    Malicious:false
    Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
    Category:dropped
    Size (bytes):57344
    Entropy (8bit):3.291927920232006
    Encrypted:false
    SSDEEP:192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP
    MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
    SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
    SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
    SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
    Malicious:false
    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):16928
    Entropy (8bit):1.2145197682647093
    Encrypted:false
    SSDEEP:24:7+t4fqLi+zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzm+Zv:7MAqLmFTIF3XmHjBoGGR+jMz+Lhi
    MD5:9FBCB83555BF4CED8AA1822FB9E8312B
    SHA1:ACB346C85DC1A2BD9381AD45913068E7EEDCFFF5
    SHA-256:727BAE83A788365EBFEC46568011378445CD0E3BE8B5746165089C7FBB37CC12
    SHA-512:D66A3647E317A99E35D5A32EDD0A44C59FCDBD9F7F16E8E919A26A96A75E8AEECCAB555BD24955AD271496E7EDC12FB850C91BAAA7CDBC09F67D447ACF23AA52
    Malicious:false
    Preview:.... .c.....d...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7144

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PostScript document text
    Category:dropped
    Size (bytes):185099
    Entropy (8bit):5.182478651346149
    Encrypted:false
    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
    MD5:94185C5850C26B3C6FC24ABC385CDA58
    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
    Malicious:false
    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PostScript document text
    Category:dropped
    Size (bytes):185099
    Entropy (8bit):5.182478651346149
    Encrypted:false
    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
    MD5:94185C5850C26B3C6FC24ABC385CDA58
    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
    Malicious:false
    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):295
    Entropy (8bit):5.357739196553209
    Encrypted:false
    SSDEEP:6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJM3g98kUwPeUkwRe9:YvXKX35pWRuUhUZBOGMbLUkee9
    MD5:C24176FCE051EFECD033F51EB8137A62
    SHA1:0BFF6A95076A6914D7C2E3E9C8E38DA615AEB0B7
    SHA-256:F898B26F4139B2C1F812EA52E559848785E3C6E5722CBAFEAB0A347B5632A2DB
    SHA-512:729B59A279C761CCFBD435FE56448F8DE3DF26ABE2CD7A507DA35270783BD40506922C462847B22C4A376E9BC40BB6272DC1D939B63894522DD0AF1CDFD2AD28
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"00d09e69-bdd7-4514-aa96-cbe139eabfa2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714088448674,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.304848266462903
    Encrypted:false
    SSDEEP:6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJfBoTfXpnrPeUkwRe9:YvXKX35pWRuUhUZBOGWTfXcUkee9
    MD5:E2851CA9C0ED646F1184E2E9F034DF1A
    SHA1:92D58477C5A6FCA2A77A0426C09DCEBCDECF53E6
    SHA-256:19D87EB7B803B030A348E9B888BF6BB92137E228187DDDD696CB14A2EFA5E2B1
    SHA-512:C5550110BE39F8D07294E8408D2C5205ED5573B30275741E3E949A2A0D088B79B4D921757E5909043034E904A37F2E60A487C603BDEDF0FD6174537630953357
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"00d09e69-bdd7-4514-aa96-cbe139eabfa2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714088448674,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.284116060377572
    Encrypted:false
    SSDEEP:6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJfBD2G6UpnrPeUkwRe9:YvXKX35pWRuUhUZBOGR22cUkee9
    MD5:CF359AF4A639423D3840698EB4247673
    SHA1:8736157D5E1FCFDF765883E3882779F01061A1AD
    SHA-256:586A73C566A631FCCB87BB08615364EBB48C1F4839E1263FAFE036BA9056A62D
    SHA-512:9AB83C940B52C8EF61E2846A2A52702A159B51E72D3FC5BEE9A934F15FBB1590E88C8A3ABCCA1B796F0F1C2B0B167CA0E775A3F0BDD7671593EF4F36A9F7019E
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"00d09e69-bdd7-4514-aa96-cbe139eabfa2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714088448674,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):285
    Entropy (8bit):5.345922045302486
    Encrypted:false
    SSDEEP:6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJfPmwrPeUkwRe9:YvXKX35pWRuUhUZBOGH56Ukee9
    MD5:CAD8F8A55DE3CB617B2CDF677ACC420C
    SHA1:C8DC0493A3BED7177E79857183DB7A88C85BC6D3
    SHA-256:A2642B05AE441C6E5EEC310BEDAA412BED55FFA0C2FA05632ED6A2E5B2F14DA1
    SHA-512:19A43CF2DB2289D073F663A8D268BFD3FBA5B783777DC9B4B79D64B3F7C6BE04D9C619ED59B32FC7C5A68A582A2FFFC1CC13E44654120F4D4827555464EF0EF4
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"00d09e69-bdd7-4514-aa96-cbe139eabfa2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714088448674,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.302781846066372
    Encrypted:false
    SSDEEP:6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJfJWCtMdPeUkwRe9:YvXKX35pWRuUhUZBOGBS8Ukee9
    MD5:F323B50EC5134DAB1094391878DBA5BD
    SHA1:776F129F755AB67C894EDFEDE349ED38E5D8FA86
    SHA-256:925BB5293441456CB8BED6D7B6FA01180D588B12AFB461F8881546378CF14715
    SHA-512:1B21DB6AD40A4629F4E4D35811334676C597AD8B78185BEA0D5AADDD3E1EE7A1BD6EFF05A4446B55F4A50FB072BA7A3690C0E9AAECABCAE5B9D3EF6FF6DF8DE8
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"00d09e69-bdd7-4514-aa96-cbe139eabfa2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714088448674,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.2903708567374474
    Encrypted:false
    SSDEEP:6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJf8dPeUkwRe9:YvXKX35pWRuUhUZBOGU8Ukee9
    MD5:549D2C38E49D3EE0F1F95418EC480A8A
    SHA1:3BB61C2F65EE87C9A0C4F5BD25ACFC6713BF5190
    SHA-256:B7F00E1F4F489F67A0878F2B8B73562B1A5EABDD43D4A601F136A766BF915478
    SHA-512:5A14E433627507A41BD01EA95E94FFC2254307B6BD648D414D3F6932D3DD3F4AE974AC2DAD3395C676073D9AD36BA4E721D5D02282131353B53D4F3A94DAB179
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"00d09e69-bdd7-4514-aa96-cbe139eabfa2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714088448674,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.2934128378297185
    Encrypted:false
    SSDEEP:6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJfQ1rPeUkwRe9:YvXKX35pWRuUhUZBOGY16Ukee9
    MD5:13B639D920DE12138554D1EB5140B48C
    SHA1:83150E597607B76C0BB3F81AF079FA871881D629
    SHA-256:B29CABF6AACD2916AEA967FAAF2BE09E639C99DD29E6A4EF6DDDC5CFA379C086
    SHA-512:D6C3172B88523EF1B6606EAB16A853458DB65E5B596ED6C94F72F5D530DA8DD25E5564D5A22EDE9B3944C90D913B40151ACDD345A2F662759D8929DCA760D71E
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"00d09e69-bdd7-4514-aa96-cbe139eabfa2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714088448674,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.29833800363074
    Encrypted:false
    SSDEEP:6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJfFldPeUkwRe9:YvXKX35pWRuUhUZBOGz8Ukee9
    MD5:6756AD6C4A526CEA08F01FBB0E4D4CD9
    SHA1:FF1610FA6ABBD65E4055B29AB63BCA9CE706C9A8
    SHA-256:B4EF9E90DB34ED945DF6855EE3D3F4BDE904811FE04846D85AFEA75376B627A4
    SHA-512:4A7A7DB075439715FCD65480EE05B6CB4E3CC956E7770F56731B6265AB0D483D8A33959A5AD4142C315C2550463E76B2BB1C639C7D651577180BF188BDAD5250
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"00d09e69-bdd7-4514-aa96-cbe139eabfa2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714088448674,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1372
    Entropy (8bit):5.7354649773611595
    Encrypted:false
    SSDEEP:24:Yv6X3yU6KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNGY:YvOyU6EgigrNt0wSJn+ns8cvFJx
    MD5:37469AFDA8F3AF24B8847C145A8E15C6
    SHA1:E8DB7F3DAD435EC22CE493CB97E0EC59B6831875
    SHA-256:988FC45BD04E35A99B36DA9983A131FBC8C6AA46CE5DE73B3A7FD1F0F2DF1EF9
    SHA-512:FB1AA0D695B26485F18920BF2BBBD97B319F3F3EC07F6B7FBE4BAE2C940AB4ADCC83FDA9BE735DB0680FC445CC8F59CF26700473F40D653DF433E3C1F49B11B0
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"00d09e69-bdd7-4514-aa96-cbe139eabfa2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714088448674,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.295884022299882
    Encrypted:false
    SSDEEP:6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJfYdPeUkwRe9:YvXKX35pWRuUhUZBOGg8Ukee9
    MD5:A97DDA85D76567BECFE81362D21EBBC1
    SHA1:0CFEBCFE8DFC830BF2663355FDDA0BF6BC8683AE
    SHA-256:F02D91990B7B6ADFC8343DB1EE5FDC9A41FCD62A9B7FF06D088DB2495027B7C3
    SHA-512:14DCB2C2722CA54084169D8668090A4A53DA9F9EE49A79659F944C287B0B29A7AD622AB911C0CE607D46C1A09F5B37619855406BC64870A0521CA8A2010D2534
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"00d09e69-bdd7-4514-aa96-cbe139eabfa2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714088448674,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1395
    Entropy (8bit):5.7708396500814425
    Encrypted:false
    SSDEEP:24:Yv6X3yUprLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNOY:YvOyUpHgDv3W2aYQfgB5OUupHrQ9FJt
    MD5:19BBE0EC057237182C51E9D0C29B021B
    SHA1:D93576C387692551A4700BD9C60C40B542FFB6C9
    SHA-256:C8708CA209A45E99E490238697728A0C418CBCD78704D6E7A8DC7BB0E2C6C194
    SHA-512:4E3047DF4632A21AE8A57B11BD9E1F801676F787ED09B047368669B94623CA9A4F1C4D6CCD68E6BFAC7988C0826DA10CEBC814F88CB817FD58B5116304C7D6DF
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"00d09e69-bdd7-4514-aa96-cbe139eabfa2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714088448674,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):291
    Entropy (8bit):5.2794594084802755
    Encrypted:false
    SSDEEP:6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJfbPtdPeUkwRe9:YvXKX35pWRuUhUZBOGDV8Ukee9
    MD5:EE086D98C8B1C12F69A13B5B671C5595
    SHA1:E262104558886EFF7811CEFAA9B62A2F60A84B20
    SHA-256:9B38D1358D9F0C599999CC518DE392D1E5F815CFF526DB33592D36D56D30862E
    SHA-512:4066C53A1A2D75450B364AB54E97C431727685075084DF353C2E20D2FE4899CFFBDFC8F531EC487F8D6462C292EF690CF75F36FE2F2D369FA18DD0F89D4E96E7
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"00d09e69-bdd7-4514-aa96-cbe139eabfa2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714088448674,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):287
    Entropy (8bit):5.283359034269239
    Encrypted:false
    SSDEEP:6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJf21rPeUkwRe9:YvXKX35pWRuUhUZBOG+16Ukee9
    MD5:5E335880D620A4065DA4FE934A22C2FA
    SHA1:59C45AAC3F65BC3B5C63CC5124ED7256D7D279C7
    SHA-256:BF45633D927E453C0A2F673E14C6AF1C26276FBF29F3E408BD35B7B3CB775B24
    SHA-512:E35F5C67161D00179B1176C04D1A8B0CE41237CF336BEE66AE6790F113D945E6BCFD0421DAEB9F06F5138F0FB388F0AAD4EE705EDD702C3CA5328B602B86DA9D
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"00d09e69-bdd7-4514-aa96-cbe139eabfa2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714088448674,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.302996628583154
    Encrypted:false
    SSDEEP:6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJfbpatdPeUkwRe9:YvXKX35pWRuUhUZBOGVat8Ukee9
    MD5:7CED16A4AFC792F49894A2992D2F1DA8
    SHA1:FE4238E83BA7722F8C317824F8FCB9BCE2C145AE
    SHA-256:69210FF5E00560E29084A9382A14FAF9D12C121FCB89A5F1B48EFCA68CA2E1C4
    SHA-512:706BB83617CC195AE875B0DEDC55B545C0A8E3C41F6D3D6038BB48B75011375128DAC01F94BB1F3C4A8160A249E7FD3F46123363F77584942A92FF463D2D82E7
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"00d09e69-bdd7-4514-aa96-cbe139eabfa2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714088448674,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):286
    Entropy (8bit):5.257841891229914
    Encrypted:false
    SSDEEP:6:YEQXJ2HXHX5RUQ5IRR4UhUR0Y953xoAvJfshHHrPeUkwRe9:YvXKX35pWRuUhUZBOGUUUkee9
    MD5:77A5CC476CA3304E34B576628C771AB2
    SHA1:33C13F9D9B941B9AFAE39F825F9BB88B9452E226
    SHA-256:26DFD3174D3FD57A1CDA67C0F0F4EC4821D89A55C7F07831F6071C7A6ED72D94
    SHA-512:201B03367378157A6D8B2871366354891F1E52F25AB031B980418E23F713AB571AAD528B08B9ABEBE3CD57B4975B9CAB3B7DE9D4C9B3E9C0F972884C94C56937
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"00d09e69-bdd7-4514-aa96-cbe139eabfa2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714088448674,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):782
    Entropy (8bit):5.363138767979308
    Encrypted:false
    SSDEEP:12:YvXKX35pWRuUhUZBOGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWSY:Yv6X3yUI168CgEXX5kcIfANhRY
    MD5:2379B81B2CC9F584F5FE8A98074F0DE1
    SHA1:936C1616490DDC41C3DCF10D8AB03869919F3716
    SHA-256:AB6E42698E74F16A5AAF1A26AEA200EFA36B98C2B58AD49B80F37E019BD6E667
    SHA-512:4F91AF5DE1129AAEF5D0BD04906C9B1E762508EC8C9C647325C0CD3A445EADB23F9587EC609AFAEFAC2A82D78D642254231DBD0E90EE738CBF74FB4786E4F9C9
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"00d09e69-bdd7-4514-aa96-cbe139eabfa2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714088448674,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1713913008704}}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):4
    Entropy (8bit):0.8112781244591328
    Encrypted:false
    SSDEEP:3:e:e
    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
    Malicious:false
    Preview:....

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):2814
    Entropy (8bit):5.117707457833029
    Encrypted:false
    SSDEEP:48:YsUgTWi4v7c0eNzeVAmnZ21Ks7cICflPI9/Qzt:N109eNzuAmnZ5s7Yf8/Qzt
    MD5:58DEEC6949BA96AC0A212138CFC53B0C
    SHA1:EAEB821A6556158C3A24611DBDC7153200363C55
    SHA-256:4FCE58CE2DB3905DEEE9E8FA1B7EAA01809772B60B6A8A70017F987D0EB180D3
    SHA-512:9614C83973D39C33FD3DC717426D4B44FABC5EEE1E11ED39E02E3CAC2DC11E26FDD457EC569E1D47C0555BE47ECB4BBFE9D7B493E47FF6D9D3D3079FE3F484CF
    Malicious:false
    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"50340b30f9f474fdfbbe6db91c874b34","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713913008000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"ea2f8de28c4de3d95e24a2c6db84bd10","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713913008000},{"id":"Edit_InApp_Aug2020","info":{"dg":"12a2ea0ea2e661405c288824d1f2d77e","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713913008000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"b438d5b289d0c64197cc6439b9e6c87c","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713913008000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"29425b03a5e34fd02ee2b6c0c6431d68","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713913008000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"08771b39fb11f0f0d757a76ca4f5dfb6","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713913008000},

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
    Category:dropped
    Size (bytes):12288
    Entropy (8bit):0.9887334220377878
    Encrypted:false
    SSDEEP:24:TLHRx/XYKQvGJF7urs67Y9QmQ6QeDCVIcLESiAieLCVF:TVl2GL7ms67YXtrRcI8+
    MD5:E3F09DD66EA33C5CA84B9CD184091674
    SHA1:2785120E44F3899D9E257C973A8E12D10BCD241B
    SHA-256:B66FD7E54F080D485C0E7B292D7B20A309C3DB09FE5D85371018E7A5C5847340
    SHA-512:9475468111A6B7DE1BACFD533153C7A5F033DC05A7704CB1859F5FAF9F136FEE3A55B0C873CBC7F7198693574D237B38B9D47842AFF5C7EEE93E5BCC2EBDD23F
    Malicious:false
    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):8720
    Entropy (8bit):1.3454479943984397
    Encrypted:false
    SSDEEP:24:7+tiASY9QmQ6QeDCV7cLESiAi0mY9QVqLBx/XYKQvGJF7ursT:7MilYXtrWcI8KYAqll2GL7msT
    MD5:13961A49C0E371E86BB0FD1583C5E0E1
    SHA1:05271C58743555750BC1A5D49AE8118027EAA774
    SHA-256:B3CFC055FFBA400B88F6A3257369AD3BC2840B1C8583E54A5589C5302856B6A4
    SHA-512:7E821DE3A43D75B09640C1E130E7DB3547E61218DB5E16C293F7AC085CECF2F8730F27495A48466E9741B03A6E903F25736EFE0E7DDDDC8CAC4A6F042AF47BB5
    Malicious:false
    Preview:.... .c......x`.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\MSIea7cf.LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):246
    Entropy (8bit):3.5162684137903053
    Encrypted:false
    SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c+AYH:Qw946cPbiOxDlbYnuRKHLYH
    MD5:6E0E83E24C3924B2E1184CE8B452A40B
    SHA1:D780FF4CB6677ED80F604B51AE7643084AB444CF
    SHA-256:38B92077D8A79C3F6D548B729D31CF64CD7CD77B66B8F7D5453A5DA9B640B149
    SHA-512:623701D877705F6BEFE545CCD540DED0BCEB9117DD0040D0DC8A7AABFE23E37C1A276A3AABA85610656F7DC8CD074525CED2484E4D8A182FA4069D6836665F1C
    Malicious:false
    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.0.4./.2.0.2.4. . .0.0.:.5.6.:.5.0. .=.=.=.....

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 00-56-45-035.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393)
    Category:dropped
    Size (bytes):16525
    Entropy (8bit):5.353642815103214
    Encrypted:false
    SSDEEP:384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL
    MD5:91F06491552FC977E9E8AF47786EE7C1
    SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
    SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
    SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
    Malicious:false
    Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393), with CRLF line terminators
    Category:dropped
    Size (bytes):15114
    Entropy (8bit):5.376147314079481
    Encrypted:false
    SSDEEP:384:czXWSW3CTAgY4ibjti1Gtot9EUzYeb9v9b9qF+yLB8oCGY1gmBMBsLv3+5+Pmmkk:OsyvllL
    MD5:0EB39E68699462588C007889659626EE
    SHA1:FDAD1F551C275112B6553DCF212022A9465EF9C7
    SHA-256:B08441BA196F62FFEB2957175CE869DCBED62CB1D5B6EBC9FC957D7F47102F5A
    SHA-512:B62B32EFAB580D87AACB893B7A9D31E8B5042101231CE29F6978610DBE6A3CFC8FF01753FC1047FCC0F4E40CEAFB070EE02C9D3FF89A656197376DCC5ABCC656
    Malicious:false
    Preview:SessionID=5c62d6d6-83ed-4453-b36a-f306d698b87d.1713913005047 Timestamp=2024-04-24T00:56:45:047+0200 ThreadID=6872 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=5c62d6d6-83ed-4453-b36a-f306d698b87d.1713913005047 Timestamp=2024-04-24T00:56:45:048+0200 ThreadID=6872 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=5c62d6d6-83ed-4453-b36a-f306d698b87d.1713913005047 Timestamp=2024-04-24T00:56:45:048+0200 ThreadID=6872 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=5c62d6d6-83ed-4453-b36a-f306d698b87d.1713913005047 Timestamp=2024-04-24T00:56:45:048+0200 ThreadID=6872 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=5c62d6d6-83ed-4453-b36a-f306d698b87d.1713913005047 Timestamp=2024-04-24T00:56:45:049+0200 ThreadID=6872 Component=ngl-lib_NglAppLib Description="SetConf

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):29752
    Entropy (8bit):5.422300279219927
    Encrypted:false
    SSDEEP:192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcb8cboId3cb1:fhWlA/TVedI
    MD5:D1E9208655B3411E23C61C4454370CE1
    SHA1:CF5AA6731D4BD44976620467F4DAD269768EC42D
    SHA-256:AAB3812F8AE4B39E806275900CAB9A34B24878B028E5E2965AD4218E620F5D95
    SHA-512:BB7975C6A654CF0295F3D705AAEE0A3EFB7EAFA11FA38712B5317C14C845E679170D8928CA5F37EDCB5AFE872430AB25FC09AF39F64012CD7DACB0B6A72DDDC0
    Malicious:false
    Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

    C:\Users\user\AppData\Local\Temp\acrocef_low\0c54cdd3-fb5b-4986-b2c9-9ac5498f3fbe.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
    Category:dropped
    Size (bytes):1407294
    Entropy (8bit):7.97605879016224
    Encrypted:false
    SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
    MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
    SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
    SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
    SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
    Malicious:false
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    C:\Users\user\AppData\Local\Temp\acrocef_low\1397cff2-93fb-4f19-ad3c-7cc8ac8755d2.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
    Category:dropped
    Size (bytes):386528
    Entropy (8bit):7.9736851559892425
    Encrypted:false
    SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
    MD5:5C48B0AD2FEF800949466AE872E1F1E2
    SHA1:337D617AE142815EDDACB48484628C1F16692A2F
    SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
    SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
    Malicious:false
    Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

    C:\Users\user\AppData\Local\Temp\acrocef_low\29f5c4bc-ea62-4843-9d0d-19f138f156ea.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
    Category:dropped
    Size (bytes):758601
    Entropy (8bit):7.98639316555857
    Encrypted:false
    SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
    MD5:3A49135134665364308390AC398006F1
    SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
    SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
    SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
    Malicious:false
    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

    C:\Users\user\AppData\Local\Temp\acrocef_low\b19e4101-9066-4a74-bf7b-2d6436a70f57.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
    Category:dropped
    Size (bytes):1419751
    Entropy (8bit):7.976496077007677
    Encrypted:false
    SSDEEP:24576:/M7oMOWLaGZ4ZwYIGNP8dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RVWLaGZ4ZwZGm3mlind9i4ufFXpAXkru
    MD5:E787F9888A1628BE8234F19E8EE26D68
    SHA1:44D5180C06ADBBDAADDBCE350CE4DEC997CD83E5
    SHA-256:3A09F3799148DA49F039A35AEDD22F368FB35B8D6022C4691C10606F704DAF80
    SHA-512:EE9B602898706CC0F33AA570E29A79A58ED748E1B738D74DF0C8C8DF193E23421B47AC8C862623ED774289D94FA90662A4CC436B80479D6420433D81752E9CA9
    Malicious:false
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    Static File Info

    General

    File type:PDF document, version 1.4, 1 pages
    Entropy (8bit):7.9424862188223155
    TrID:
    • Adobe Portable Document Format (5005/1) 100.00%
    File name:Beneficiary Contract Sheet.pdf
    File size:384'946 bytes
    MD5:014fbc355a22792ee23e460e82dd52ff
    SHA1:c9b9512496624203adfbc90a4fe46964b5165c56
    SHA256:051591c74050eb80d7ddb316e591bd5fb2edb9a848dae95c5cd1f7a579e4940b
    SHA512:09c59ccb8a1292367b54ed704ccdc02640fda9bd858ff9a4bf6fba8da325815a59eae168d6f6eb82b53f38172f8bd2fea957b1058d46acb77a73ab59bf4afdda
    SSDEEP:6144:6BJFGicaGnX0ub/z2wqpFGuMv3EU2P8gtL0rCw6uLmlOTMME/l51AqUBA0aRN6A4:6PxV3CunP8g+GAYDl5b0A7RNxpa
    TLSH:62848BD8AA454AA60FBF6BF10E879443C1116461BFE3F9AC1D06BCA4F545F5CCBA2306
    File Content Preview:%PDF-1.4..%......1 0 obj..<<../Type /Page../MediaBox [ 0 0 595 842 ]../Resources << /XObject << /X0 3 0 R >> >>../Contents 4 0 R../Parent 2 0 R../Rotate 360..>>..endobj..3 0 obj..<<../Type /XObject../Subtype /Image../Width 1597../Height 2075../BitsPerComp

    File Icon

    Icon Hash:62cc8caeb29e8ae0

    Static PDF Info

    General

    Header:%PDF-1.4
    Total Entropy:7.942486
    Total Bytes:384946
    Stream Entropy:7.942078
    Stream Bytes:384124
    Entropy outside Streams:5.109360
    Bytes outside Streams:822
    Number of EOF found:1
    Bytes after EOF:

    Keywords Statistics

    NameCount
    obj5
    endobj5
    stream2
    endstream2
    xref1
    trailer1
    startxref1
    /Page1
    /Encrypt0
    /ObjStm0
    /URI0
    /JS0
    /JavaScript0
    /AA0
    /OpenAction0
    /AcroForm0
    /JBIG2Decode0
    /RichMedia0
    /Launch0
    /EmbeddedFile0

    Image Streams

    IDDHASHMD5Preview
    37979234f4b0f737177db544586f3c680758fbfa2168937f7

    Network Behavior

    Network Port Distribution

    TCP Packets

    TimestampSource PortDest PortSource IPDest IP
    Apr 24, 2024 00:56:55.516097069 CEST49705443192.168.2.1623.15.136.202
    Apr 24, 2024 00:56:55.516185999 CEST4434970523.15.136.202192.168.2.16
    Apr 24, 2024 00:56:55.516297102 CEST49705443192.168.2.1623.15.136.202
    Apr 24, 2024 00:56:55.516490936 CEST49705443192.168.2.1623.15.136.202
    Apr 24, 2024 00:56:55.516510010 CEST4434970523.15.136.202192.168.2.16
    Apr 24, 2024 00:56:56.002300024 CEST4434970523.15.136.202192.168.2.16
    Apr 24, 2024 00:56:56.002681017 CEST49705443192.168.2.1623.15.136.202
    Apr 24, 2024 00:56:56.002720118 CEST4434970523.15.136.202192.168.2.16
    Apr 24, 2024 00:56:56.003624916 CEST4434970523.15.136.202192.168.2.16
    Apr 24, 2024 00:56:56.003707886 CEST49705443192.168.2.1623.15.136.202
    Apr 24, 2024 00:56:56.032228947 CEST49705443192.168.2.1623.15.136.202
    Apr 24, 2024 00:56:56.032304049 CEST49705443192.168.2.1623.15.136.202
    Apr 24, 2024 00:56:56.032386065 CEST4434970523.15.136.202192.168.2.16
    Apr 24, 2024 00:56:56.074428082 CEST49705443192.168.2.1623.15.136.202
    Apr 24, 2024 00:56:56.074467897 CEST4434970523.15.136.202192.168.2.16
    Apr 24, 2024 00:56:56.123357058 CEST49705443192.168.2.1623.15.136.202
    Apr 24, 2024 00:56:56.193250895 CEST4434970523.15.136.202192.168.2.16
    Apr 24, 2024 00:56:56.193331957 CEST4434970523.15.136.202192.168.2.16
    Apr 24, 2024 00:56:56.193448067 CEST49705443192.168.2.1623.15.136.202
    Apr 24, 2024 00:56:56.195039988 CEST49705443192.168.2.1623.15.136.202
    Apr 24, 2024 00:56:56.195063114 CEST4434970523.15.136.202192.168.2.16

    HTTP Request Dependency Graph

    • armmf.adobe.com

    HTTPS Proxied Packets

    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    0192.168.2.164970523.15.136.2024436300C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    TimestampBytes transferredDirectionData
    2024-04-23 22:56:56 UTC390OUTGET /onboarding/smskillreader.txt HTTP/1.1
    Host: armmf.adobe.com
    Connection: keep-alive
    Accept-Language: en-US,en;q=0.9
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: no-cors
    Sec-Fetch-Dest: empty
    Accept-Encoding: gzip, deflate, br
    2024-04-23 22:56:56 UTC247INHTTP/1.1 200 OK
    Server: Apache
    Last-Modified: Mon, 01 May 2023 15:02:33 GMT
    ETag: "78-5faa31cce96da"
    Accept-Ranges: bytes
    Content-Length: 120
    Content-Type: text/plain; charset=UTF-8
    Date: Tue, 23 Apr 2024 22:56:56 GMT
    Connection: close
    2024-04-23 22:56:56 UTC120INData Raw: 46 69 6c 65 20 74 68 61 74 20 61 63 74 73 20 6c 69 6b 65 20 61 20 4b 69 6c 6c 20 73 77 69 74 63 68 20 66 6f 72 20 53 4d 53 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 69 6e 20 52 65 61 64 65 72 2e 20 44 65 6c 65 74 65 20 74 68 69 73 20 66 69 6c 65 20 74 6f 20 65 6e 61 62 6c 65 20 74 68 65 20 6b 69 6c 6c 20 73 77 69 74 63 68 20 69 6e 20 52 65 61 64 65 72 2e
    Data Ascii: File that acts like a Kill switch for SMS functionality in Reader. Delete this file to enable the kill switch in Reader.


    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    High Level Behavior Distribution

    Click to dive into process behavior distribution

    Behavior

    Click to jump to process

    System Behavior

    General

    Target ID:0
    Start time:00:56:41
    Start date:24/04/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Beneficiary Contract Sheet.pdf"
    Imagebase:0x7ff730a70000
    File size:5'641'176 bytes
    MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:moderate
    Has exited:false

    General

    Target ID:2
    Start time:00:56:42
    Start date:24/04/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
    Imagebase:0x7ff744e90000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:moderate
    Has exited:false

    General

    Target ID:3
    Start time:00:56:43
    Start date:24/04/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1608,i,8949762994089980583,15343716455467206411,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    Imagebase:0x7ff744e90000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:moderate
    Has exited:false

    Disassembly

    No disassembly