Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdf

Overview

General Information

Sample name:66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdf
Analysis ID:1430763
MD5:59db3e6443136010a55d8af99232d6f2
SHA1:1af66f2e5dd1e8606b176c983231d5130d46f27f
SHA256:a772c6d4e876a81a2470060c20343cf5fee92beb05b262687f04f54dac3ae919
Tags:jar
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

PDF has an OpenAction (likely to launch a dropper script)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6856 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 2944 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7348 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1536,i,2705806765158461115,7575174302712746196,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 23.200.60.110:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 23.200.60.110:443
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.60.110
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: classification engineClassification label: clean2.winPDF@14/43@0/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 06-58-20-740.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1536,i,2705806765158461115,7575174302712746196,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1536,i,2705806765158461115,7575174302712746196,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdfInitial sample: PDF keyword /JS count = 0
Source: 66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: 66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdfInitial sample: PDF keyword /JBIG2Decode count = 3
Source: 66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdfInitial sample: PDF keyword stream count = 118
Source: 66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: 66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdfInitial sample: PDF keyword /ObjStm count = 8
Source: 66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdfInitial sample: PDF keyword endobj count = 223
Source: 66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdfInitial sample: PDF keyword endstream count = 118
Source: 66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdfInitial sample: PDF keyword obj count = 223
Source: 66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdfInitial sample: PDF keyword /OpenAction
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive12
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1430763 Sample: 66500000797_MI-07_5400049, ... Startdate: 24/04/2024 Architecture: WINDOWS Score: 2 6 Acrobat.exe 18 74 2->6         started        process3 8 AcroCEF.exe 105 6->8         started        process4 10 AcroCEF.exe 2 8->10         started        dnsIp5 13 23.200.60.110, 443, 49740 AKAMAI-ASUS United States 10->13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdf0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
23.200.60.110
unknownUnited States
16625AKAMAI-ASUSfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1430763
Start date and time:2024-04-24 06:57:30 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 10s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:10
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdf
Detection:CLEAN
Classification:clean2.winPDF@14/43@0/1
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 23.202.56.131, 54.227.187.23, 52.5.13.197, 52.202.204.11, 23.22.254.206, 23.220.73.15, 23.220.73.10, 162.159.61.3, 172.64.41.3
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
23.200.60.110Undeliverable IMPORTANT TAX RETURN DOCUMENT AVAILABLE LCAPOZZO #Ud83d#Udcd1 - 2 16 2024.emlGet hashmaliciousHTMLPhisherBrowse
    ChromeSetup.exe.lnkGet hashmaliciousUnknownBrowse
      phish_alert_iocp_v1.4.48 (2).emlGet hashmaliciousHTMLPhisherBrowse

        Domains

        No context

        ASNs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        AKAMAI-ASUSUXNob1Dp32.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
        • 23.59.200.146
        mJVVW85CnW.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
        • 104.106.57.101
        https://netorg442802-my.sharepoint.com/:b:/g/personal/darek_daronto_com/EeXtnEaZ3XJBqGk13it6odUB-K9vuYAC7zp7SfyciZ3BpQ?e=nkKu2wGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
        • 23.43.51.75
        EXTERNAL Bonnie St Dryden is inviting you to collaborate on One_docx(Apr 23) DOC3848493.msgGet hashmaliciousHTMLPhisherBrowse
        • 23.223.31.231
        https://lithiuimvalley.com/ssdGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
        • 96.17.33.186
        file.exeGet hashmaliciousVidarBrowse
        • 23.47.27.74
        https://sunhos-my.sharepoint.com/:b:/g/personal/mcaffrey_suncrestcare_com/EVEm8VhV9TBDp7AQUrliImYB4Kt7rXcd_m6-8qNUjxBhTA?e=P3XNTL&xsdata=MDV8MDJ8cHJpY2hhcmRzb25AY2FsdG9uLmNvbXxkM2U5ZTc1MTlkNDA0NmI2OWMzODA4ZGM2M2JhOTA4Y3w3YjU1NzU2YTg5NTg0ZWNlODFkYzVkYTZhYmRiNmE5N3wwfDB8NjM4NDk0OTAwMTUyMzMwMjUxfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=TldIbEg2OTJiSkRUS29RRElmU3dYbTBRQUlqUTBBMXZPcGlIaTlzNnlOQT0%3dGet hashmaliciousHTMLPhisherBrowse
        • 23.50.113.17
        file.exeGet hashmaliciousVidarBrowse
        • 23.65.246.108
        Remittance. #U0440df.htmlGet hashmaliciousHTMLPhisherBrowse
        • 23.193.106.150
        https://netorgft12232017-my.sharepoint.com:443/:f:/g/personal/lisa_imjts_com/EsnpAMoHQfhBluK8Y5tDE68BaHrT-12huxTJR_ZqVWR4tA?e=5%3aZZh3dZ&at=9Get hashmaliciousUnknownBrowse
        • 23.210.240.138

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.216450848994618
        Encrypted:false
        SSDEEP:6:2lLZpDM+q2Pwkn2nKuAl9OmbnIFUt8nlL16gZmw+nlL16DMVkwOwkn2nKuAl9Omt:ii+vYfHAahFUt8b//+b/V5JfHAaSJ
        MD5:3C8B90FED50BA0132F5F1F72181FD459
        SHA1:BEA254585D39486289D9E76D42BDABC25EC7D5A6
        SHA-256:C45944757AA6E35E99CE6FBE58D4FA04C36A1B8F0941DEB3421D8077A0434424
        SHA-512:8FC38EABBE807CEEEA21D32D6B9556C2E41C672BBF2DBB474DEDA35C2C82A77ABFA18C1DBD92161411A34054EDD83182F15DB2FBC2476CB94D8F7D0625FB2260
        Malicious:false
        Reputation:low
        Preview:2024/04/24-06:58:18.531 1c1c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/24-06:58:18.532 1c1c Recovering log #3.2024/04/24-06:58:18.532 1c1c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.216450848994618
        Encrypted:false
        SSDEEP:6:2lLZpDM+q2Pwkn2nKuAl9OmbnIFUt8nlL16gZmw+nlL16DMVkwOwkn2nKuAl9Omt:ii+vYfHAahFUt8b//+b/V5JfHAaSJ
        MD5:3C8B90FED50BA0132F5F1F72181FD459
        SHA1:BEA254585D39486289D9E76D42BDABC25EC7D5A6
        SHA-256:C45944757AA6E35E99CE6FBE58D4FA04C36A1B8F0941DEB3421D8077A0434424
        SHA-512:8FC38EABBE807CEEEA21D32D6B9556C2E41C672BBF2DBB474DEDA35C2C82A77ABFA18C1DBD92161411A34054EDD83182F15DB2FBC2476CB94D8F7D0625FB2260
        Malicious:false
        Reputation:low
        Preview:2024/04/24-06:58:18.531 1c1c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/24-06:58:18.532 1c1c Recovering log #3.2024/04/24-06:58:18.532 1c1c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):336
        Entropy (8bit):5.202063667055114
        Encrypted:false
        SSDEEP:6:2lLToq2Pwkn2nKuAl9Ombzo2jMGIFUt8nlLTxf0XZmw+nlLTxf0FkwOwkn2nKuAv:govYfHAa8uFUt81xfQ/+1xfY5JfHAa8z
        MD5:34976CB3A50D381A6EEC08ACC856EEEF
        SHA1:1DDDE7AFD5D426F23F1A057C98E3BC08F602805E
        SHA-256:B5D3C6D21A387415CACC3F6166C22CF85CC3FCA0426923CA128803B93E5D58CD
        SHA-512:156A30689882AFA7947F27590882C17C778814EB4D6896AB2CFDB2376418124F428B9CD34ABC6DA69E079D2D6CE0D5F630C6007A6B58A35D8358CAF04A441637
        Malicious:false
        Reputation:low
        Preview:2024/04/24-06:58:18.616 1ce4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/24-06:58:18.617 1ce4 Recovering log #3.2024/04/24-06:58:18.617 1ce4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):336
        Entropy (8bit):5.202063667055114
        Encrypted:false
        SSDEEP:6:2lLToq2Pwkn2nKuAl9Ombzo2jMGIFUt8nlLTxf0XZmw+nlLTxf0FkwOwkn2nKuAv:govYfHAa8uFUt81xfQ/+1xfY5JfHAa8z
        MD5:34976CB3A50D381A6EEC08ACC856EEEF
        SHA1:1DDDE7AFD5D426F23F1A057C98E3BC08F602805E
        SHA-256:B5D3C6D21A387415CACC3F6166C22CF85CC3FCA0426923CA128803B93E5D58CD
        SHA-512:156A30689882AFA7947F27590882C17C778814EB4D6896AB2CFDB2376418124F428B9CD34ABC6DA69E079D2D6CE0D5F630C6007A6B58A35D8358CAF04A441637
        Malicious:false
        Reputation:low
        Preview:2024/04/24-06:58:18.616 1ce4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/24-06:58:18.617 1ce4 Recovering log #3.2024/04/24-06:58:18.617 1ce4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\03652f16-4d0f-4680-a068-2580a0c037c2.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:modified
        Size (bytes):475
        Entropy (8bit):4.968646153603545
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqZoJHksBdOg2H05caq3QYiubInP7E4T3y:Y2sRdsbJpdMH0A3QYhbG7nby
        MD5:26BD0EB39A79DE93F96192748C747C89
        SHA1:CA101C9E867E6EC1E3CEB50998D939B2A016DD9D
        SHA-256:D3F3A87CBD8C01ED8C24EF8FC300444E0FACCD0CF92A484A636FD6EAE263F01F
        SHA-512:F4F8E615B263D68BAF5FA95895D60E6701118D111AFED3B868610DB9820086D94D8D57CDA6915E08217E63AEF235201454CA96BFDE664316845EE9629CC0906C
        Malicious:false
        Reputation:low
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358494710605447","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":156419},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):475
        Entropy (8bit):4.968646153603545
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqZoJHksBdOg2H05caq3QYiubInP7E4T3y:Y2sRdsbJpdMH0A3QYhbG7nby
        MD5:26BD0EB39A79DE93F96192748C747C89
        SHA1:CA101C9E867E6EC1E3CEB50998D939B2A016DD9D
        SHA-256:D3F3A87CBD8C01ED8C24EF8FC300444E0FACCD0CF92A484A636FD6EAE263F01F
        SHA-512:F4F8E615B263D68BAF5FA95895D60E6701118D111AFED3B868610DB9820086D94D8D57CDA6915E08217E63AEF235201454CA96BFDE664316845EE9629CC0906C
        Malicious:false
        Reputation:low
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358494710605447","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":156419},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):4730
        Entropy (8bit):5.250521422476427
        Encrypted:false
        SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7cXXU71Z:etJCV4FiN/jTN/2r8Mta02fEhgO73goJ
        MD5:06412B22CF0A4CB3520DEE42BECFB9F3
        SHA1:4C5413F10C47275111F38E510E39FE78B2D3E845
        SHA-256:B33E6FDBEE3536E31311772FDC078F2E33EBE469E60F6C8566BFE0767A053D52
        SHA-512:F496BCD8CD03A810602AB95C59542B924FF2BA8656E3B587AB9D58D3A9B094D65A17877ACE653868B54333A2B1384691221AD20303E8F7CE9D3D8669426779AA
        Malicious:false
        Reputation:low
        Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):324
        Entropy (8bit):5.21459352970058
        Encrypted:false
        SSDEEP:6:2lLg0G8Iq2Pwkn2nKuAl9OmbzNMxIFUt8nlLCOjZZmw+nlLCOjzkwOwkn2nKuAlG:JFvYfHAa8jFUt8FjZ/+Fjz5JfHAa84J
        MD5:BD64B08AD45E1410F2E44AB66E4A6B56
        SHA1:1D41CA9967A37171F066716211E275CA0B8430E2
        SHA-256:EE8399D37119A6557EFBA7A402E3CA4BB2F75642473ED471F884C2C9CB4E445E
        SHA-512:EBC9896BA8A1B66B25CF77759DC21E0A53AAC3A0D9A600CA98A1B54EF9D86B0FA420314674853D54CB3EDA8694559DCB4ED9C37EA21524A38718E03258B0B4F3
        Malicious:false
        Reputation:low
        Preview:2024/04/24-06:58:18.768 1ce4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/24-06:58:18.771 1ce4 Recovering log #3.2024/04/24-06:58:18.771 1ce4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):324
        Entropy (8bit):5.21459352970058
        Encrypted:false
        SSDEEP:6:2lLg0G8Iq2Pwkn2nKuAl9OmbzNMxIFUt8nlLCOjZZmw+nlLCOjzkwOwkn2nKuAlG:JFvYfHAa8jFUt8FjZ/+Fjz5JfHAa84J
        MD5:BD64B08AD45E1410F2E44AB66E4A6B56
        SHA1:1D41CA9967A37171F066716211E275CA0B8430E2
        SHA-256:EE8399D37119A6557EFBA7A402E3CA4BB2F75642473ED471F884C2C9CB4E445E
        SHA-512:EBC9896BA8A1B66B25CF77759DC21E0A53AAC3A0D9A600CA98A1B54EF9D86B0FA420314674853D54CB3EDA8694559DCB4ED9C37EA21524A38718E03258B0B4F3
        Malicious:false
        Reputation:low
        Preview:2024/04/24-06:58:18.768 1ce4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/24-06:58:18.771 1ce4 Recovering log #3.2024/04/24-06:58:18.771 1ce4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424045822Z-162.bmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
        Category:dropped
        Size (bytes):65110
        Entropy (8bit):1.2883019507460785
        Encrypted:false
        SSDEEP:192:JP0A50Z5v66RUfBfEf9lLTjoN4Lf5FV5UJXUrCM8S55RqVfDlYsv:JP6h7r2VGy
        MD5:B32E58C67A22BAD29E5294077674DC34
        SHA1:1772EEE0347AC584EA7F13E3BE6D4E2CA28611A1
        SHA-256:1BD591C221DBE785B0CF01323F19C09B789F6E54028A708F19FC815EC24E7CC8
        SHA-512:7F545A6E63EC58B4365F3287C16BA23673248A5757C7602174AED5D65EB7139BA8D76469D9BF5248636985DD2E5889940514E1ACF35748A443257B6FF9B31FC2
        Malicious:false
        Reputation:low
        Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
        Category:dropped
        Size (bytes):86016
        Entropy (8bit):4.445319150787097
        Encrypted:false
        SSDEEP:384:yezci5tMiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rrs3OazzU89UTTgUL
        MD5:548E4C8AE63910131BBABCA7B8EEB5DE
        SHA1:944C9751E97B741DB97E3B14B130E5858A701EAA
        SHA-256:BE05DE9FB79C41F55FBDAE402371DA3289BF8A70ADDD4956EE98E994F6C46F9B
        SHA-512:77DEB4BEA842C4AAA175D29F4FA435D30C282BDA9ED4732946676861B1DD27B571EE83C37832437BEC3AC01A0D4A5EF99C088F823C6E4F8EBDA26E0C4C2E19F2
        Malicious:false
        Reputation:low
        Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):3.777068172373167
        Encrypted:false
        SSDEEP:48:7MPp/E2ioyVYioy9oWoy1Cwoy1wKOioy1noy1AYoy1Wioy1hioybioyKoy1noy1u:7EpjuYFTXKQzjb9IVXEBodRBki
        MD5:D77B8B18044F6765F9DFE09DE9FEED0A
        SHA1:32B0321372202265781B4EAAEE4EF00370ECCF3C
        SHA-256:961C0841CAE7B17CFAFC7F72A5F2D83B8F5F4A5777D1C434810ECCE13FCAB5DA
        SHA-512:1921DD70B2394EDAFF77890B6561D5AA5964FA39B648B0F1C6604A0739EA5141E07FC9ACCA40ED9BE704A649E1F9368B78EABC7C063F2946A76245E143A66CBD
        Malicious:false
        Reputation:low
        Preview:.... .c.......=................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1612

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):185099
        Entropy (8bit):5.182478651346149
        Encrypted:false
        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
        MD5:94185C5850C26B3C6FC24ABC385CDA58
        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):185099
        Entropy (8bit):5.182478651346149
        Encrypted:false
        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
        MD5:94185C5850C26B3C6FC24ABC385CDA58
        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):244540
        Entropy (8bit):3.3415042960460593
        Encrypted:false
        SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwggErRo+RQn:yPClJ/3AYvYwgrFo+RQn
        MD5:758B42992DDFC41CB5E57069C621B54A
        SHA1:D0C28AF6CF1BD2208DA97DEDE57F6C78CEC98DCD
        SHA-256:55DF75758DD6CA825ED2DC9380EDC8469351191308C34CACFC44205197ABD25D
        SHA-512:437918372167A402005A728DCBBEF7B3A9580B794AD6A948A435C9D57C1672ACC1B7376E2A09113B66600EF5049D23625174256565BC639125A2F2BD07928926
        Malicious:false
        Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):295
        Entropy (8bit):5.378064339765047
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJM3g98kUwPeUkwRe9:YvXKXBbBzZc0vMJ2OGMbLUkee9
        MD5:DFB28541FE81D1F0019767B2D50BC73F
        SHA1:385B2D595A9BB03A57939A8DE7048D29EC4247BB
        SHA-256:5CEB3447FF936FCB159FB050750CE3D5F06E64FB80463B79E0102FDA92C032F9
        SHA-512:531C39B1B51AA55D62E571D8FA8A7C38178B63CC67CC31446F1B6E86F642A002064B47CA29CAF3CE906EA7654BB7136ED30694A72EFD73ACB6C5C5B079D203A9
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"42b6103f-50d9-4e90-8f89-357a18f574f7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714112019606,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.327908486296604
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJfBoTfXpnrPeUkwRe9:YvXKXBbBzZc0vMJ2OGWTfXcUkee9
        MD5:BC33C04DD7584A41128F6EBD99E18925
        SHA1:2DE6BCEA6318937CA1B65376D0D483FBF1D4F6CB
        SHA-256:0EC0B2DEF56B7F7E3CFF0542C79C13B854569CB367374DAEC727F2CE3DD29E2B
        SHA-512:A0286D084C76387CF79237AB427D465E5ED2A46027538E7CB0491615F6117FC51FA3581CEC1F6A6B4AFE705AA43D85176C3F1BED9EC299EB0D05DF868F67D7C2
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"42b6103f-50d9-4e90-8f89-357a18f574f7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714112019606,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.307106234265808
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJfBD2G6UpnrPeUkwRe9:YvXKXBbBzZc0vMJ2OGR22cUkee9
        MD5:C687D503778750C013368001C282A3AB
        SHA1:B5BC6DF9A980E242D1568402CF2CF13DDBB139A4
        SHA-256:C27B64E5A8A6CEDA2E7B2BE42CC7D4B1FB86836BFFB03B9E05F7B58D88EB8302
        SHA-512:FC0CF8B9265CBC7A05C5BE3FC009AF23247E97715A3F7BE1B33019B418662061559AD8325C2339636002A4892A1CB57449C37BF1F3ABDA00020CB647C863CDC2
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"42b6103f-50d9-4e90-8f89-357a18f574f7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714112019606,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):285
        Entropy (8bit):5.365590668888201
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJfPmwrPeUkwRe9:YvXKXBbBzZc0vMJ2OGH56Ukee9
        MD5:1BF4497FAAA56E98D138DAD03714A0DA
        SHA1:25EDC467CB410C6877CD51EBC8AEC87A7D623A86
        SHA-256:8595DF6B15DF77B107001AE9FC6C3CFD52A110C8F8B001B6D3D45C5C9AFFD236
        SHA-512:0308EEA42A033F21C5331A5F5BD8D3F3F63265984D763C4694609500E38A63E4770BB09502138A8775BEC3C9934C98249FE3CDFEA107B0208B25C42B5A2AB5D9
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"42b6103f-50d9-4e90-8f89-357a18f574f7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714112019606,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.327264335779521
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJfJWCtMdPeUkwRe9:YvXKXBbBzZc0vMJ2OGBS8Ukee9
        MD5:8DAF9A474706ED4E11A617DF69094B64
        SHA1:4FF0563106B80A03A0834718770EB5E50F493C29
        SHA-256:768F836D8A5ADCDFCC01922BFC3265FA345135018ABA15BE70E542FCEFCFAC71
        SHA-512:BFCEEDED3E852F536A846A3B3E90A9592098FD00EB8D77C01B9B67AD9EB5952FB7F5A77BBD51BE70971F7E3D52D8F176772515EB112936FF434C55744B8324C1
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"42b6103f-50d9-4e90-8f89-357a18f574f7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714112019606,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.3150920106853405
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJf8dPeUkwRe9:YvXKXBbBzZc0vMJ2OGU8Ukee9
        MD5:4D6E932BB4280C83E8670C693A7522AE
        SHA1:8FB6D2938AD53AC55794048FC2B2346F0E599C76
        SHA-256:B50BADE27EE9684EFF0389F8AF9E0F009E905466BD343AF16F5D3B510BD26E57
        SHA-512:9510F50705BC8028E69B8E3BD4DD2A020D68B314CE8ECC286BE221CCE2EB42D2A3F408C5A9877FDA2C4572A6C52687DBEA330E8D94903CD3BBF1DF454FCB5ECD
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"42b6103f-50d9-4e90-8f89-357a18f574f7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714112019606,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.3188193934193
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJfQ1rPeUkwRe9:YvXKXBbBzZc0vMJ2OGY16Ukee9
        MD5:90A2F06433615F54D9DE34EC67ABEE32
        SHA1:B87F31ABBE01E18F701858AA4B0B9520014D12F8
        SHA-256:EFD614A7BB19C3C52457B790BEC21959447619EE26CC2366918030BDEAEBBF1D
        SHA-512:B19AC2F50FF1936EA9D72F256F598B4D0CBB18E7D41A03C2610B45A0C9D6D6F09C4247DD1E33FCF293D481F618D56A0474D30C32C3DB6B242E048C6A19C1B4FD
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"42b6103f-50d9-4e90-8f89-357a18f574f7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714112019606,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.324344410356237
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJfFldPeUkwRe9:YvXKXBbBzZc0vMJ2OGz8Ukee9
        MD5:B2EAEAC349724BAFC8D2E5E62A904C48
        SHA1:0FEB89A0DC87EE30AB0BC48A3EA52AF315DF8CC5
        SHA-256:72CB13B8B79E9DC4081F4546461753C4FD76CCA5F0C47822C7030A6D0490FBB7
        SHA-512:146BDF97C06747D14D9B3A489632A265B704932150193E6B6BEEB647EBF4D9D44280F621C9F0732F6130B46C050D923FD25353B1658B4453A693DD98D4A46649
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"42b6103f-50d9-4e90-8f89-357a18f574f7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714112019606,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1372
        Entropy (8bit):5.744339790703844
        Encrypted:false
        SSDEEP:24:Yv6XxBzzvM/KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNYp:YvOdk/EgigrNt0wSJn+ns8cvFJa
        MD5:BD22BDFEBA1621ED026DC77DA72972A6
        SHA1:E65DC3366C46795AEE118010D725C9181347225A
        SHA-256:7C6C7F90BED9D87E328BECA59E17CF5A07C51CFB771DD2DD7D3C4A65D04AE3D2
        SHA-512:2AE1372437F37D8B525540494F3724EFE28C61E91DDA0101BEAD949C1EB12DCB1DB76BA4EDA89D4CA1538800F3C84FCC599007E00FF9E75FE4079EEAEA224219
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"42b6103f-50d9-4e90-8f89-357a18f574f7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714112019606,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.3206206555048645
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJfYdPeUkwRe9:YvXKXBbBzZc0vMJ2OGg8Ukee9
        MD5:97AB6C229190E53E1A704C87D5489500
        SHA1:04ECC6D624A2EB8C0A209AF66258C767B4C581B7
        SHA-256:F79C73B035ED1FEF522FAA47AF60FE2395DAC1ACE08B8C126D04C3AD446DC2B8
        SHA-512:706C107008B934C5B0BD927E776B03F95FEFACB15C40F34F57A0F2EE5F8C575974D90FEC6150B653DA5FB72A21FFAC7934559858B99F2D52B3546175F24F785F
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"42b6103f-50d9-4e90-8f89-357a18f574f7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714112019606,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1395
        Entropy (8bit):5.781855831354098
        Encrypted:false
        SSDEEP:24:Yv6XxBzzvMCrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNAe1:YvOdkCHgDv3W2aYQfgB5OUupHrQ9FJP
        MD5:F635BF10DCE43A6D6D4C61B677AB69BE
        SHA1:AF76E510528F8E73DF25BCB3CC62C17564096C79
        SHA-256:717D0DFF29501BFA9326E2623B69CA7B834661312446457FC02681AE8264BDE4
        SHA-512:E55DB55D383F597916750620C3CD2FE00DAECBBE634F3A0ED0EB58BD6A1A6CC6E2A56EC33DD2709AE374885CDFE49B85102076326C7477F2DC3AF1547C554786
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"42b6103f-50d9-4e90-8f89-357a18f574f7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714112019606,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):291
        Entropy (8bit):5.304026030460481
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJfbPtdPeUkwRe9:YvXKXBbBzZc0vMJ2OGDV8Ukee9
        MD5:0AB6E1B2BC63720FD02F7308600738CB
        SHA1:33F09CC420093720A9857CF2B7C73B745BDD21E6
        SHA-256:A19BFB3FF44556565084437382780ADB4ADBFF98A235C36D5B669E019C9EE3AB
        SHA-512:797E9E4D12D6F80F5F612714F9D3B1D637F6321CF9AA8D521938B3A25FAF8E64B4E063F773101DCF8E10609BC2EE02F3FB65503278414C73B6A18FB4F5DC21C1
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"42b6103f-50d9-4e90-8f89-357a18f574f7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714112019606,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):287
        Entropy (8bit):5.308648523151629
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJf21rPeUkwRe9:YvXKXBbBzZc0vMJ2OG+16Ukee9
        MD5:3ED48DFFE0983B07F904547027463E71
        SHA1:ECE231755C56DECBF92F5FC259FA3F4482798429
        SHA-256:AD9B6906FD89C223CBFDCF056CD21B367C5FFA2895B176CA1A70DBCFE404D946
        SHA-512:CD8CDEDF44F07057AD8285E47B8E9D3766AFF67DA04446BE2CE4F86ABDF3B2DA2275396714AA51E8280809021D85896FA741D206CCFBC16E0AF8979A5F9EA231
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"42b6103f-50d9-4e90-8f89-357a18f574f7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714112019606,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.327161966188791
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJfbpatdPeUkwRe9:YvXKXBbBzZc0vMJ2OGVat8Ukee9
        MD5:FDB4E796A067AF5685F5FFFC254E391A
        SHA1:5350AA94C1793DFFE32DA45AD84393FC7B624DAD
        SHA-256:AD6F9AC1043A7FDDC09074F139B266758BE2339A84B17580F85B3A4C9804D11B
        SHA-512:19C5FAEC156B43D7F687F5AAF347E6BC671276B9F1DEE9D542D9A4E2B8DB3393E3914DA7E62AECC248259E80CA7AF8D2C3F1065133109E916FB4BCF542E4E606
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"42b6103f-50d9-4e90-8f89-357a18f574f7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714112019606,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):286
        Entropy (8bit):5.28539566577631
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDPiIbBw9VoZcg1vRcR0YXJ2xoAvJfshHHrPeUkwRe9:YvXKXBbBzZc0vMJ2OGUUUkee9
        MD5:30E8B3F2553D61E7B3733B1168E33AE5
        SHA1:2D20AD5B67269BDF737BAA1738B4876D0E303A98
        SHA-256:CF7703005FB2AE875B3631E19250F4EDB8D2DC2156904B48D973864D5BDD957E
        SHA-512:97CB1D355C7B6BC5055A1252E0A431385BD0C513530991C1725F7D26781D389EE770F4E8ECBAE65A62A29609EE5194E64BFCBE0CFC28D023F4366D438CD61D01
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"42b6103f-50d9-4e90-8f89-357a18f574f7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714112019606,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):782
        Entropy (8bit):5.375436587182538
        Encrypted:false
        SSDEEP:12:YvXKXBbBzZc0vMJ2OGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW8p:Yv6XxBzzvMn168CgEXX5kcIfANhfp
        MD5:2E7B9ED399855702FB73450684540B42
        SHA1:E0F1653D00B535E1DEB1BCC893F5905A3EDB522F
        SHA-256:0DF5FE9BCE8D3726CB473E45BEA4E0BFEDB211A83968611109EB9B2A20F5BDDA
        SHA-512:05E56F96D3B109F56848348E394F44DCC8E17D043A967C4A3AA24FAC5E7368665C3A1C65215525C6F2B1C0D637DA4817A3C80902D24B09F51148CBA71A08B1C1
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"42b6103f-50d9-4e90-8f89-357a18f574f7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714112019606,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1713934704637}}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):4
        Entropy (8bit):0.8112781244591328
        Encrypted:false
        SSDEEP:3:e:e
        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
        Malicious:false
        Preview:....

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):2814
        Entropy (8bit):5.135822106436905
        Encrypted:false
        SSDEEP:24:YJVoUBbCQEIVQ/abS3vmIVUa6KO1ayVnJ9PVpe0j0ij0So6HhX2ku2LSok/7QJ5Z:Y5ivab2vILzraF/7ak9+L
        MD5:79215C06623DAFBB95C8A4BA7F8A3987
        SHA1:17D1C8FD2495365E4BF515AEE8C58DD7F4F1D0D2
        SHA-256:ADA3AEF884AE4ABFCB9BF6E193BC62138459B66AC336AFD078E6E46A7EF7FE46
        SHA-512:9096C995651FCA7B288438BA14816FF0F4D4E62C67AA734969156647783E31CDB21615D31E2E0B9B51801E8F97059D8A3142131142A0C4E08EAA8B65A67DD3F4
        Malicious:false
        Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"e41b16320a59a7406f4f6c9c75975e69","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713934704000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"0441a046f294f493a1786b0454ba2afa","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713934704000},{"id":"Edit_InApp_Aug2020","info":{"dg":"779a3c1d2b9859c964fd2db842bd5df1","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713934704000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"284cec7379200202a3b3003aafd0b4cd","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713934704000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"133a21626720aa395be7238d33ee4fb1","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713934704000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"d37a7f1cac85ef576a17409f94a6ddc2","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713934704000},

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
        Category:dropped
        Size (bytes):12288
        Entropy (8bit):1.1880437468890301
        Encrypted:false
        SSDEEP:48:TGufl2GL7msEHUUUUUUUUsSvR9H9vxFGiDIAEkGVvpO:lNVmswUUUUUUUUs+FGSItS
        MD5:2263AD8F70973FA6E0A46E2BA8329AD0
        SHA1:7E27E9859DE939F9A1EDF3424D927D03B4856CD4
        SHA-256:A29B1576B8E3CA676C4A366D6CFC7EFC965228636A908E27D2FE9E53E42DA00D
        SHA-512:03BF1E9A165160A1B0A0F678E986A4C1AE832517DD2BC4F2CDA50A109910106B0398066250A215FA5FDC47832581784090C7BD8530A5B00B377698CDA71ABCF0
        Malicious:false
        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):1.6082936612577852
        Encrypted:false
        SSDEEP:48:7M/KUUUUUUUUUU+vR9H9vxFGiDIAEkGVvoqFl2GL7msT:7RUUUUUUUUUUCFGSIt6KVmsT
        MD5:3990B847EBA8C5A3D668F685A05AD6E1
        SHA1:7CAB9F5865F4448F4CB5287AECBFDA60E70DB8CA
        SHA-256:AAAAE866EE10DFE3F0ABB2556F051BAEC81459BEE7A4AA78398DCD271D1C3A14
        SHA-512:2036BD6E3B60CD1F1DE333B51A91D479D053CE007FAF9C720AC162A7BA90A37FA9A4C2D0A12EAA7EA12DE2EAF1C598F6304D3AC8874F405D765D633E64A1CA34
        Malicious:false
        Preview:.... .c.....h..x......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\MSI78dc4.LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
        Category:dropped
        Size (bytes):246
        Entropy (8bit):3.529459928009153
        Encrypted:false
        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c+Rle:Qw946cPbiOxDlbYnuRKHt
        MD5:8F456632025650A3493F1C3FFC0FE4CC
        SHA1:138845664F4DD93DCE85FAD96291F49E86AA747A
        SHA-256:C051A3EC8238852772D768FA54E28E196809CD1AB59EC51F896F80DC2809EE08
        SHA-512:9762BB15BD9D6AE0E8D1B329885F599F200D4A0FBFBF97E6A85F468CE496777D4B5F7789BCF1013EF6848406712BAC147E3918F2E358468C9B93909ED75D897C
        Malicious:false
        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.0.4./.2.0.2.4. . .0.6.:.5.8.:.2.6. .=.=.=.....

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 06-58-20-740.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393)
        Category:dropped
        Size (bytes):16525
        Entropy (8bit):5.345946398610936
        Encrypted:false
        SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
        MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
        SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
        SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
        SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
        Malicious:false
        Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393), with CRLF line terminators
        Category:dropped
        Size (bytes):16603
        Entropy (8bit):5.339024535982815
        Encrypted:false
        SSDEEP:384:EyML0GhbsxvE8HScS6He483D8Z3BIMXtGf7RNBRAszHv2ZWYxECY1YJsVDM0dVJY:hh1
        MD5:B73E9BE8D734A59220898CE67000CED9
        SHA1:BFF795C88BD70A4BC28AC7D0A916ECF118341B56
        SHA-256:57DFACCDE705553396AB848FFA9462B0BA4AABF281D53F68DF893D93A0C1CD47
        SHA-512:145E71D8304D8CA368A38800914C83FDF9C9927D4F0A267AEC9162F97B4EF2B3F5FE41767A8A75D8A0E7347A68FA3F7EF09D86F1441C0AE6E85CB4F41C8AE444
        Malicious:false
        Preview:SessionID=de53f2eb-ea3e-4fc8-8078-d82c4d245ae3.1713934700763 Timestamp=2024-04-24T06:58:20:763+0200 ThreadID=6028 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=de53f2eb-ea3e-4fc8-8078-d82c4d245ae3.1713934700763 Timestamp=2024-04-24T06:58:20:764+0200 ThreadID=6028 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=de53f2eb-ea3e-4fc8-8078-d82c4d245ae3.1713934700763 Timestamp=2024-04-24T06:58:20:764+0200 ThreadID=6028 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=de53f2eb-ea3e-4fc8-8078-d82c4d245ae3.1713934700763 Timestamp=2024-04-24T06:58:20:764+0200 ThreadID=6028 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=de53f2eb-ea3e-4fc8-8078-d82c4d245ae3.1713934700763 Timestamp=2024-04-24T06:58:20:764+0200 ThreadID=6028 Component=ngl-lib_NglAppLib Description="SetConf

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):29845
        Entropy (8bit):5.388907121599038
        Encrypted:false
        SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rZ:d
        MD5:7BFD38114CB8B8A809D9D02E6247262F
        SHA1:176C7E0733DCA9FB7D4D0F0A8A00BE8C065A3363
        SHA-256:207EC7433F9EEDD1C519A219AB45306FE6F7653CC155C703B56B481806E77C20
        SHA-512:00B727A8EE4EDB94EA835E6E355005E46D2AC32B842507849252AE20C2D7A1CF878932C5475E7721CBE1861514E88129258E7FA20940838344A3891B818777D4
        Malicious:false
        Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

        C:\Users\user\AppData\Local\Temp\acrocef_low\452aa7f0-6969-4497-95a7-f5040a4189d5.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
        Category:dropped
        Size (bytes):386528
        Entropy (8bit):7.9736851559892425
        Encrypted:false
        SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
        MD5:5C48B0AD2FEF800949466AE872E1F1E2
        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
        Malicious:false
        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

        C:\Users\user\AppData\Local\Temp\acrocef_low\6b6e356e-9fe6-4a5b-99d2-ad24cbcef4f0.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
        Category:dropped
        Size (bytes):1407294
        Entropy (8bit):7.97605879016224
        Encrypted:false
        SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
        MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
        SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
        SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
        SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

        C:\Users\user\AppData\Local\Temp\acrocef_low\ad1a44fa-fa95-4341-988a-5dfc5200614f.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
        Category:dropped
        Size (bytes):1419751
        Entropy (8bit):7.976496077007677
        Encrypted:false
        SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
        MD5:18E3D04537AF72FDBEB3760B2D10C80E
        SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
        SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
        SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

        C:\Users\user\AppData\Local\Temp\acrocef_low\d59e7b51-c5fd-4ce5-a989-1ae088b4651d.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 12108
        Category:dropped
        Size (bytes):758601
        Entropy (8bit):7.98639316555857
        Encrypted:false
        SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U8:O3Pjegf121YS8lkipdjMMNB1DofjgJJ4
        MD5:FC042E4E13A78A5882E5AD1170517E3C
        SHA1:69F0A171DCB6DCDD14128253D7DB5ED418B5CAF4
        SHA-256:6D0915EDF0AACCCEC40D49036362974AC4B678749CC6D2BFC11FFED2B2E618B8
        SHA-512:B43B3A4388B7B0D0C705AD70CFBD6DABF593499FC45AC589E2388C47F699EB35E942521BA64E57A0DE0031DC23C4EE17EA83FB0221C00CE0B075A44CD37C6C62
        Malicious:false
        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

        Static File Info

        General

        File type:PDF document, version 1.6 (zip deflate encoded)
        Entropy (8bit):7.644244729885265
        TrID:
        • Adobe Portable Document Format (5005/1) 100.00%
        File name:66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdf
        File size:1'282'351 bytes
        MD5:59db3e6443136010a55d8af99232d6f2
        SHA1:1af66f2e5dd1e8606b176c983231d5130d46f27f
        SHA256:a772c6d4e876a81a2470060c20343cf5fee92beb05b262687f04f54dac3ae919
        SHA512:2b195e5675024fe4c6f72eb2eccbed2f155b710029e55cf55fd1ab2fddcbdb6762618c7ab0e93dbd11c58554d641a83113d78c9834422c293780a7c139751851
        SSDEEP:24576:9BwrTt49wTkN0dSpPgzcghhoB/4l4JpboFoIFMK:Tm50r0dSBgrE/9zbQoIGK
        TLSH:9955AD4A8D83EA303C6F7982186EA74C841E64C56817DF74753E97ECC690E12E9FBE44
        File Content Preview:%PDF-1.6.%......367 0 obj.<</Filter/FlateDecode/First 5/Length 63/N 1/Type/ObjStm>>stream..h.25S0P...w./.+Q0....L).662...)...BiK.m.....T....$.........&B....endstream.endobj.368 0 obj.<</Filter/FlateDecode/First 18/Length 379/N 3/Type/ObjStm>>stream..h....

        File Icon

        Icon Hash:62cc8caeb29e8ae0

        Static PDF Info

        General

        Header:%PDF-1.6
        Total Entropy:7.644245
        Total Bytes:1282351
        Stream Entropy:7.633025
        Stream Bytes:1250819
        Entropy outside Streams:5.384837
        Bytes outside Streams:31532
        Number of EOF found:1
        Bytes after EOF:

        Keywords Statistics

        NameCount
        obj223
        endobj223
        stream118
        endstream118
        xref0
        trailer0
        startxref1
        /Page0
        /Encrypt0
        /ObjStm8
        /URI0
        /JS0
        /JavaScript0
        /AA0
        /OpenAction1
        /AcroForm1
        /JBIG2Decode3
        /RichMedia0
        /Launch0
        /EmbeddedFile0

        Network Behavior

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        Apr 24, 2024 06:58:31.490006924 CEST49740443192.168.2.423.200.60.110
        Apr 24, 2024 06:58:31.490062952 CEST4434974023.200.60.110192.168.2.4
        Apr 24, 2024 06:58:31.490144968 CEST49740443192.168.2.423.200.60.110
        Apr 24, 2024 06:58:31.490745068 CEST49740443192.168.2.423.200.60.110
        Apr 24, 2024 06:58:31.490756035 CEST4434974023.200.60.110192.168.2.4
        Apr 24, 2024 06:58:32.000593901 CEST4434974023.200.60.110192.168.2.4
        Apr 24, 2024 06:58:32.001007080 CEST49740443192.168.2.423.200.60.110
        Apr 24, 2024 06:58:32.001046896 CEST4434974023.200.60.110192.168.2.4
        Apr 24, 2024 06:58:32.002136946 CEST4434974023.200.60.110192.168.2.4
        Apr 24, 2024 06:58:32.002204895 CEST49740443192.168.2.423.200.60.110
        Apr 24, 2024 06:58:32.004276037 CEST49740443192.168.2.423.200.60.110
        Apr 24, 2024 06:58:32.004359007 CEST4434974023.200.60.110192.168.2.4
        Apr 24, 2024 06:58:32.004468918 CEST49740443192.168.2.423.200.60.110
        Apr 24, 2024 06:58:32.048155069 CEST4434974023.200.60.110192.168.2.4
        Apr 24, 2024 06:58:32.060060024 CEST49740443192.168.2.423.200.60.110
        Apr 24, 2024 06:58:32.060096979 CEST4434974023.200.60.110192.168.2.4
        Apr 24, 2024 06:58:32.106952906 CEST49740443192.168.2.423.200.60.110
        Apr 24, 2024 06:58:32.176970959 CEST4434974023.200.60.110192.168.2.4
        Apr 24, 2024 06:58:32.177052021 CEST4434974023.200.60.110192.168.2.4
        Apr 24, 2024 06:58:32.177670002 CEST49740443192.168.2.423.200.60.110
        Apr 24, 2024 06:58:32.177697897 CEST4434974023.200.60.110192.168.2.4
        Apr 24, 2024 06:58:32.177716017 CEST49740443192.168.2.423.200.60.110
        Apr 24, 2024 06:58:32.177750111 CEST49740443192.168.2.423.200.60.110

        HTTP Request Dependency Graph

        • armmf.adobe.com

        HTTPS Proxied Packets

        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        0192.168.2.44974023.200.60.1104437348C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        TimestampBytes transferredDirectionData
        2024-04-24 04:58:32 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
        Host: armmf.adobe.com
        Connection: keep-alive
        Accept-Language: en-US,en;q=0.9
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
        Sec-Fetch-Site: same-origin
        Sec-Fetch-Mode: no-cors
        Sec-Fetch-Dest: empty
        Accept-Encoding: gzip, deflate, br
        If-None-Match: "78-5faa31cce96da"
        If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
        2024-04-24 04:58:32 UTC198INHTTP/1.1 304 Not Modified
        Content-Type: text/plain; charset=UTF-8
        Last-Modified: Mon, 01 May 2023 15:02:33 GMT
        ETag: "78-5faa31cce96da"
        Date: Wed, 24 Apr 2024 04:58:32 GMT
        Connection: close


        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        High Level Behavior Distribution

        Click to dive into process behavior distribution

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:06:58:17
        Start date:24/04/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdf"
        Imagebase:0x7ff6bc1b0000
        File size:5'641'176 bytes
        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:moderate
        Has exited:true

        General

        Target ID:1
        Start time:06:58:18
        Start date:24/04/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
        Imagebase:0x7ff74bb60000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:moderate
        Has exited:true

        General

        Target ID:3
        Start time:06:58:18
        Start date:24/04/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1536,i,2705806765158461115,7575174302712746196,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        Imagebase:0x7ff74bb60000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:moderate
        Has exited:true

        Disassembly

        No disassembly