Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
68000000326_DP216G BRIDGE TEAM.pdf

Overview

General Information

Sample name:68000000326_DP216G BRIDGE TEAM.pdf
Analysis ID:1430758
MD5:dcee8d79d72f4387ba6fd706085b99db
SHA1:80e46020b630424d75ccd13f4c6a0bb329c1c91b
SHA256:e0aeee30c87c458ba4d1c267f96c7b5911f8f2a3ccb61a113c45ee3a136ac057
Tags:jar
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 5784 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\68000000326_DP216G BRIDGE TEAM.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 3204 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 3940 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1736,i,13084496968196404414,16290530547830846755,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.6:49721 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.6:49721 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.6:49721 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.6:49721 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.6:49721 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.6:49721 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.6:49721 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.6:49721 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.6:49721 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.6:49721 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.6:49721 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.6:49721 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.6:49721
Source: global trafficTCP traffic: 192.168.2.6:49721 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.6:49721 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.6:49721
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.6:49721
Source: global trafficTCP traffic: 192.168.2.6:49721 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.6:49721
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.6:49721
Source: global trafficTCP traffic: 192.168.2.6:49721 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.6:49721 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.6:49721
Source: global trafficTCP traffic: 192.168.2.6:49721 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.6:49721
Source: global trafficTCP traffic: 192.168.2.6:49721 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.6:49721
Source: global trafficTCP traffic: 192.168.2.6:49721 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.6:49721
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.6:49721
Source: global trafficTCP traffic: 192.168.2.6:49721 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.6:49721 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.6:49721
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: classification engineClassification label: clean1.winPDF@14/43@0/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3544Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 06-54-11-494.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\68000000326_DP216G BRIDGE TEAM.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1736,i,13084496968196404414,16290530547830846755,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1736,i,13084496968196404414,16290530547830846755,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 68000000326_DP216G BRIDGE TEAM.pdfInitial sample: PDF keyword /JS count = 0
Source: 68000000326_DP216G BRIDGE TEAM.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: 68000000326_DP216G BRIDGE TEAM.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive12
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1430758 Sample: 68000000326_DP216G BRIDGE T... Startdate: 24/04/2024 Architecture: WINDOWS Score: 1 6 Acrobat.exe 20 71 2->6         started        process3 8 AcroCEF.exe 104 6->8         started        process4 10 AcroCEF.exe 2 8->10         started        dnsIp5 13 23.200.60.110, 443, 49721 AKAMAI-ASUS United States 10->13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
23.200.60.110
unknownUnited States
16625AKAMAI-ASUSfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1430758
Start date and time:2024-04-24 06:53:18 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 3s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:11
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:68000000326_DP216G BRIDGE TEAM.pdf
Detection:CLEAN
Classification:clean1.winPDF@14/43@0/1
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 23.202.56.131, 54.227.187.23, 52.202.204.11, 23.22.254.206, 52.5.13.197, 172.64.41.3, 162.159.61.3, 23.220.73.15, 23.220.73.10
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, client.wns.windows.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
23.200.60.110Undeliverable IMPORTANT TAX RETURN DOCUMENT AVAILABLE LCAPOZZO #Ud83d#Udcd1 - 2 16 2024.emlGet hashmaliciousHTMLPhisherBrowse
    ChromeSetup.exe.lnkGet hashmaliciousUnknownBrowse
      phish_alert_iocp_v1.4.48 (2).emlGet hashmaliciousHTMLPhisherBrowse

        Domains

        No context

        ASNs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        AKAMAI-ASUSUXNob1Dp32.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
        • 23.59.200.146
        mJVVW85CnW.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
        • 104.106.57.101
        https://netorg442802-my.sharepoint.com/:b:/g/personal/darek_daronto_com/EeXtnEaZ3XJBqGk13it6odUB-K9vuYAC7zp7SfyciZ3BpQ?e=nkKu2wGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
        • 23.43.51.75
        EXTERNAL Bonnie St Dryden is inviting you to collaborate on One_docx(Apr 23) DOC3848493.msgGet hashmaliciousHTMLPhisherBrowse
        • 23.223.31.231
        https://lithiuimvalley.com/ssdGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
        • 96.17.33.186
        file.exeGet hashmaliciousVidarBrowse
        • 23.47.27.74
        https://sunhos-my.sharepoint.com/:b:/g/personal/mcaffrey_suncrestcare_com/EVEm8VhV9TBDp7AQUrliImYB4Kt7rXcd_m6-8qNUjxBhTA?e=P3XNTL&xsdata=MDV8MDJ8cHJpY2hhcmRzb25AY2FsdG9uLmNvbXxkM2U5ZTc1MTlkNDA0NmI2OWMzODA4ZGM2M2JhOTA4Y3w3YjU1NzU2YTg5NTg0ZWNlODFkYzVkYTZhYmRiNmE5N3wwfDB8NjM4NDk0OTAwMTUyMzMwMjUxfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=TldIbEg2OTJiSkRUS29RRElmU3dYbTBRQUlqUTBBMXZPcGlIaTlzNnlOQT0%3dGet hashmaliciousHTMLPhisherBrowse
        • 23.50.113.17
        file.exeGet hashmaliciousVidarBrowse
        • 23.65.246.108
        Remittance. #U0440df.htmlGet hashmaliciousHTMLPhisherBrowse
        • 23.193.106.150
        https://netorgft12232017-my.sharepoint.com:443/:f:/g/personal/lisa_imjts_com/EsnpAMoHQfhBluK8Y5tDE68BaHrT-12huxTJR_ZqVWR4tA?e=5%3aZZh3dZ&at=9Get hashmaliciousUnknownBrowse
        • 23.210.240.138

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):298
        Entropy (8bit):5.221700093056531
        Encrypted:false
        SSDEEP:6:2Xayq2PN72nKuAl9OmbnIFUt8nX911Zmw+nX9jRkwON72nKuAl9OmbjLJ:iayvVaHAahFUt8X9X/+X9jR5OaHAaSJ
        MD5:A608514B01496265C865776F65F3D7F6
        SHA1:9622D7B46EA4CC0D72238E27E0789B5912611CAA
        SHA-256:69147CE5773661203112CE4A7F7DE7DE9536620A3BFEA46C949534E54A46185A
        SHA-512:120F70C0D2468BFB635290414952E2D7267D4D5D2E3E24650D69CD1F1B34ECD22D228B00D8415E3D5750C076AC5F7BEB5989868277BA62A3231BF62D44F04B81
        Malicious:false
        Reputation:low
        Preview:2024/04/24-06:54:09.488 1734 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/24-06:54:09.489 1734 Recovering log #3.2024/04/24-06:54:09.489 1734 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):298
        Entropy (8bit):5.221700093056531
        Encrypted:false
        SSDEEP:6:2Xayq2PN72nKuAl9OmbnIFUt8nX911Zmw+nX9jRkwON72nKuAl9OmbjLJ:iayvVaHAahFUt8X9X/+X9jR5OaHAaSJ
        MD5:A608514B01496265C865776F65F3D7F6
        SHA1:9622D7B46EA4CC0D72238E27E0789B5912611CAA
        SHA-256:69147CE5773661203112CE4A7F7DE7DE9536620A3BFEA46C949534E54A46185A
        SHA-512:120F70C0D2468BFB635290414952E2D7267D4D5D2E3E24650D69CD1F1B34ECD22D228B00D8415E3D5750C076AC5F7BEB5989868277BA62A3231BF62D44F04B81
        Malicious:false
        Reputation:low
        Preview:2024/04/24-06:54:09.488 1734 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/24-06:54:09.489 1734 Recovering log #3.2024/04/24-06:54:09.489 1734 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):339
        Entropy (8bit):5.130514365411693
        Encrypted:false
        SSDEEP:6:2XkRSVq2PN72nKuAl9Ombzo2jMGIFUt8nXk1gZmw+nXkVj3AIkwON72nKuAl9OmT:ikRSVvVaHAa8uFUt8Xk1g/+XkVLAI5Ox
        MD5:71EA2FA08676795E5760084558168B83
        SHA1:D64C2AA138EFDEF1307A9D55ED3B4992EB9F0ED4
        SHA-256:3C4D7BE546AD0CD9EB057128BF523611523B5F81312FA83F884840B1CD7B1A06
        SHA-512:011872C0BAC58EB96442245F6C68D10D5DD2AA7EA22A2C327C1EF6EECB813DB811E85E00FD4DE41E5F32088056E909B90DA519C66C8929BF8B7F39B7AC722CCD
        Malicious:false
        Reputation:low
        Preview:2024/04/24-06:54:09.507 4c4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/24-06:54:09.508 4c4 Recovering log #3.2024/04/24-06:54:09.509 4c4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):339
        Entropy (8bit):5.130514365411693
        Encrypted:false
        SSDEEP:6:2XkRSVq2PN72nKuAl9Ombzo2jMGIFUt8nXk1gZmw+nXkVj3AIkwON72nKuAl9OmT:ikRSVvVaHAa8uFUt8Xk1g/+XkVLAI5Ox
        MD5:71EA2FA08676795E5760084558168B83
        SHA1:D64C2AA138EFDEF1307A9D55ED3B4992EB9F0ED4
        SHA-256:3C4D7BE546AD0CD9EB057128BF523611523B5F81312FA83F884840B1CD7B1A06
        SHA-512:011872C0BAC58EB96442245F6C68D10D5DD2AA7EA22A2C327C1EF6EECB813DB811E85E00FD4DE41E5F32088056E909B90DA519C66C8929BF8B7F39B7AC722CCD
        Malicious:false
        Reputation:low
        Preview:2024/04/24-06:54:09.507 4c4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/24-06:54:09.508 4c4 Recovering log #3.2024/04/24-06:54:09.509 4c4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\47c0f2ff-e4a5-4847-b15f-ebbf73dd0524.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:modified
        Size (bytes):475
        Entropy (8bit):4.963960758889477
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqZWhsBdOg2H8caq3QYiubcP7E4T3y:Y2sRdsGdMH/3QYhbA7nby
        MD5:356C8B3A53FE34081EBCA873785505A0
        SHA1:A2E39CF6E6F3AC3CE4680AADA5C54588A76DB66B
        SHA-256:30E84F3C7F16B56B1A7A684F0C26E0455D9BE0A0292EAC8E20436AF5AF56226B
        SHA-512:530C78B31E140300AA5070B3DDA59BDC25C6BA865F593384D9F2DD7C83E820C4C276F1345A457DD7D037B4A40563EB1D45A68A8841E15483CBE46CC7A448D25F
        Malicious:false
        Reputation:low
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358494461247254","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":160661},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):475
        Entropy (8bit):4.963960758889477
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqZWhsBdOg2H8caq3QYiubcP7E4T3y:Y2sRdsGdMH/3QYhbA7nby
        MD5:356C8B3A53FE34081EBCA873785505A0
        SHA1:A2E39CF6E6F3AC3CE4680AADA5C54588A76DB66B
        SHA-256:30E84F3C7F16B56B1A7A684F0C26E0455D9BE0A0292EAC8E20436AF5AF56226B
        SHA-512:530C78B31E140300AA5070B3DDA59BDC25C6BA865F593384D9F2DD7C83E820C4C276F1345A457DD7D037B4A40563EB1D45A68A8841E15483CBE46CC7A448D25F
        Malicious:false
        Reputation:low
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358494461247254","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":160661},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):5859
        Entropy (8bit):5.251219648439658
        Encrypted:false
        SSDEEP:96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7hEnSl:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzh5
        MD5:C604CBE15F72FA7801AA2418F1E20134
        SHA1:3E53752AB7734A20821BA4B78147E8D651BFD4FD
        SHA-256:FF2AD0C8F99884347C720D5F077767436AD41B4FB4BBF68B2B83D17CF45CB647
        SHA-512:4F219D2597B1FC051E07EF0D5343E10EF3CBF073BBA751D7AA403BFE4C82D5B95A1DC21F25CF4DF0DAEEB11486D2E35C3FFF797F5FAC5556205564B0FFB5F7CC
        Malicious:false
        Reputation:low
        Preview:*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):327
        Entropy (8bit):5.158247368371337
        Encrypted:false
        SSDEEP:6:2XNgLAVq2PN72nKuAl9OmbzNMxIFUt8nXo3SgZmw+nXoZcwIkwON72nKuAl9Ombg:itVvVaHAa8jFUt8Xoig/+XoZXI5OaHAo
        MD5:F77FE90C454292326FF839C4093EA5DE
        SHA1:21A91C1203ACD7D429F383C696434BCFE30D184D
        SHA-256:6653343170BA3AC1B97F82DA5E5797612F54AC199D4E2DB8733ACEA9345B7F4C
        SHA-512:6AA2826952F5DC7CC3139B2B32A49F82F73955EB26BBCEE85E7D6363DB0649922E2911CEBBDC43FF5D548A9E7D4F052DC7A23837FD7D7078A67D46564BE13FB4
        Malicious:false
        Reputation:low
        Preview:2024/04/24-06:54:09.886 4c4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/24-06:54:09.927 4c4 Recovering log #3.2024/04/24-06:54:09.953 4c4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):327
        Entropy (8bit):5.158247368371337
        Encrypted:false
        SSDEEP:6:2XNgLAVq2PN72nKuAl9OmbzNMxIFUt8nXo3SgZmw+nXoZcwIkwON72nKuAl9Ombg:itVvVaHAa8jFUt8Xoig/+XoZXI5OaHAo
        MD5:F77FE90C454292326FF839C4093EA5DE
        SHA1:21A91C1203ACD7D429F383C696434BCFE30D184D
        SHA-256:6653343170BA3AC1B97F82DA5E5797612F54AC199D4E2DB8733ACEA9345B7F4C
        SHA-512:6AA2826952F5DC7CC3139B2B32A49F82F73955EB26BBCEE85E7D6363DB0649922E2911CEBBDC43FF5D548A9E7D4F052DC7A23837FD7D7078A67D46564BE13FB4
        Malicious:false
        Reputation:low
        Preview:2024/04/24-06:54:09.886 4c4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/24-06:54:09.927 4c4 Recovering log #3.2024/04/24-06:54:09.953 4c4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424045413Z-151.bmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
        Category:dropped
        Size (bytes):65110
        Entropy (8bit):2.5251663785894505
        Encrypted:false
        SSDEEP:384:+IkSbcfwOolndFUH5hyyJl6fN/xp1cThNPtNwSzGAki/qKRLa2Nuxs:+M6D0s4yJl6kTHzSxsxNui
        MD5:20EA507F031DD4B42360419ABC0B9186
        SHA1:716C594287A7CED6309C6B0C263AE7048DA82789
        SHA-256:9D5644F32F7DF7376F7518123E44A231E4CC9A4F10C0C35DC18278C9FB4E2BC1
        SHA-512:CB0EAD126BE6AF5AAF6D7F938724A25937DEB0B95E60DD7D3AEC9AD95DF85E906621BDB21614F0D13289F7C0A271D2133F5A30EB833D5C66D80559CD36545CCE
        Malicious:false
        Reputation:low
        Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
        Category:dropped
        Size (bytes):86016
        Entropy (8bit):4.4450676682262005
        Encrypted:false
        SSDEEP:384:ye6ci5tJiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mqs3OazzU89UTTgUL
        MD5:3ED0A829DF8CB812E6E8FFE92FC4C845
        SHA1:A817FF02768666FEFFD1486CA1B74DBEAFCC77C0
        SHA-256:962B8EA056894F2AFC066EA3C55024B0B3BD72E90CB8F06CFD602436D6F3CC10
        SHA-512:FE2F2D70B6A1938448B8B782DC65FFF5165B5AC2519AAAAC789EA839658CCF3950479FE2AB7C544D323BA5365DAFA0E8443AAAB9F80A787AECE463BE02525867
        Malicious:false
        Reputation:low
        Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):3.7679759396819295
        Encrypted:false
        SSDEEP:48:7MyJioyV4ioyqoy1C7oy16oy1qKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1O3:7JJu4u9XjBi9b9IVXEBodRBkS
        MD5:AE99C5CB8C0F52F9408A199EDF7EB2F0
        SHA1:9D53C6F90BD0A3789AB6C8B26F40F9AD322778F2
        SHA-256:78F8937627573CD253152337179F5B4EA4F2E35A0904ABCF496636304BAF5573
        SHA-512:61F32FD97C1F3A00262B7007849982CDAD05283C17B3041940E95AE3A58E6E18C1555C10186CFE3D13D44A106D170B50F23A184C852AD743902FA753CC9B508D
        Malicious:false
        Reputation:low
        Preview:.... .c......-.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3544

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):185099
        Entropy (8bit):5.182478651346149
        Encrypted:false
        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
        MD5:94185C5850C26B3C6FC24ABC385CDA58
        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):185099
        Entropy (8bit):5.182478651346149
        Encrypted:false
        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
        MD5:94185C5850C26B3C6FC24ABC385CDA58
        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):227002
        Entropy (8bit):3.392780893644728
        Encrypted:false
        SSDEEP:1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn
        MD5:265E3E1166312A864FB63291EA661C6A
        SHA1:80DFF3187FF929596EB22E1DB9021BAD6F97178C
        SHA-256:C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728
        SHA-512:48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA
        Malicious:false
        Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):295
        Entropy (8bit):5.338702590682052
        Encrypted:false
        SSDEEP:6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJM3g98kUwPeUkwRe9:YvXKXzIVtI0c0GMbLUkee9
        MD5:C6819FE4AD5B0ADCB27B67E426947AA0
        SHA1:C7A338406CA46DD56DC79558AA51EFE5F798BE83
        SHA-256:430F3819760B8C9AACF6CB844B760A39179E4F045798679264F3F78832347DE4
        SHA-512:161D4A8E061565834A1939EDBDD95F80E35077A9B524B611D4852CF25E61895CDC943ABAD6AB9D84BB68F363C0FA303133814DEA4E6C282EE2A36664B30BADF6
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"35f6a3a2-2599-4657-a1a7-a5fadb0e3634","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714113421244,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.29153336000907
        Encrypted:false
        SSDEEP:6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJfBoTfXpnrPeUkwRe9:YvXKXzIVtI0c0GWTfXcUkee9
        MD5:F1C92B805E1EADEA1461D5A19DA397B8
        SHA1:8EC08B7A60804FFC3301A047CA41BA80FCA45D7E
        SHA-256:73DCF72E250E82D1B2CA018FDED42DA00E69DFF83D5B32C090C6970AFFA6C6C1
        SHA-512:94EE4DC4568437ED7B2FBBB0708BC1E9F501D0D5B62DEE2A3AE48B130107D69467961D0EDB7E5913F7D640D187801B79121E66D4EF9839A612B4B4E47054F38F
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"35f6a3a2-2599-4657-a1a7-a5fadb0e3634","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714113421244,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.270731107978275
        Encrypted:false
        SSDEEP:6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJfBD2G6UpnrPeUkwRe9:YvXKXzIVtI0c0GR22cUkee9
        MD5:76B5F3214F842D2CF6D91BEA366D79E6
        SHA1:89C7675FD8B46D16F027D071CE042F6874BAA630
        SHA-256:836400984B930E60569D64D64DD40B429CE5F12B38CF8269508BA2F9D34CF161
        SHA-512:A6FFA88A34829A8C57A523679E7DD7DE6AB89A1731DCD1C712B973F966E850EFCAB3447F21DAE8CEAFAF0CA2A4B2F8939E02DF55F4CE817E31097F7F4AECFB90
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"35f6a3a2-2599-4657-a1a7-a5fadb0e3634","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714113421244,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):285
        Entropy (8bit):5.317859875271072
        Encrypted:false
        SSDEEP:6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJfPmwrPeUkwRe9:YvXKXzIVtI0c0GH56Ukee9
        MD5:0B7CA564346FEFE28BBE2D6C2410B29A
        SHA1:2FC9B16D5DB18594A78BD31BE56CC76095B2514B
        SHA-256:DC13EE34CCD3D84D784387E9AA495DDA81F73BCFB28958E29C45CB575799BAE5
        SHA-512:043A0BAEB3B5EA4B5E300084DD7314FEFA43AEB4C94FE987BD61D053DBC43484B4E5AA4BA070A19531CF69EC3F98C3C2D7D66E1ADB6E13590FCEB12B6F332D07
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"35f6a3a2-2599-4657-a1a7-a5fadb0e3634","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714113421244,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.2833702429515235
        Encrypted:false
        SSDEEP:6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJfJWCtMdPeUkwRe9:YvXKXzIVtI0c0GBS8Ukee9
        MD5:20AE871EF1E48FB6ED855B8F6A5E3D7C
        SHA1:F3C8E15DC40525B64DD22DFF1284151999A09196
        SHA-256:18024CD3A55BD7A33ACDE971962204B7A95D5D352979DA02A9721D3669EC41E4
        SHA-512:DF6ABE36AA8E6F23041F10EBC20C4BABC2711F3F6C2DE9508274EBB4942A60260E159026C8435B3BCA2CE7B4B2ACE10DA1207248EC5B2A0A1E75E620437D1FFF
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"35f6a3a2-2599-4657-a1a7-a5fadb0e3634","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714113421244,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.268299472717617
        Encrypted:false
        SSDEEP:6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJf8dPeUkwRe9:YvXKXzIVtI0c0GU8Ukee9
        MD5:84DEDD1A8D76D5EFB7581CD9DE5E9D5D
        SHA1:A820607DD2CBED556E64318590EEF413AFAC9D6F
        SHA-256:FE556EBDBE577C9C79010144EDF9D4CE2B42407621755A7250400AAF0C243165
        SHA-512:5D717108363682A1906E385D92C0F835A8C2D863F870968854E7DBA39C30F8C50C2BEE38E06A7A42C12389CAAD7A1C562832E7AFF223F5C0A70E354A749F11B5
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"35f6a3a2-2599-4657-a1a7-a5fadb0e3634","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714113421244,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.272640939533897
        Encrypted:false
        SSDEEP:6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJfQ1rPeUkwRe9:YvXKXzIVtI0c0GY16Ukee9
        MD5:DD30599970BE003B5D0D054ED5618D39
        SHA1:7DF35947D23B397B45BAF986BB717D63B2150122
        SHA-256:DA944FD509CD683E231D3CEC9634AAFF446B1FE1647DFB6B247B66D770FB528E
        SHA-512:DAA5B5A2C5EE7DA084F036C7C700B9416E5BFF74AF65150F3F81B1F19FF8A16E549DDE9707899E68E5BC46CD3D1D3116DEF80A32AE1404C5804DC28536CEF0A2
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"35f6a3a2-2599-4657-a1a7-a5fadb0e3634","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714113421244,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.278733327026216
        Encrypted:false
        SSDEEP:6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJfFldPeUkwRe9:YvXKXzIVtI0c0Gz8Ukee9
        MD5:07710C463C2765387E130683B04EE931
        SHA1:F98962893F63C0D4A6BA172434F68BD1F28AE2D9
        SHA-256:4E30BC52FB5E3E9494BBACFA5336BFF3A7959646EC97DDDE7EA670B972D623A0
        SHA-512:672BDAF1CB0F06998C0898DBD5699558B7FB5D13FE23709E0464D6ACC644648DB348AF2A7CA138C390439B504C8870214E09B09F0FC4E2ED814709D9600E46E8
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"35f6a3a2-2599-4657-a1a7-a5fadb0e3634","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714113421244,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1372
        Entropy (8bit):5.736840229474668
        Encrypted:false
        SSDEEP:24:Yv6XMqMKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNO:YvHEgigrNt0wSJn+ns8cvFJ0
        MD5:B35962C355D4F66022FF77B8BE2A9141
        SHA1:4B8DB8E6DFB6E294BC456117B81560617949F52E
        SHA-256:88D13D04D92F6ABA4D611952C7A999F056DDBE1AB9E51AC0D8DE67D251C54388
        SHA-512:6C2163D974443DE2B3FF687BC933A9E15B8A3E5E5AB9D21A9DC478DAA53D6F1E85882EAA2C543CCFAF285F669340B5EA481CCBA5726ABDA4889472AFA2396A59
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"35f6a3a2-2599-4657-a1a7-a5fadb0e3634","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714113421244,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.275009572174844
        Encrypted:false
        SSDEEP:6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJfYdPeUkwRe9:YvXKXzIVtI0c0Gg8Ukee9
        MD5:60DE1320D28373E157975D88CA521D1A
        SHA1:7326D12D22007E6B663E06A3D9F8228E9D6D545F
        SHA-256:BD4C4204FA6285C15EE5FE5AD944935438A52C2953E899B1A932B5B05AB0F3CC
        SHA-512:EBC6DAADDFE2469C2F9E39AAE7AEF1A3844C7815D9E1DC7116F59857F7BE4017BB87EE1BB1AAC3C0F2EE342B97AAF775EF18B088C27439ED3CBE2994A6A15B7A
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"35f6a3a2-2599-4657-a1a7-a5fadb0e3634","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714113421244,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1395
        Entropy (8bit):5.7735750895141615
        Encrypted:false
        SSDEEP:24:Yv6XMqDrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNG:YvaHgDv3W2aYQfgB5OUupHrQ9FJY
        MD5:4DC2E1EAF2FCDFE4F7408665F57764D6
        SHA1:54896DD371424F8FEFF43492C6298B2DF64C53CF
        SHA-256:560B3620CA3E0F2DC44F49F0063F3B2E2C76A77E64DAD4D5BCC896D22093EFDB
        SHA-512:370559BEFD67F08FA912C2936CAAEC0949B05FCD003F1452ED84E2D437B3CDFD8426BA71D4E2FE24182CE148AA23D3F475334371428476A85661ACB83C371FD5
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"35f6a3a2-2599-4657-a1a7-a5fadb0e3634","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714113421244,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):291
        Entropy (8bit):5.258728425366406
        Encrypted:false
        SSDEEP:6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJfbPtdPeUkwRe9:YvXKXzIVtI0c0GDV8Ukee9
        MD5:19FAE8A8DD8A87AF341FF4F78F2ECA54
        SHA1:CDD3087941AA86C65188A8F91DE72DE727FED91A
        SHA-256:5C2141939258FB0C37D8F0763AAF6725F8719882E731A45DF19BC47EE5B50553
        SHA-512:9DB737D6052719010934F81D5F56F431AB161374F60C901C2A303F1BD91A97290469E2F48EA435E3EDBE20F71DB36CC166F62B52786D388BD5CF3E80A52489FE
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"35f6a3a2-2599-4657-a1a7-a5fadb0e3634","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714113421244,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):287
        Entropy (8bit):5.262855254356364
        Encrypted:false
        SSDEEP:6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJf21rPeUkwRe9:YvXKXzIVtI0c0G+16Ukee9
        MD5:D332AF13669175779CE1E3AEA0C2F19B
        SHA1:22700BCCB88AB5C8E21778C66B53329A73869DFB
        SHA-256:0101F3AD08C537B4C6255A5A16884C6A0B708167595C496E5217C2A6CA38885B
        SHA-512:493320750A6417D658E90D8B06016859AEDB272F066509C802778D6BC9833893D83DF6574E052B9E928DCDA1861A4A1FED9C90690BF168337E7773BB58CB3EFA
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"35f6a3a2-2599-4657-a1a7-a5fadb0e3634","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714113421244,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.28155088285877
        Encrypted:false
        SSDEEP:6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJfbpatdPeUkwRe9:YvXKXzIVtI0c0GVat8Ukee9
        MD5:FCE43AA76E5305BF73D008A6007F82CB
        SHA1:39C03E37027D11FBF2325CFECAD242503A15C171
        SHA-256:B5E5791FAF990522B0F969D1CB4A7B25E153433F7DC2F3E27459C441E13299E0
        SHA-512:0E9CFDF1CC2BC080E5CBF4FCFAA94383C181D6DE825836F1A68AB8D0D9B1B41320B5B720247BA8D407D9B7AE02E08771CF4A712B6CCE117B3FFCB9FDA29D4E59
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"35f6a3a2-2599-4657-a1a7-a5fadb0e3634","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714113421244,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):286
        Entropy (8bit):5.2393061445092615
        Encrypted:false
        SSDEEP:6:YEQXJ2HXzIGatMV0nZiQ0YoieoAvJfshHHrPeUkwRe9:YvXKXzIVtI0c0GUUUkee9
        MD5:9B11A032C290CD7A10E1D7677B818A0B
        SHA1:62E66CC21487BFB39D1808BB41D876E07368D7F8
        SHA-256:1590106D1BB3847355F8B4E35E889A36FC769170AB038B20FF11349F9488F468
        SHA-512:3E6B0CB605490934C86A4D7345AA915974DDE71846E9E0E905FB1E5F26635BB8E0B0D873FCA3DDE8EFF6B4D632F3E54ABD6093DA0CF1AFECA820DBD7DC249C8B
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"35f6a3a2-2599-4657-a1a7-a5fadb0e3634","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714113421244,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):782
        Entropy (8bit):5.358185340129882
        Encrypted:false
        SSDEEP:12:YvXKXzIVtI0c0GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWlY:Yv6XMqa168CgEXX5kcIfANhX
        MD5:42577E88006B7B57E3D78201703D01EA
        SHA1:8B74AF09966727126EC6B7BD90F321840CEDCD11
        SHA-256:C1F87462AB0BD8EBFD4104DFFCA02C3CEA73AECE0D801BCB77BCFA1897AF4189
        SHA-512:2493240B05F424BA6C063BB47367263C6AA39B9EF0AA812474701AB12D88F82C6134964B53EB12623C30ABFAFB09877675D3110B9FD1E8E66F2E4D70FFBDBDD6
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"35f6a3a2-2599-4657-a1a7-a5fadb0e3634","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714113421244,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1713934456273}}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):4
        Entropy (8bit):0.8112781244591328
        Encrypted:false
        SSDEEP:3:e:e
        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
        Malicious:false
        Preview:....

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):2814
        Entropy (8bit):5.137638731950118
        Encrypted:false
        SSDEEP:24:YN0GZ6UCsc7jNLJqxbaj0ayvVNRE5XpjTj0S72CX2uG2LSFFUCp6Q57a699sjubz:Ytpxc75LJXEeTfWwTGnFUvQx19ss
        MD5:BBE96D9D95AC07897E9109C40E94041B
        SHA1:C961DA16ED44FF1D5D29D512BDCADEA5AB548598
        SHA-256:3FDD5A222419DF05BB23EBC83C0BF0A96E1662AC2ADD5D7DE4371C72D7AA563A
        SHA-512:828122BA2692AF0B2620AD31597D202E7AF6B933F969FD91B7E045BEAD77D3E39474E9440B6F861552442A4DB2BCC91BD9C2CD3B2288E636A9990100B46BA81D
        Malicious:false
        Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"d2b3ba636a3bd8f806425d89fe78b7f0","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713934455000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"082f24992e4cb9db8af30a20e8cb6339","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713934455000},{"id":"Edit_InApp_Aug2020","info":{"dg":"e329fc92b57b7fd76e815b4ef37142ee","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713934455000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"12da4e31ae04baf134a4c629f25e7431","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713934455000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"817bcc01712575090e259e5c6c49c39a","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713934455000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"11a2d5c82bc155d86440e82dd7b39bb2","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713934455000},

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
        Category:dropped
        Size (bytes):12288
        Entropy (8bit):1.144985146569767
        Encrypted:false
        SSDEEP:24:TLhx/XYKQvGJF7urs36tRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudi:TFl2GL7msKxXc+XcGNFlRYIX2v3kBH
        MD5:3DCE9133CED325BF5BC5380B22F5D7BA
        SHA1:03333FC0046FD0EF255642F43CE321FF5339D035
        SHA-256:7159942131F2EB53E335E0070585D2E7893DBBD5F9525D264406DACEE344FD8C
        SHA-512:0C9B86BD04F7D406DD4632B5C3CEC7DF794B8E6684245FAAFA3D826297BA0D5DF1D180D56D9CBDF1BC55A4430E2D488ADAA7DF6589C4D1740D362802D063D87F
        Malicious:false
        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):1.5527709532736393
        Encrypted:false
        SSDEEP:24:7+thGp6tUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxrqWqLxe:7MhTOXc+XcGNFlRYIX2v2xqVl2GL7msi
        MD5:E87DDC72FA3A1DC3C052BC1D2C731734
        SHA1:80C87435EB30CDC657F3DD471CAA8177685A7C15
        SHA-256:BD42EE098FB34EEE8AEBAD2A70DC4A1034E1F1F591CEAE317F97DCA5BA035D5A
        SHA-512:F206A95EE35876FCCFA6D9ACE843C2FB671DD883EC9DA4A45B1542C56198016819555E829DC2DE26B5C1D987326ABF462638E54EA5AD94AC096BAB5A05EC80B8
        Malicious:false
        Preview:.... .c...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b.b.b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\MSI207af.LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
        Category:dropped
        Size (bytes):246
        Entropy (8bit):3.5197430193686525
        Encrypted:false
        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c+cUDYle:Qw946cPbiOxDlbYnuRKHUEw
        MD5:C6661E0DBD30FDA24785D55F14887C18
        SHA1:350A440C94DF45275C210882A33F517ECBC835E0
        SHA-256:1AD371D2094F4B7723CDEDA42E3671B6B0229ADB2FC4B80D8BBAE261CF653003
        SHA-512:8565ECA2D56EA52E331DDBB8E1FEF826FE5CDA239D46F552E81C30F4E34D8CFAFD8FCA6A1B4CC02698FC87DE1AA9FEC57349A58EDFF64FC5FD3B3E74AD9B196D
        Malicious:false
        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.0.4./.2.0.2.4. . .0.6.:.5.4.:.1.6. .=.=.=.....

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 06-54-11-494.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393)
        Category:dropped
        Size (bytes):16525
        Entropy (8bit):5.338264912747007
        Encrypted:false
        SSDEEP:384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
        MD5:128A51060103D95314048C2F32A15C66
        SHA1:EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
        SHA-256:601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
        SHA-512:55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
        Malicious:false
        Preview:SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393), with CRLF line terminators
        Category:dropped
        Size (bytes):16603
        Entropy (8bit):5.373040001625475
        Encrypted:false
        SSDEEP:384:Q2ED8KlCt44B5Ybwqi4UKQx0jInT8k/AHUgOWm2757y4u6cFDi05DODKv8ysG/v8:UHf3
        MD5:1616C3681E410F15613139A81A285057
        SHA1:6864C6B4A3DF16688C851E5A6B46888EDE5C3AF7
        SHA-256:D7A24EC322C3107EFD8654D15D2FE2A95FF124B407CC36CEAB8D773337334800
        SHA-512:9452945D2AAB3797ECA3B9781DB4151E7463D7C316F50E7CABCCC26C6C3F5E42DA4B1922A4FBA8EF915A3858DC2B76FAFD0468BDB59C221792AD6FF9D87D604F
        Malicious:false
        Preview:SessionID=06d39ca4-17ee-4dfc-b6bb-edf5f2df6962.1713934451521 Timestamp=2024-04-24T06:54:11:521+0200 ThreadID=7328 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=06d39ca4-17ee-4dfc-b6bb-edf5f2df6962.1713934451521 Timestamp=2024-04-24T06:54:11:522+0200 ThreadID=7328 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=06d39ca4-17ee-4dfc-b6bb-edf5f2df6962.1713934451521 Timestamp=2024-04-24T06:54:11:522+0200 ThreadID=7328 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=06d39ca4-17ee-4dfc-b6bb-edf5f2df6962.1713934451521 Timestamp=2024-04-24T06:54:11:522+0200 ThreadID=7328 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=06d39ca4-17ee-4dfc-b6bb-edf5f2df6962.1713934451521 Timestamp=2024-04-24T06:54:11:522+0200 ThreadID=7328 Component=ngl-lib_NglAppLib Description="SetConf

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):29845
        Entropy (8bit):5.394641972185116
        Encrypted:false
        SSDEEP:192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbmcb0IW0cbS:V3fOCIdJDe7Wg
        MD5:1232AD5AD23A2410953CF295DE69530A
        SHA1:471E27CFCFDC13948A41988C8038EA2E1DB0EDDA
        SHA-256:78C0216E18D4C8CF223ABB43AF9D169F71C7047C7DF10D177A3C48CDDFA8CB29
        SHA-512:16DC2C95A3B1D104B7EFA116120634FE9B1F6D0831E5D2F196B3071EB1835072D11B4C14586ED2877D8F9A84F4DBF778D78765542FA57774030DE57DE04A2317
        Malicious:false
        Preview:05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-

        C:\Users\user\AppData\Local\Temp\acrocef_low\6917d254-0939-490a-80e2-153ca9386d8d.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
        Category:dropped
        Size (bytes):1407294
        Entropy (8bit):7.97605879016224
        Encrypted:false
        SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLcGZtwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLcGZa
        MD5:22B260CB8C51C0D68C6550E4B061E25A
        SHA1:DF9A5999C58A8D5ADBB3F8D1111EAB9E4778637E
        SHA-256:DAB1231CC22DAB591EBB91C853E3EE41C10D3DA85D2EFAB67E9A52CCB3A3A5A0
        SHA-512:503218D83C511A7F7CEA8BC171921D1435664B964F01A8C77DC0F4D0196DD2815D9444DA98278E1369552D004E9B091DD9B89663209F0C52ACB97FCE6AFFE7A9
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

        C:\Users\user\AppData\Local\Temp\acrocef_low\86e91a79-4803-44a4-a771-8a6d9b467abf.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
        Category:dropped
        Size (bytes):1419751
        Entropy (8bit):7.976496077007677
        Encrypted:false
        SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
        MD5:18E3D04537AF72FDBEB3760B2D10C80E
        SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
        SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
        SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

        C:\Users\user\AppData\Local\Temp\acrocef_low\f3fe8d87-2bbc-43ef-b2a4-8c22f100bade.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
        Category:dropped
        Size (bytes):758601
        Entropy (8bit):7.98639316555857
        Encrypted:false
        SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
        MD5:3A49135134665364308390AC398006F1
        SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
        SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
        SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
        Malicious:false
        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

        C:\Users\user\AppData\Local\Temp\acrocef_low\f6d07790-37b2-4fe5-baa9-07ce2bb89753.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
        Category:dropped
        Size (bytes):386528
        Entropy (8bit):7.9736851559892425
        Encrypted:false
        SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
        MD5:5C48B0AD2FEF800949466AE872E1F1E2
        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
        Malicious:false
        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

        Static File Info

        General

        File type:PDF document, version 1.4, 1 pages
        Entropy (8bit):7.573918414089429
        TrID:
        • Adobe Portable Document Format (5005/1) 100.00%
        File name:68000000326_DP216G BRIDGE TEAM.pdf
        File size:299'571 bytes
        MD5:dcee8d79d72f4387ba6fd706085b99db
        SHA1:80e46020b630424d75ccd13f4c6a0bb329c1c91b
        SHA256:e0aeee30c87c458ba4d1c267f96c7b5911f8f2a3ccb61a113c45ee3a136ac057
        SHA512:317b488d2939d312cbe8824533fe14fda2f8cebf83204390c88317743ce73ef71c67d75b1def6ce1e59dcd15f10d42ab7d725c47afcc992e5710286e1acd8e9c
        SSDEEP:6144:Km3crQv7d678GwUVLhwTIG8CRh9F071zAzn7jkW+3V5p:5Mys8GwUVNvG8CD9qY7jkXp
        TLSH:985436079C589B93946953E8BE030E6C6F5A2B4DE9C17AFF00634ECB7E613254C9E01E
        File Content Preview:%PDF-1.4.%.....3 0 obj.<</Parent 4 0 R/MediaBox[0 0 595 841]/Contents 5 0 R/Resources 6 0 R/Type/Page>>.endobj.5 0 obj.<</Length 7 0 R/Filter/FlateDecode>>.stream.x.+.2.4.32P0.3...&.z.....\.......\.\..w...endstream.endobj.7 0 obj.41.endobj.9 0 obj.<</Type

        File Icon

        Icon Hash:62cc8caeb29e8ae0

        Static PDF Info

        General

        Header:%PDF-1.4
        Total Entropy:7.573918
        Total Bytes:299571
        Stream Entropy:7.570547
        Stream Bytes:298299
        Entropy outside Streams:5.055074
        Bytes outside Streams:1272
        Number of EOF found:1
        Bytes after EOF:

        Keywords Statistics

        NameCount
        obj13
        endobj13
        stream3
        endstream3
        xref1
        trailer1
        startxref1
        /Page1
        /Encrypt0
        /ObjStm0
        /URI0
        /JS0
        /JavaScript0
        /AA0
        /OpenAction0
        /AcroForm0
        /JBIG2Decode0
        /RichMedia0
        /Launch0
        /EmbeddedFile0

        Image Streams

        IDDHASHMD5Preview
        917372529453960613b1fb8778635d3ab43bf60fefb7083f7

        Network Behavior

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        Apr 24, 2024 06:54:22.555206060 CEST49721443192.168.2.623.200.60.110
        Apr 24, 2024 06:54:22.555253029 CEST4434972123.200.60.110192.168.2.6
        Apr 24, 2024 06:54:22.555500031 CEST49721443192.168.2.623.200.60.110
        Apr 24, 2024 06:54:22.555713892 CEST49721443192.168.2.623.200.60.110
        Apr 24, 2024 06:54:22.555727005 CEST4434972123.200.60.110192.168.2.6
        Apr 24, 2024 06:54:23.072912931 CEST4434972123.200.60.110192.168.2.6
        Apr 24, 2024 06:54:23.073297977 CEST49721443192.168.2.623.200.60.110
        Apr 24, 2024 06:54:23.073327065 CEST4434972123.200.60.110192.168.2.6
        Apr 24, 2024 06:54:23.074362040 CEST4434972123.200.60.110192.168.2.6
        Apr 24, 2024 06:54:23.074491024 CEST49721443192.168.2.623.200.60.110
        Apr 24, 2024 06:54:23.076849937 CEST49721443192.168.2.623.200.60.110
        Apr 24, 2024 06:54:23.076915026 CEST4434972123.200.60.110192.168.2.6
        Apr 24, 2024 06:54:23.077022076 CEST49721443192.168.2.623.200.60.110
        Apr 24, 2024 06:54:23.120129108 CEST4434972123.200.60.110192.168.2.6
        Apr 24, 2024 06:54:23.121611118 CEST49721443192.168.2.623.200.60.110
        Apr 24, 2024 06:54:23.121632099 CEST4434972123.200.60.110192.168.2.6
        Apr 24, 2024 06:54:23.168451071 CEST49721443192.168.2.623.200.60.110
        Apr 24, 2024 06:54:23.248332024 CEST4434972123.200.60.110192.168.2.6
        Apr 24, 2024 06:54:23.248394966 CEST4434972123.200.60.110192.168.2.6
        Apr 24, 2024 06:54:23.248476982 CEST49721443192.168.2.623.200.60.110
        Apr 24, 2024 06:54:23.249825954 CEST49721443192.168.2.623.200.60.110
        Apr 24, 2024 06:54:23.249845982 CEST4434972123.200.60.110192.168.2.6

        HTTP Request Dependency Graph

        • armmf.adobe.com

        HTTPS Proxied Packets

        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        0192.168.2.64972123.200.60.1104433940C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        TimestampBytes transferredDirectionData
        2024-04-24 04:54:23 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
        Host: armmf.adobe.com
        Connection: keep-alive
        Accept-Language: en-US,en;q=0.9
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
        Sec-Fetch-Site: same-origin
        Sec-Fetch-Mode: no-cors
        Sec-Fetch-Dest: empty
        Accept-Encoding: gzip, deflate, br
        If-None-Match: "78-5faa31cce96da"
        If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
        2024-04-24 04:54:23 UTC198INHTTP/1.1 304 Not Modified
        Content-Type: text/plain; charset=UTF-8
        Last-Modified: Mon, 01 May 2023 15:02:33 GMT
        ETag: "78-5faa31cce96da"
        Date: Wed, 24 Apr 2024 04:54:23 GMT
        Connection: close


        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        High Level Behavior Distribution

        Click to dive into process behavior distribution

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:06:54:08
        Start date:24/04/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\68000000326_DP216G BRIDGE TEAM.pdf"
        Imagebase:0x7ff651090000
        File size:5'641'176 bytes
        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:moderate
        Has exited:true

        General

        Target ID:2
        Start time:06:54:08
        Start date:24/04/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
        Imagebase:0x7ff70df30000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:moderate
        Has exited:true

        General

        Target ID:4
        Start time:06:54:09
        Start date:24/04/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1736,i,13084496968196404414,16290530547830846755,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        Imagebase:0x7ff70df30000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:moderate
        Has exited:true

        Disassembly

        No disassembly