Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
00. business card_Luca STRANIERO.pdf

Overview

General Information

Sample name:00. business card_Luca STRANIERO.pdf
Analysis ID:1431108
MD5:8729536ff1fc73f263c67050fa1e9aaa
SHA1:4b2445ddfdae6a556102f466d8dc51711b0c0bb9
SHA256:0be36f317fbd8ac2ab33fd81020ce6d768ea60f0fbd850b12efbe42f26f71e39
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Contains long sleeps (>= 3 min)
IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)

Classification

Analysis Advice

No malicious behavior found, analyze the document also on other version of Office / Acrobat
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7636 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\00. business card_Luca STRANIERO.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AdobeCollabSync.exe (PID: 7788 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 7836 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7788 MD5: 8A41FC5F946230805512B943C45AC9D8)
        • FullTrustNotifier.exe (PID: 7524 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri MD5: 92366A2F482926C3D0DD02D6F952F742)
    • AdobeCollabSync.exe (PID: 7960 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 8000 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7960 MD5: 8A41FC5F946230805512B943C45AC9D8)
    • AdobeCollabSync.exe (PID: 8068 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 8108 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8068 MD5: 8A41FC5F946230805512B943C45AC9D8)
    • AdobeCollabSync.exe (PID: 8176 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 7240 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8176 MD5: 8A41FC5F946230805512B943C45AC9D8)
    • AdobeCollabSync.exe (PID: 7372 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 7432 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7372 MD5: 8A41FC5F946230805512B943C45AC9D8)
    • AdobeCollabSync.exe (PID: 7352 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 3272 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7352 MD5: 8A41FC5F946230805512B943C45AC9D8)
    • AcroCEF.exe (PID: 7980 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7240 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1732,i,15913500959655005552,13017635812736798014,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: chrome.cloudflare-dns.com
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 162.159.61.3:443
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.159.61.3:443
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 162.159.61.3:443
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.159.61.3:443
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 162.159.61.3:443
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 162.159.61.3:443
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.159.61.3:443
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 162.159.61.3:443
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 162.159.61.3:443
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.159.61.3:443
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.159.61.3:443
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 162.159.61.3:443
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49744
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 162.159.61.3:443
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49744
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 162.159.61.3:443
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 162.159.61.3:443
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49744
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 162.159.61.3:443
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49744
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49744
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 162.159.61.3:443
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49744
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 162.159.61.3:443
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49744
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 162.159.61.3:443
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49744
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49744
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 162.159.61.3:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 162.159.61.3:443
Source: global trafficTCP traffic: 162.159.61.3:443 -> 192.168.2.4:49744
Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: FullTrustNotifier.exe, 0000000D.00000002.1792383673.0000000000C0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppb2
Source: FullTrustNotifier.exe, 0000000D.00000002.1792383673.0000000000C0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
Source: FullTrustNotifier.exe, 0000000D.00000002.1792383673.0000000000C0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS5
Source: AdobeCollabSync.exe, 00000002.00000002.2895596795.0000022A37CA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adob
Source: AdobeCollabSync.exe, 00000002.00000003.2474174803.0000022A37E9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io
Source: AdobeCollabSync.exe, 00000002.00000003.2474174803.0000022A37E9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schem
Source: AdobeCollabSync.exe, 00000002.00000002.2895596795.0000022A37CA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/bulk_entity_v1.json
Source: AdobeCollabSync.exe, 00000002.00000003.2400254283.0000022A37D1F000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2739231297.0000022A37EA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/entity_v1.json
Source: AdobeCollabSync.exe, 00000002.00000003.2400254283.0000022A37D1F000.00000004.00000020.00020000.00000000.sdmp, EntitySync-2024-04-24.log.2.drString found in binary or memory: https://comments.adobe.io/sync/
Source: AdobeCollabSync.exe, 00000002.00000002.2895596795.0000022A37CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/-
Source: AdobeCollabSync.exe, 00000002.00000002.2895596795.0000022A37CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/b
Source: AdobeCollabSync.exe, 00000002.00000002.2895075237.0000022A35FE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.iorobat.com1
Source: AdobeCollabSync.exe, 00000001.00000002.2895077233.000001DEFC3D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: AdobeCollabSync.exe, 00000002.00000002.2895596795.0000022A37CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reviews.adobe.io
Source: AdobeCollabSync.exe, 00000002.00000002.2895596795.0000022A37CED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reviews.adobe.io153952.552:
Source: FullTrustNotifier.exe, 0000000D.00000002.1792383673.0000000000C0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: classification engineClassification label: clean2.winPDF@40/55@1/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 15-39-27-473.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: AdobeCollabSync.exe, 00000002.00000002.2895596795.0000022A37C5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS content_item_revisions( content_item_revision_id TEXT PRIMARY KEY NOT NULL, cloud_etag TEXT DEFAULT NULL, cloud_version_id TEXT DEFAULT NULL, updated TIMESTAMP DEFAULT NULL, acl TEXT DEFAULT NULL, local_etag TEXT DEFAULT NULL, local_version_id TEXT DEFAULT NULL, request_id TEXT DEFAULT NULL, content_name TEXT DEFAULT NULL);
Source: AdobeCollabSync.exe, 00000002.00000003.2728708884.0000022A37D12000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT pending_request_id, request_type, content_item_id, context, pending_request_created, request_status, message, status_code, device_mapping_id FROM pending_requests;
Source: AdobeCollabSync.exe, 00000002.00000003.1667612689.0000022A37C72000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.1668010695.0000022A37C72000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.1668242366.0000022A37C73000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000002.2895596795.0000022A37C5F000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.1667423091.0000022A37C72000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.1668930216.0000022A37C6B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE resources(rid integer not null primary key autoincrement, url text(512) not null unique, state integer not null default 0, lastsynchronized integer default 0, ttl integer not null default 3600, ttloverride integer default NULL, skiphours integer default 0, skipdays integer default 0, synchpriority integer not null default 0, synchretries integer default 0, flags integer default 0, contentsize integer default 0, cursyncetag text(128) default NULL, cursynclastmodi@;
Source: AdobeCollabSync.exe, 00000002.00000002.2895596795.0000022A37D00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: select rid, url, state, lastsynchronized, ttl, skiphours, skipdays, synchpriority, synchretries, flags, contentsize, cursyncetag, cursynclastmodified, cursynccontentsize, cursynctotalsynced, responsecode, hash, guid from resources where synchpriority< 50 and state !=0 and state !=5 and ttl!=2147483647 and flags & ? == 0 order by synchpriority asc limit ?quot;x-api-client-id&quot;:&quot61
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\00. business card_Luca STRANIERO.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7788
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7960
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8068
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8176
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7372
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7352
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1732,i,15913500959655005552,13017635812736798014,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7788Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUriJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7960Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8068Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8176Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7372Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7352Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1732,i,15913500959655005552,13017635812736798014,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: vccorlib140.dllJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: appcontracts.dllJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: cdprt.dllJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: cdp.dllJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 00. business card_Luca STRANIERO.pdfInitial sample: PDF keyword /JS count = 0
Source: 00. business card_Luca STRANIERO.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: 00. business card_Luca STRANIERO.pdfInitial sample: PDF keyword stream count = 63
Source: 00. business card_Luca STRANIERO.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: 00. business card_Luca STRANIERO.pdfInitial sample: PDF keyword obj count = 66
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeThread delayed: delay time: 86400000Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeThread delayed: delay time: 30000Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeThread delayed: delay time: 86400000Jump to behavior
Source: AdobeCollabSync.exe, 00000004.00000002.1684521506.000002B29A1A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll1
Source: AdobeCollabSync.exe, 00000003.00000003.1685308882.00000210F3F9B000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.1685924785.00000210F3F9C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllOOt&P
Source: AdobeCollabSync.exe, 00000005.00000002.1705700117.000001DADE1D9000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000002.1727780487.000001F125DAB000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000003.1727363942.000001F125DAA000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000008.00000002.1725757020.0000019AF4809000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000009.00000002.1746771609.0000020E64AA8000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000B.00000002.1766994449.000001DE917B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: AdobeCollabSync.exe, 00000001.00000002.2894222228.000001DEFA4CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllrr
Source: AdobeCollabSync.exe, 00000002.00000002.2895075237.0000022A35EF8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll88
Source: AdobeCollabSync.exe, 00000006.00000002.1704612512.0000020796A58000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000C.00000002.1765549351.000002C110CC8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll{{
Source: AdobeCollabSync.exe, 0000000A.00000002.1745308289.000002AA6B608000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll;;
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		11
Virtualization/Sandbox Evasion		LSASS Memory11
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager2
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1431108 Sample: 00. business card_Luca STRA... Startdate: 24/04/2024 Architecture: WINDOWS Score: 2 35 chrome.cloudflare-dns.com 2->35 8 Acrobat.exe 20 78 2->8         started        process3 process4 10 AcroCEF.exe 105 8->10         started        12 AdobeCollabSync.exe 1 13 8->12         started        14 AdobeCollabSync.exe 1 8->14         started        16 4 other processes 8->16 process5 18 AcroCEF.exe 10->18         started        21 AdobeCollabSync.exe 2 22 12->21         started        23 AdobeCollabSync.exe 14->23         started        25 AdobeCollabSync.exe 16->25         started        27 AdobeCollabSync.exe 16->27         started        29 AdobeCollabSync.exe 16->29         started        31 AdobeCollabSync.exe 16->31         started        dnsIp6 37 chrome.cloudflare-dns.com 162.159.61.3, 443, 49740, 49741 CLOUDFLARENETUS United States 18->37 33 FullTrustNotifier.exe 21->33         started        process7

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
00. business card_Luca STRANIERO.pdf0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
chrome.cloudflare-dns.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://chrome.cloudflare-dns.com/dns-query0%URL Reputationsafe
https://comments.adob0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
162.159.61.3
truefalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://chrome.cloudflare-dns.com/dns-queryfalse
  • URL Reputation: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://wns.windows.com/FullTrustNotifier.exe, 0000000D.00000002.1792383673.0000000000C0E000.00000004.00000020.00020000.00000000.sdmpfalse
    		high
    https://android.notify.windows.com/iOS5FullTrustNotifier.exe, 0000000D.00000002.1792383673.0000000000C0E000.00000004.00000020.00020000.00000000.sdmpfalse
      		high
      https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppb2FullTrustNotifier.exe, 0000000D.00000002.1792383673.0000000000C0E000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        https://android.notify.windows.com/iOSFullTrustNotifier.exe, 0000000D.00000002.1792383673.0000000000C0E000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://comments.adobAdobeCollabSync.exe, 00000002.00000002.2895596795.0000022A37CA7000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          162.159.61.3
          		chrome.cloudflare-dns.comUnited States
          		13335CLOUDFLARENETUSfalse

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1431108
          Start date and time:2024-04-24 15:38:19 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 5m 53s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowspdfcookbook.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:23
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:00. business card_Luca STRANIERO.pdf
          Detection:CLEAN
          Classification:clean2.winPDF@40/55@1/1
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 0
          • Number of non-executed functions: 0
          Cookbook Comments:
          • Found application associated with file extension: .pdf
          • Found PDF document
          • Close Viewer

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 23.1.100.158, 23.3.84.164, 23.219.38.26, 23.219.38.58, 23.202.56.131, 18.207.85.246, 34.193.227.236, 107.22.247.231, 54.144.73.197, 142.250.101.94, 142.251.2.94
          • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, fs.microsoft.com, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, www.gstatic.com, geo2.adobe.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size exceeded maximum capacity and may have missing behavior information.
          • Report size getting too big, too many NtCreateFile calls found.
          • Report size getting too big, too many NtCreateKey calls found.
          • Report size getting too big, too many NtOpenKeyEx calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.

          Simulations

          Behavior and APIs

          TimeTypeDescription
          15:39:10API Interceptor395962x Sleep call for process: AdobeCollabSync.exe modified

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          162.159.61.3http://damarltda.cl/certificado.phpGet hashmaliciousUnknownBrowse
            zlONcFaXkc.exeGet hashmaliciousPureLog Stealer, Xmrig, zgRATBrowse
              ShadowFury.exeGet hashmaliciousUnknownBrowse
                ShadowFury.exeGet hashmaliciousUnknownBrowse
                  Sonic-Glyder.exeGet hashmaliciousStealitBrowse
                    SenPalia.exeGet hashmaliciousUnknownBrowse
                      Sonic-Glyder.exeGet hashmaliciousStealitBrowse
                        SenPalia.exeGet hashmaliciousUnknownBrowse
                          UnderWars.exeGet hashmaliciousUnknownBrowse
                            SenPalia.exeGet hashmaliciousUnknownBrowse

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              chrome.cloudflare-dns.comzlONcFaXkc.exeGet hashmaliciousPureLog Stealer, Xmrig, zgRATBrowse
                              • 172.64.41.3
                              TeaiGames.exeGet hashmaliciousNovaSentinelBrowse
                              • 162.159.61.3
                              https://netorgft12232017-my.sharepoint.com:443/:f:/g/personal/lisa_imjts_com/EsnpAMoHQfhBluK8Y5tDE68BaHrT-12huxTJR_ZqVWR4tA?e=5%3aZZh3dZ&at=9Get hashmaliciousUnknownBrowse
                              • 172.64.41.3
                              ShadowFury.exeGet hashmaliciousUnknownBrowse
                              • 162.159.61.3
                              ShadowFury.exeGet hashmaliciousUnknownBrowse
                              • 162.159.61.3
                              Sonic-Glyder.exeGet hashmaliciousStealitBrowse
                              • 162.159.61.3
                              SenPalia.exeGet hashmaliciousUnknownBrowse
                              • 172.64.41.3
                              UnderWars.exeGet hashmaliciousUnknownBrowse
                              • 172.64.41.3
                              Sonic-Glyder.exeGet hashmaliciousStealitBrowse
                              • 162.159.61.3
                              SenPalia.exeGet hashmaliciousUnknownBrowse
                              • 162.159.61.3

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              CLOUDFLARENETUShttps://insidesales-email.com/l/1/17013047/Y/eus.p01-2019.10.02-460581/1/ab/4K6W-nzk0hr_GKydLIdUc0LK4HrUUeoMK4jMzee40WM?lnk=https://cd14fe4e.2690c0a545a7f22e8ae6844c.workers.dev/?qrc=barbara.rentler@ros.comGet hashmaliciousHTMLPhisherBrowse
                              • 172.67.203.167
                              Proforma Request.exeGet hashmaliciousAgentTeslaBrowse
                              • 104.26.13.205
                              https://campaign-statistics.com/link_click/PJygYHTMZ2_OXDfP/30633247af9f78d20f1e067eab9a8276Get hashmaliciousHTMLPhisherBrowse
                              • 172.66.40.88
                              sIQywRNC5M.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                              • 104.21.65.24
                              http://crunchersflowdigital.comGet hashmaliciousUnknownBrowse
                              • 104.18.70.113
                              file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                              • 104.26.5.15
                              qJKiVKZdFk.exeGet hashmaliciousClipboard Hijacker, Djvu, VidarBrowse
                              • 104.21.65.24
                              https://0_kid43983.inibara.eu/Get hashmaliciousUnknownBrowse
                              • 104.21.34.12
                              http://ustteam.com/Get hashmaliciousUnknownBrowse
                              • 104.18.142.119
                              https://2h.ae/HWtBGet hashmaliciousUnknownBrowse
                              • 172.67.205.158

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):292
                              Entropy (8bit):5.278910967296393
                              Encrypted:false
                              SSDEEP:6:pB0Vq2Pwkn2nKuAl9OmbnIFUt8r0gZmw+r0IkwOwkn2nKuAl9OmbjLJ:pSVvYfHAahFUt8Ig/+II5JfHAaSJ
                              MD5:2EA689113B41DD00ED7694C177286975
                              SHA1:A9C7DF1D1167B78D300E13BAE7DE43E49AB01CF9
                              SHA-256:89C39069F2B8875C00BC9A5C114C11AF6382617CDB1E680B2CB96FC7F8A743D7
                              SHA-512:8E56C0B33F077707BFEC4C2905784FDB0A7BBB899FFF2698CFB519AC5E7C6FAF163DC58BF9568DCC97ADBB51B3A39FA9D46E7B595DD3EF42E83F41EC60BD7F37
                              Malicious:false
                              Preview:2024/04/24-15:39:25.872 1fd4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/24-15:39:25.873 1fd4 Recovering log #3.2024/04/24-15:39:25.873 1fd4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):292
                              Entropy (8bit):5.278910967296393
                              Encrypted:false
                              SSDEEP:6:pB0Vq2Pwkn2nKuAl9OmbnIFUt8r0gZmw+r0IkwOwkn2nKuAl9OmbjLJ:pSVvYfHAahFUt8Ig/+II5JfHAaSJ
                              MD5:2EA689113B41DD00ED7694C177286975
                              SHA1:A9C7DF1D1167B78D300E13BAE7DE43E49AB01CF9
                              SHA-256:89C39069F2B8875C00BC9A5C114C11AF6382617CDB1E680B2CB96FC7F8A743D7
                              SHA-512:8E56C0B33F077707BFEC4C2905784FDB0A7BBB899FFF2698CFB519AC5E7C6FAF163DC58BF9568DCC97ADBB51B3A39FA9D46E7B595DD3EF42E83F41EC60BD7F37
                              Malicious:false
                              Preview:2024/04/24-15:39:25.872 1fd4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/24-15:39:25.873 1fd4 Recovering log #3.2024/04/24-15:39:25.873 1fd4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):333
                              Entropy (8bit):5.217394272999673
                              Encrypted:false
                              SSDEEP:6:Iq2Pwkn2nKuAl9Ombzo2jMGIFUt8NZmw+/kwOwkn2nKuAl9Ombzo2jMmLJ:IvYfHAa8uFUt8N/+/5JfHAa8RJ
                              MD5:A59B09C0DFC8D9DCDEF6DB00F4ACDBF1
                              SHA1:237F6CD5431BDA561B1E1A80EAC4CB17418A7901
                              SHA-256:94A80C444573DF0E6C5AC0C0BA229DE1672355ECB441760904BD8543BFF32845
                              SHA-512:C7643CCB83393990DA3DDDCDCAA264FE4C0F290FB132272D4E8218CEB6F1298D0761C78BB04C8202E8874F850D5E02AADE17E1DF1CA4B8C9452DE8AB4A1658DE
                              Malicious:false
                              Preview:2024/04/24-15:39:26.176 eb0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/24-15:39:26.177 eb0 Recovering log #3.2024/04/24-15:39:26.177 eb0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):333
                              Entropy (8bit):5.217394272999673
                              Encrypted:false
                              SSDEEP:6:Iq2Pwkn2nKuAl9Ombzo2jMGIFUt8NZmw+/kwOwkn2nKuAl9Ombzo2jMmLJ:IvYfHAa8uFUt8N/+/5JfHAa8RJ
                              MD5:A59B09C0DFC8D9DCDEF6DB00F4ACDBF1
                              SHA1:237F6CD5431BDA561B1E1A80EAC4CB17418A7901
                              SHA-256:94A80C444573DF0E6C5AC0C0BA229DE1672355ECB441760904BD8543BFF32845
                              SHA-512:C7643CCB83393990DA3DDDCDCAA264FE4C0F290FB132272D4E8218CEB6F1298D0761C78BB04C8202E8874F850D5E02AADE17E1DF1CA4B8C9452DE8AB4A1658DE
                              Malicious:false
                              Preview:2024/04/24-15:39:26.176 eb0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/24-15:39:26.177 eb0 Recovering log #3.2024/04/24-15:39:26.177 eb0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\10f8968e-3d20-4c2b-95e0-00ed24e7ef60.tmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:JSON data
                              Category:modified
                              Size (bytes):475
                              Entropy (8bit):4.9687828516377985
                              Encrypted:false
                              SSDEEP:12:YH/um3RA8sqZEhsBdOg2Hlcaq3QYiubInP7E4T3y:Y2sRds5ydMHE3QYhbG7nby
                              MD5:CC2FA1965E16FDC471E1BE81537D481C
                              SHA1:F9DE401524A1D8F0590417190844B0915AF3F7B2
                              SHA-256:72B7CE6A7A1686834855BCA0C1117795EDAD5BC7E67B39D871FB0545C0AC2377
                              SHA-512:A48EDEC1F4333D33ADCBF0ABD18F1B8C7E657CB8CD7F519EDB2DA2A6059192B29584739816CBC13F5FB13BF146042284F47672943DC79D631A8C1A785655A5FC
                              Malicious:false
                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358525976937986","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":154775},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):475
                              Entropy (8bit):4.9687828516377985
                              Encrypted:false
                              SSDEEP:12:YH/um3RA8sqZEhsBdOg2Hlcaq3QYiubInP7E4T3y:Y2sRds5ydMHE3QYhbG7nby
                              MD5:CC2FA1965E16FDC471E1BE81537D481C
                              SHA1:F9DE401524A1D8F0590417190844B0915AF3F7B2
                              SHA-256:72B7CE6A7A1686834855BCA0C1117795EDAD5BC7E67B39D871FB0545C0AC2377
                              SHA-512:A48EDEC1F4333D33ADCBF0ABD18F1B8C7E657CB8CD7F519EDB2DA2A6059192B29584739816CBC13F5FB13BF146042284F47672943DC79D631A8C1A785655A5FC
                              Malicious:false
                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358525976937986","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":154775},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4730
                              Entropy (8bit):5.253023250128238
                              Encrypted:false
                              SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7sQbLJvppyQbLwRSZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goN
                              MD5:CE0425EA25046F8CC2AFE3ACD726D38E
                              SHA1:07F281BC80945AFD7627E0031CC02CEF39D43C77
                              SHA-256:02000A5B10EAB2EC7A908FF5A7D1E2B1656EA8D4F072B3B429A5447F834216DA
                              SHA-512:134FE784188330865014FDFB04C3CE82156F0DB39B7E5C922F5D1BC7054294C9DBCE39614FA6B2B99314711934F2327F6A832ED0E1571D5F73A31BCAA21B4C3B
                              Malicious:false
                              Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):321
                              Entropy (8bit):5.185024808027627
                              Encrypted:false
                              SSDEEP:6:jq2Pwkn2nKuAl9OmbzNMxIFUt8WZmw+9FzkwOwkn2nKuAl9OmbzNMFLJ:jvYfHAa8jFUt8W/+9Fz5JfHAa84J
                              MD5:1B764CFAC0523B181D19B7743127AE31
                              SHA1:C94D3564854CC20DCE168B60192D9A4F8D712D9A
                              SHA-256:EF5A3A6DCAE17D0AEC27BB180DC49D3E6D59BB98328C3F83E84F036E35FB68E7
                              SHA-512:8B21B3A8F11500A6F85294DE8F2490C78BDB3E52F83DB9474DA1F5A924DA22FA0A850C8613BDDBF52F780661A5337C4C0014C8D5175E92D90EF209E3E8B5E2C0
                              Malicious:false
                              Preview:2024/04/24-15:39:26.492 eb0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/24-15:39:26.493 eb0 Recovering log #3.2024/04/24-15:39:26.494 eb0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):321
                              Entropy (8bit):5.185024808027627
                              Encrypted:false
                              SSDEEP:6:jq2Pwkn2nKuAl9OmbzNMxIFUt8WZmw+9FzkwOwkn2nKuAl9OmbzNMFLJ:jvYfHAa8jFUt8W/+9Fz5JfHAa84J
                              MD5:1B764CFAC0523B181D19B7743127AE31
                              SHA1:C94D3564854CC20DCE168B60192D9A4F8D712D9A
                              SHA-256:EF5A3A6DCAE17D0AEC27BB180DC49D3E6D59BB98328C3F83E84F036E35FB68E7
                              SHA-512:8B21B3A8F11500A6F85294DE8F2490C78BDB3E52F83DB9474DA1F5A924DA22FA0A850C8613BDDBF52F780661A5337C4C0014C8D5175E92D90EF209E3E8B5E2C0
                              Malicious:false
                              Preview:2024/04/24-15:39:26.492 eb0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/24-15:39:26.493 eb0 Recovering log #3.2024/04/24-15:39:26.494 eb0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3040000, writer version 2, read version 2, file counter 1, database pages 1, cookie 0, schema 0, unknown 0 encoding, version-valid-for 1
                              Category:dropped
                              Size (bytes):4096
                              Entropy (8bit):0.08728080750134917
                              Encrypted:false
                              SSDEEP:3:lSWFN3sl+ltlFlo1Xll:l9Fys1fo
                              MD5:863BB379B267B2404CB64A3BC9B4A650
                              SHA1:139EDCE2C64569B81175543D1DE743EF474F4432
                              SHA-256:F7C1BC02F430EBD015E45159D9FD9E18643C4CDCCBB7E7733A248C8393CAA88C
                              SHA-512:6AFF907DDAFC78AF2186F58D7102A88527BCE5473D72C03607EFC49C56ABAA157191D391A1ED9350CC058E9BB37040C29DBA9E3A668F640DE0100A639F1D2F51
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-journal

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                              File Type:SQLite Rollback Journal
                              Category:dropped
                              Size (bytes):512
                              Entropy (8bit):0.28499812076190567
                              Encrypted:false
                              SSDEEP:3:7FEG2l/xB/lFll:7+/l/x
                              MD5:50AFF7E77F653FA57800013AAFCBFFC8
                              SHA1:FD86AA62FD851981681844722D5941E9DB86AE11
                              SHA-256:F17A7C06BEA76F55341D866D78D18828936E3A15E23A2534DCC3D5D24A72832A
                              SHA-512:9EC4FA783EBE01571A07C9AA7B2AD143AF2446C0DBB1B17F9D4454B25E1443C9B8B769EFB42D4265A8651D94B6CACBEA3F75197FFFBB7980ABAF0E7E17E1CA5B
                              Malicious:false
                              Preview:.... .c.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-shm

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):32768
                              Entropy (8bit):0.06134270827555117
                              Encrypted:false
                              SSDEEP:6:GzhTTxZ/WhTTxZnt4L9X8vl/UFl/Ojl/gZl/KgufS8f8/8il:wYP8Ccl/8cl/xufd8T
                              MD5:25A65E9D789AA0E76DCDB37354068C2E
                              SHA1:7580A3D66291219E34323DD7AA6B8629909910D3
                              SHA-256:ABB8CB16D69D1BD42D12645DACD315E18F19AE1A4BC64902DFA6F9B50095A9D1
                              SHA-512:6EC6F5F497A913A2D94F5C3CEF2E3D0BDFE3C65FE15048ECBC083115691B44664F8BD62835C3F42EC4F6FC5D0785F7E94DB0A9045376FE7C324F5648F4BB9B8A
                              Malicious:false
                              Preview:..-......................Y.S8Vp_.$v.o....6.VHg.h..-......................Y.S8Vp_.$v.o....6.VHg.h........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-wal

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                              File Type:SQLite Write-Ahead Log, version 3007000
                              Category:dropped
                              Size (bytes):119512
                              Entropy (8bit):0.9626946436312389
                              Encrypted:false
                              SSDEEP:192:wS4TaQ3SiQWyG4N7aQ3SiBpc4mH4q4WiIaQ3JB:34BA+4NZxlU4KJ
                              MD5:92188444A850CD77E4363956958D8DEE
                              SHA1:F505AB9CAF2A0888B510757D258D03A873C7639D
                              SHA-256:F2694AEDCC8CB48289FB8150ECD53E7E897B0C1B5C653E96EA59BB4273A54883
                              SHA-512:A442A27A2DECF40FD4C6EE77794DEC69C69620981B54AC6A47F3FE8447AB830F8DD4B68821FED40F8037CA3B6DC7F36A5C67F6450109D8D174FF0B86737EBFC8
                              Malicious:false
                              Preview:7....-...........$v.o....]'"`3.6.........$v.o......\0%.SQLite format 3......@ ..........................................................................c....................A...}...~...............D....................................................?...S-..indexsqlite_autoindex_pending_requests_1pending_requests..<...++../tabledevice_mappingsdevice_mappings.CREATE TABLE device_mappings ( .device_mapping_id TEXT PRIMARY KEY NOT NULL, .content_item_id TEXT NOT NULL, .content_item_type TEXT NOT NULL, .include_rel_types TEXT DEFAULT NULL, .include_depth INTEGER DEFAULT 0 NOT NULL, .branch TEXT DEFAULT NULL, .device_mapping_created TIMESTAMP DEFAULT (strftime('%s', 'now')) NOT NULL, .collection_id TEXT DEFAULT NULL, .TTL INTEGER DEFAULT 0 NOT NULL, .Priority INTEGER DEFAULT 0 NOT NULL, .app_info TEXT NOT NULL, .unPinned INTEGER DEFAULT 0 NOT NULL, .UNIQUE (content_item_id, branch))=...Q+..indexsqlite_autoindex_device_mappings_2device_mappings.=...Q+..indexsqlite_autoindex_device_mappings

                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-04-24.log

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):2420
                              Entropy (8bit):5.150617366857073
                              Encrypted:false
                              SSDEEP:48:gwDlgMe1Me1R1wJw+vbwyE+otJ9zE+oWn7//0uW3otMV9z3oX:gw5gBBg+2cB+oq+oWn70roUoX
                              MD5:8D4E77356FAC38402201E40BF0C53CA0
                              SHA1:9EF2A3EBB12B71C3F83BDBA0754B9F032C6A884E
                              SHA-256:33FD726C99E06DFB049F023958D5770CB4A4A8EC197369F1167A2172C38C772A
                              SHA-512:C92BDD00CA92489A6EF4042243CC6A3F2222B2CDBB7C40E1EC56E30CC0BBC31DADF80B7C3872099E8F174C573CD16DC1373AE60A2EAC09F57895607E6ACAF8E4
                              Malicious:false
                              Preview:20240424-153952.537: t=1dd0: Info: app: Begin Starting up (AppController.cpp.musync::AppControllerImpl::startHandler.305)..20240424-153952.552: t=1dd0: Info: app: End Starting up (AppController.cpp.musync::AppControllerImpl::startHandler.305)..20240424-153952.552: t=1ea0: Info: AppShell: End start (AppShell.cpp.musync::AppShell::startup.173)..20240424-153952.552: t=1ea0: Info: Cosylib: getContext. baseUrl: https://comments.adobe.io/sync/ (CosyLibImpl.h.cosylib::CosyLibImpl::getContext.181)..20240424-153952.552: t=1ea0: Info: Cosylib: getContext. baseUrl: https://comments.adobe.io/sync/ (CosyLibImpl.h.cosylib::CosyLibImpl::getContext.181)..20240424-153952.552: t=1ea0: Info: Cosylib: getEntityClient (CosyLibImpl.h.cosylib::CosyLibImpl::getEntityClient.166)..20240424-153952.552: t=1ea0: Info: ES::cosylib: EntityClientImpl::getRegisteredLoginInfo : (EntityClientImpl.cpp.cosylib::EntityClientImpl::getRegisteredLoginInfo.944)..20240424-153952.552: t=1ea0: Info: ES::cosylib: RequestHandle :

                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 8, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                              Category:dropped
                              Size (bytes):32768
                              Entropy (8bit):0.36835287347338636
                              Encrypted:false
                              SSDEEP:24:TLi7egbVH5hCAZIlE/F7iMXBxIV24bMo1Jllew:To1ZhCW0QfxHQd1
                              MD5:F391306DD8BAA3198B26D3C80A906E19
                              SHA1:6CD1B24D186F1CC68BF9097177DA5676C4A56422
                              SHA-256:62604481C477AF3F8813122011B9CEC6DDEE9A3992F3FAFE236E3E92FC62E680
                              SHA-512:5AD524078462D761F0F01933EBFC3714B44C93296BD4EDAB34B59CB833D1D9334CE830E196D2BD2BDA82837914E91B2B53E848EDC9BD04B7EDCC31D7DFD9DD53
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................c.......2........h...2................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230-journal

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                              File Type:SQLite Rollback Journal
                              Category:dropped
                              Size (bytes):512
                              Entropy (8bit):0.28499812076190567
                              Encrypted:false
                              SSDEEP:3:7FEG2l/oXOkXll/lFll:7+/l/KOkXl
                              MD5:77BF4BF5B17BDEA16C62128DD6D661F9
                              SHA1:FCBCF8A242C895A077BF238588E232D631405C0C
                              SHA-256:5C8794A8A7A625AECB51488FFF9B9848132036FA13ABBEC806445A668E29ED57
                              SHA-512:353EF1E08E08CD5CB7535CF7097AC70E9CA6B3269899E2067E0E086BB47B0C398016E1BB032E49C7B42A92EAB7CDAC302745CC86E657308731D955F23D4C90CF
                              Malicious:false
                              Preview:.... .c.....M..A................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424133929Z-645.bmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:PC bitmap, Windows 3.x format, 164 x -106 x 32, cbSize 69590, bits offset 54
                              Category:dropped
                              Size (bytes):69590
                              Entropy (8bit):0.7553541509053147
                              Encrypted:false
                              SSDEEP:96:I910EI4dYK5gG6GvRTDra0KfZJgc1cD0IGEhctclJXOE:qCEzdI+vtbZc16jhctlE
                              MD5:822879A103F26A8C0F80CBCDC7D829EF
                              SHA1:7FE54B10A3CACE4E211B57C00BB46FE8BA209DE4
                              SHA-256:03F86B9F065EAF16E75CE45CAF74E44B622705BAECD2176AECACA051F352877D
                              SHA-512:267679C2D6306CAE4E52CFCCDA71F6DAA29907A19D0EAC3DB6C06B2489C960A8B7C27F252A4446E1336B75F6EE7BDA2FD0A64A2280FC2E1D83B7125065D1517A
                              Malicious:false
                              Preview:BM........6...(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                              Category:dropped
                              Size (bytes):86016
                              Entropy (8bit):4.4454692796840725
                              Encrypted:false
                              SSDEEP:384:yezci5tmiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rps3OazzU89UTTgUL
                              MD5:75A9C2BE9343BFF672FDDD4DAF3004E3
                              SHA1:7854FE93157CAF9C447FB955E3AE9C7F14FB2710
                              SHA-256:A1FC6674E11FC1573A4C985D68574CB9C82B24D1C1EAA2A8DE1A194523D6E43A
                              SHA-512:10DE131847DBD6F5359D1C582BA73FCA3973EA2AD255F44A3D08CDDA943853DABB0C3C78563F18D043E4F32FE42568A5AADDC93EA62ACA210326C0C43D9F7343
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:SQLite Rollback Journal
                              Category:dropped
                              Size (bytes):8720
                              Entropy (8bit):3.778073486444077
                              Encrypted:false
                              SSDEEP:48:7MIp/E2ioyVjioy9oWoy1Cwoy1LKOioy1noy1AYoy1Wioy1hioybioyXoy1noy1h:7bpjujFCXKQCTb9IVXEBodRBk1
                              MD5:B6AAF89D79B70E4504C319BE1052CD12
                              SHA1:739455415F582221C8E37CB4EB4D04CDC5AAA1EC
                              SHA-256:E5EC6EE7FFE7BBC3257ABD74CCA0D652356ED1FE9FE0786C7269B48C6ED0F945
                              SHA-512:B19F3B77EFAED61B3F504AB761FF1611BCD82203C4A5C14EC988DFDCFE30139CF043AF96E97CDC173973AFBEB5129CAD7718FCC000FA4CC1690C490A539DD418
                              Malicious:false
                              Preview:.... .c........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 23, cookie 0x11, schema 4, UTF-8, version-valid-for 1
                              Category:dropped
                              Size (bytes):94208
                              Entropy (8bit):0.9951370817377893
                              Encrypted:false
                              SSDEEP:192:hxoGsTzoU2uCTaUxmaAxNoGsTzoU2uCTaUxoALZWLGjZ5Pj5vHAxNoGsT:hZgCeNgCaN
                              MD5:DCD066A1C8CA38D94ACA4E5DF6CA20BF
                              SHA1:0C670E7CB31FE1CFD952082C3629AD8861BFD799
                              SHA-256:E484D26709945669E18A3D0A7F95E3EA943D4170736EDD8FEDFE3F69A7B8D25E
                              SHA-512:C07D385DB9B836F106E1951FDCD911D7FFF44AAE6EE7406CA665B211236E8ABE3395789E10200644343779983E9AD7B5E484B3B1567CA6EAB890A88E4FF9500B
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................c......................7...4.....d...k.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Z...-%.qindexdependencies_diddependencies.CREATE INDEX dependencies_did o

                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer-journal

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                              File Type:SQLite Rollback Journal
                              Category:dropped
                              Size (bytes):512
                              Entropy (8bit):0.28499812076190567
                              Encrypted:false
                              SSDEEP:3:7FEG2l/t8l1lFll:7+/l/t
                              MD5:0F9EA7DDD93720E0D4E3AE39388B490A
                              SHA1:0E37EB142F1D0C282DCC49392AC6EBF979900B10
                              SHA-256:F5B9FB07163D54DE15D01FBB534C4FD6A17C5E707E560F98974330B309B29B9C
                              SHA-512:7F9FC7F9D2659E197BAA749DEF706AB16F568D712C719FB78D9D4C9BAF9D88D4AEAEEBC04E88FB89D473F9FAF34212A94F8D9578A8A75F1B0D1022D4D96C60E4
                              Malicious:false
                              Preview:.... .c.......%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7728

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:PostScript document text
                              Category:dropped
                              Size (bytes):185099
                              Entropy (8bit):5.182478651346149
                              Encrypted:false
                              SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                              MD5:94185C5850C26B3C6FC24ABC385CDA58
                              SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                              SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                              SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                              Malicious:false
                              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:PostScript document text
                              Category:dropped
                              Size (bytes):185099
                              Entropy (8bit):5.182478651346149
                              Encrypted:false
                              SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                              MD5:94185C5850C26B3C6FC24ABC385CDA58
                              SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                              SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                              SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                              Malicious:false
                              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):253252
                              Entropy (8bit):3.3269814107815225
                              Encrypted:false
                              SSDEEP:1536:EKPC/iyzDtrh1cK3XEivK7VK/3AYvYwgjErRo+HAun:tPC1J/3AYvYwgoFo+HAun
                              MD5:0F5BA36A39A7B94F676CBB19112CCB0A
                              SHA1:64FD43A0D17337401895645D42C2502606832969
                              SHA-256:143AD347A543E2012B592CFE0DF0F675D1A33E269FBF341AF960210C363AA49D
                              SHA-512:F76BD4190946746D0F97A10A70F2DCF007F22A5A4FAFFC92BD38BF11F0578BB3AA2BEFC82224126C668D3BADB8DBAD802C8D71D169CB256BAF02EF2E70BA30D5
                              Malicious:false
                              Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):295
                              Entropy (8bit):5.362322481052554
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJM3g98kUwPeUkwRe9:YvXKXmI2i2Zc0vhg0nGMbLUkee9
                              MD5:DCC9901EC3D04FF30A43B80BAB49D8A0
                              SHA1:F71CC5DE4486DD0987974C859222BA7B26666820
                              SHA-256:25E76E016A234AAAE00C84366029DABAAFD5250E69119D450E3221614D450E60
                              SHA-512:A4D377973F6D0156858C313E447055E3390CC39BA7EAABD97321035CF2BF5444D828BFF58F97FD83237B50D7C5519B7AA8AC550F7D16FE5D0F9931F4CD723B2E
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"fe53d395-8f3c-43eb-846e-1ad2256dfa0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714144458021,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):294
                              Entropy (8bit):5.309166094189834
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJfBoTfXpnrPeUkwRe9:YvXKXmI2i2Zc0vhg0nGWTfXcUkee9
                              MD5:A04CDACC1C7D68B577B21D8DDEAF8245
                              SHA1:EF3E047594436B548389501B74C7DF24BA9C93FB
                              SHA-256:41B9CF66A3D0666A9FE038C08328B8B082E68C459EA5E98A382214DD57ADBF37
                              SHA-512:48443F3803948E4965A2BEF3E688552C0F8F9A1F94798AC9703E228E193DA0D4714360851EB768B9245ED272A4EA783B87DA46F468ACA0655EC39DAF0E532EB9
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"fe53d395-8f3c-43eb-846e-1ad2256dfa0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714144458021,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):294
                              Entropy (8bit):5.288433888104503
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJfBD2G6UpnrPeUkwRe9:YvXKXmI2i2Zc0vhg0nGR22cUkee9
                              MD5:2E9EDD1874BA83178E831508CCA91C71
                              SHA1:7F72A5E36885D4B20E992E37CB4D77313E64BABD
                              SHA-256:7E7A3A0B6C30735EFCB7EC1B16FC5FB29990B323F08B4F96948A67C4CC48442F
                              SHA-512:DCD610738AE5321E5ADDFB075C6A58BAC09C58E34AEB4595A965EFE9DEE14030D6959E45935AF729814E854B928772423BF7D6B71ED93F39D7A86330B2D36F71
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"fe53d395-8f3c-43eb-846e-1ad2256dfa0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714144458021,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):285
                              Entropy (8bit):5.349296464255971
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJfPmwrPeUkwRe9:YvXKXmI2i2Zc0vhg0nGH56Ukee9
                              MD5:55097347A8C0ADE6B1F6C50B0BFA3807
                              SHA1:4D9428670E3A1F83BFE11D53D2627CAEE9DA9CF9
                              SHA-256:6FFF77BF0957E82CFA70671AF27ADA99D9EB042A0EFD1DF8F50645F3D27EE479
                              SHA-512:EAC18EEB3E3618F72BF174B35DAC7F69183BC13AA123E958382E721E3F280874F328D70300FE51D865F39AA9927679AD64E249C96ED00F520A193AA57F94CF9D
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"fe53d395-8f3c-43eb-846e-1ad2256dfa0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714144458021,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):292
                              Entropy (8bit):5.305392414057309
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJfJWCtMdPeUkwRe9:YvXKXmI2i2Zc0vhg0nGBS8Ukee9
                              MD5:7337E497DB42084AF655CC6105096E70
                              SHA1:AD2B0EF8A2C949C6C20EFD2959083501A8E506D0
                              SHA-256:FB1C4D5F2204A1ABBBE937D427393289506876116643850F575A3D0275266795
                              SHA-512:18B8F68CE3E7EB941DEF22D258F8C39ED557DD91A9530EE062EEA52194F94D0600356EEB9BFB8490B8DE6CD03D433176067CA7530F67EB814D6C36D7AD8A93DA
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"fe53d395-8f3c-43eb-846e-1ad2256dfa0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714144458021,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):289
                              Entropy (8bit):5.293008524050091
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJf8dPeUkwRe9:YvXKXmI2i2Zc0vhg0nGU8Ukee9
                              MD5:CD08F80A2CDA2CEB6A87C7E1DAE5A262
                              SHA1:BF1DF3617D96C99FC1FDABBE566C4FDD76CC5993
                              SHA-256:00770B27AAE7FD3B69432CADFF9F9D1DDA9D7E9C737A32242E292489B21C549A
                              SHA-512:2F662F617C9D299D3AA67C9A60882CB5D5A28281AA75C881375A1B9EC0F27B0CA9122E7A5B8A7254D558250D77E5924F19BD3881AC3BF505D2B66A06AD3CFAE1
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"fe53d395-8f3c-43eb-846e-1ad2256dfa0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714144458021,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):292
                              Entropy (8bit):5.296997162573533
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJfQ1rPeUkwRe9:YvXKXmI2i2Zc0vhg0nGY16Ukee9
                              MD5:E89443BCF9B85E0866EBCF55CE31E5E1
                              SHA1:2027008B16D296A166D5050CBD5F3B5FEAE4C7A7
                              SHA-256:07D085803D2B719F9531E0CD0EFE4B2A107D02B97DD93C21454D64ABAF2407E8
                              SHA-512:036651FCE9DC52AD38866A3E7330B29863A31CA6CD5DBFC00BBA087EED850A822266FA94BEE4B9D124FF7921D8563DA2FFD301266BD1C3EB8A2F324D59E017F0
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"fe53d395-8f3c-43eb-846e-1ad2256dfa0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714144458021,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):289
                              Entropy (8bit):5.300975670943384
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJfFldPeUkwRe9:YvXKXmI2i2Zc0vhg0nGz8Ukee9
                              MD5:91EA2A282970EA6B8C3513CF962F781B
                              SHA1:A5AE72B8BC6F507E37381A24A914BF457CCE7A44
                              SHA-256:096DC33CA2BA9886D86A8505A65499B847AFC52C99B386365CEF3E61130AA5B1
                              SHA-512:03DD18B501D08EC96D7751152195541F595E5A731877CA0E7AE91250E71622D44B4B2FD421A850BAFD5E12E9F3D70D9B72DF944E6D529C8228415DA9AABA6995
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"fe53d395-8f3c-43eb-846e-1ad2256dfa0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714144458021,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1372
                              Entropy (8bit):5.737943781477357
                              Encrypted:false
                              SSDEEP:24:Yv6X32zvW0/KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNeQs:YvmutEgigrNt0wSJn+ns8cvFJY/
                              MD5:9384381140127FBB23B22A4E68459374
                              SHA1:81C6DF839272DB7AE06C408CCECFABCC96340DD4
                              SHA-256:4C757F000B413C10D148B276EA01A224667C4817175097D58D5D24340F6654D5
                              SHA-512:AB7A65782EC6F50F7C9B7FDCAB206A70CC92F03DB469E2B071D8B453DF6C1429EF0B4469FBBC8D3A9D4CD26C493C105D953755F243D7F84017E25AFFCB2AE6A9
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"fe53d395-8f3c-43eb-846e-1ad2256dfa0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714144458021,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):289
                              Entropy (8bit):5.298521689612525
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJfYdPeUkwRe9:YvXKXmI2i2Zc0vhg0nGg8Ukee9
                              MD5:CE7A1995443A8A5E8439A5E60296EF69
                              SHA1:38B8CB83C2005DA6FE5DFEEA7BE4B4186FEEDA55
                              SHA-256:2E0A6E5DB10B2383CBDBE5063FFE9D188A8F6C40948F9E2C6FB5E8FEC40E4946
                              SHA-512:F852B1CB5E59E3BD66E658F7539E1195EEC3925D580D0E56D3A112C545450E072751363A4260A525B6558527346D70E5910708AD475E4DD79037E1FCEFBD2799
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"fe53d395-8f3c-43eb-846e-1ad2256dfa0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714144458021,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1395
                              Entropy (8bit):5.776394344978596
                              Encrypted:false
                              SSDEEP:24:Yv6X32zvW0CrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNGQs:YvmuwHgDv3W2aYQfgB5OUupHrQ9FJU/
                              MD5:8165F0E0D711D2DABCF9527DD186AE75
                              SHA1:0EBE4BB4016FDECA324BD13458AA601C8677F99F
                              SHA-256:CD78C0D9BCB374385C46C59A12ED87E9E94449EEA93DFD5CF3A0B6F427388D27
                              SHA-512:6EEEE0922B3EECE620AC7475F96AF309DF0AAB0E4CDEE319DC966CC97B596A255A532B4E1D4D63B0BD00870EF8605E50818347FABF76E5369F94FAA7D459D32A
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"fe53d395-8f3c-43eb-846e-1ad2256dfa0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714144458021,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):291
                              Entropy (8bit):5.282078947495237
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJfbPtdPeUkwRe9:YvXKXmI2i2Zc0vhg0nGDV8Ukee9
                              MD5:ACD61CC688D1644C2A457E0410E0922F
                              SHA1:8A0C0CA6FF0A50B04BF55B9491C477947BE07E54
                              SHA-256:70D630BF1F0E7D075CEEE0C0047EF561652ABCDE947CD380A307FC7C5A4FF121
                              SHA-512:B84330ED329B081C62E1FEFAE822E801FA5E3CA04C3F67C8FD95CFB8A59F3578E9CDD854F0857D83F3D5E95D62AD0C0C9432F34D117CDD6BED8B1397A00B1BD8
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"fe53d395-8f3c-43eb-846e-1ad2256dfa0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714144458021,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):287
                              Entropy (8bit):5.287005803695001
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJf21rPeUkwRe9:YvXKXmI2i2Zc0vhg0nG+16Ukee9
                              MD5:20FAE61E3ABB705FEA51BA55F9CC46A2
                              SHA1:EC07F22B0E4851667352B2AD116FEFD18F63A8B1
                              SHA-256:76C957100CDC8250A516D02392CF5B4BC15315F0D72112ADC8CE506317A81729
                              SHA-512:014C4BF3E840FB7EA73E9265152B834B6BC9978C1AE6DA9DCABFECCF3F539386BBDB6E81D7CC1C48EDB03B4357E51EF75D3714155B085E4FB71684B45BAA51D3
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"fe53d395-8f3c-43eb-846e-1ad2256dfa0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714144458021,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):289
                              Entropy (8bit):5.305634295895797
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJfbpatdPeUkwRe9:YvXKXmI2i2Zc0vhg0nGVat8Ukee9
                              MD5:5C6C49FF3FCA5E2D737B6A71C10241A0
                              SHA1:83067FE6620115B077BB2F6074E36EE15F408188
                              SHA-256:8DDF072D9AC27E971A2FD318DEF35F6B98A722A7A8327DBE0D060491CEF122A5
                              SHA-512:D49487AAA76E3AB0BC101B1118E72843218EA9729203C9BED0013DA7A37A85893D0CEE0D34EC0CCD23B9582D1C8243E8BB30EBC6B8438C2FFC0FA3C366DCADE1
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"fe53d395-8f3c-43eb-846e-1ad2256dfa0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714144458021,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):286
                              Entropy (8bit):5.261781799726259
                              Encrypted:false
                              SSDEEP:6:YEQXJ2HXmnIaVfKHVoZcg1vRcR0YAR20UoAvJfshHHrPeUkwRe9:YvXKXmI2i2Zc0vhg0nGUUUkee9
                              MD5:C4E5A9E7254136E6D3CF2B9E1603E82E
                              SHA1:D5A26CE88F9221D640B9B9F8D0A9E69E50DE7BCF
                              SHA-256:B8FE953F724194480031B1FAED0D08D915EDE38AA78593E86E8EE2F2C36D3B3C
                              SHA-512:5FBDCD4C856E146C7949C505461B75C8DBD70BB018E715D779A97A1FCB62CBED3462CB2D82F9557310A4730BC938E2FA7FBBFF6C138B8D31E6FF2CFB37B09CC6
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"fe53d395-8f3c-43eb-846e-1ad2256dfa0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714144458021,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):782
                              Entropy (8bit):5.369352659874663
                              Encrypted:false
                              SSDEEP:12:YvXKXmI2i2Zc0vhg0nGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWKQs:Yv6X32zvW0n168CgEXX5kcIfANhBQs
                              MD5:7C671D67C5432FA88B63960B727A730D
                              SHA1:9E91DB760F5DC16E64E743C763E6A8C1E2B868B8
                              SHA-256:B8CF47D95242F6003379BF3E7159D276B38984EBEDB87D5C6CD80B9973009091
                              SHA-512:CC568C9E652245D2E5D962F5907F62DDFEC9ED18AE3ACCF52C29D121670898A2B588DC0CA5AFBB55575233BF40F5573328E48E615FD27D20656F92FC19B843E6
                              Malicious:false
                              Preview:{"analyticsData":{"responseGUID":"fe53d395-8f3c-43eb-846e-1ad2256dfa0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714144458021,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1713965973055}}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4
                              Entropy (8bit):0.8112781244591328
                              Encrypted:false
                              SSDEEP:3:e:e
                              MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                              SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                              SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                              SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                              Malicious:false
                              Preview:....

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2814
                              Entropy (8bit):5.142870618926535
                              Encrypted:false
                              SSDEEP:48:Y4Y1K2OHhkV4AMgsidJZv3Jn4qTHEKB6CG1BQc6QWbr9O6Tqc:6MHhkvMgsidJZv3Jn4qTHEKB6CG56QW5
                              MD5:A892AE3A8C1CDC377780965144B31C66
                              SHA1:DEE7BE5EDBF1741EEDBAE2CB015E15457CAFE041
                              SHA-256:9E03C8B26E8E41123DA110DECBF2F05CF887118FD93B1B1C828899C29F4086E6
                              SHA-512:D7F78473B1929E77047552804271B87125A370FFB4DF55ADD1CA18215E482F510BCA0261AB45FECCDA6A33DC6DCC31597F49881048308E8113A943BFAA785C00
                              Malicious:false
                              Preview:{"all":[{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"9140c9cacb2bf7f4323fa2205dc92bcf","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713965972000},{"id":"Edit_InApp_Aug2020","info":{"dg":"2d528485dab471e63955735f7239457b","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713965972000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"5ce5465a762a4ff5b85d2660f6accf52","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713965972000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"ab9008ec0b98fffa795300b093ba4716","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713965972000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"1d86c3f25c3e3516ca9ec6e101371139","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713965972000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"5b4265c1ff3e9e8f343b2d5cddb22cc3","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713965972000},

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 30, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 30
                              Category:dropped
                              Size (bytes):12288
                              Entropy (8bit):1.1919877324393977
                              Encrypted:false
                              SSDEEP:24:TLxjx/XYKQvGJF7ursEt2rn7ddR97dfRT97dfZ6i3FU/PinjXjmuhZxJZx1mPwyq:Tll2GL7msEOnvR9H9vxFGiDBCs
                              MD5:2147356CACBE7289A8E2A9F67A3C7A84
                              SHA1:781D0AF3A0E9692B1F668E114F0003A82798CECC
                              SHA-256:FD92A058CF6CD628A0BA62CB59DCBF0B106203ECEAF27B07B4754D15AD69016B
                              SHA-512:57BFF330ECA5299C152B3E77C5145376F0C2C58652142CEC1BC7EAEC93BA2CFBDF0DBED4F1818B7E1544540801D86AA48B28950EA6F0D5D12383BBF46D100E68
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:SQLite Rollback Journal
                              Category:dropped
                              Size (bytes):8720
                              Entropy (8bit):1.6168730544170478
                              Encrypted:false
                              SSDEEP:24:7+tq82u7ddR97dfRT97dfZ6i3FU/PinjXIALZxJZx1mPwy2Q2NWqLRx/XYKQvGJj:7MquvR9H9vxFGiDIAYZq1l2GL7ms6a
                              MD5:AC78125C188A5580BFEB07F466B096A4
                              SHA1:55BDD38A36925A8B72FD27D738C32BA43A54F5E6
                              SHA-256:DF6A87323EE36CCDEE777802B433F452F9131DCDE56E1F2A611B74396B1228E3
                              SHA-512:D1675A8D1B04ACE99F150CB00F5FFFBB860CD6F3E5A52C628E4EE1F394C62B8FBF9EE48572DDDD000CB8BB6AA023F249453AF0F895C7A6D086C03CEB7A3FA6C8
                              Malicious:false
                              Preview:.... .c.....A.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f...)..).....8.....).).).).).).).)................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\MSI16d34.LOG

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):246
                              Entropy (8bit):3.5329345335875004
                              Encrypted:false
                              SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c+aTZCH:Qw946cPbiOxDlbYnuRKHhw
                              MD5:C1BCAC28172009DF06C5E628A45B9FE4
                              SHA1:5A3A522343BB3AC5E9F5EDF9CEA7319DC2859A39
                              SHA-256:009E7AD133EA7668BFADD1817AA7402DA9768E6089F218315822D8010D9DC1EB
                              SHA-512:0C6BB21357EBB7AD91624E9A856EAE4FA7A15D8C18936A8814E8CCFCF125D99C278FEEDC931A7EBEA58FD3EC29879F5B26E732188E11577FD4A12F450DB73797
                              Malicious:false
                              Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.0.4./.2.0.2.4. . .1.5.:.3.9.:.3.3. .=.=.=.....

                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 15-39-27-473.log

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:ASCII text, with very long lines (393)
                              Category:dropped
                              Size (bytes):16525
                              Entropy (8bit):5.345946398610936
                              Encrypted:false
                              SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                              MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                              SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                              SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                              SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                              Malicious:false
                              Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:ASCII text, with very long lines (393), with CRLF line terminators
                              Category:dropped
                              Size (bytes):16603
                              Entropy (8bit):5.401716468234278
                              Encrypted:false
                              SSDEEP:384:aWYlA0JwFqaHNBtTJypXFyHn0TGyH745yMoK2KHSdLCwQ8ku7GCWPWv+Jzj5s8IS:RIG
                              MD5:FA485FDDADE4F01B7121E86895CB936E
                              SHA1:B34A878A03D587CEC62844DEE969C7C01F15908D
                              SHA-256:C126373307FCE43F0533DCDE6D1AECB33E0D829F84BA86AE0FD4EE2F243B36CE
                              SHA-512:E5556AE5375D94F59C84344EEE24B22E42877D40E2CD58EF8DA66362025D16AD77A1E197BFF90DE0EF94CD08069E4F6B8573CB475D306ED460C2E03BED3280A1
                              Malicious:false
                              Preview:SessionID=58487d0f-6ce5-4db3-b966-d00712b265f6.1713965967489 Timestamp=2024-04-24T15:39:27:489+0200 ThreadID=7800 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=58487d0f-6ce5-4db3-b966-d00712b265f6.1713965967489 Timestamp=2024-04-24T15:39:27:489+0200 ThreadID=7800 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=58487d0f-6ce5-4db3-b966-d00712b265f6.1713965967489 Timestamp=2024-04-24T15:39:27:490+0200 ThreadID=7800 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=58487d0f-6ce5-4db3-b966-d00712b265f6.1713965967489 Timestamp=2024-04-24T15:39:27:490+0200 ThreadID=7800 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=58487d0f-6ce5-4db3-b966-d00712b265f6.1713965967489 Timestamp=2024-04-24T15:39:27:490+0200 ThreadID=7800 Component=ngl-lib_NglAppLib Description="SetConf

                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):29845
                              Entropy (8bit):5.390755158590004
                              Encrypted:false
                              SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rB:9
                              MD5:20587C92C1E127297E0B58D578E05133
                              SHA1:6BFF446BC799A6D5CC4324F2EDA0300BFA90626E
                              SHA-256:96476D79F73E4F59625A815D52EF9F8939109BEFB0D5D32EDEE1DD49584458D9
                              SHA-512:74F1D91F7A3A53BA922BB112C2E59A50A1564943F80B207999C9CE1333CF6E62CD65B72F7AC9CF65851AA1D2D9D2141C83532400025EA8FD4519ABB5B29325C1
                              Malicious:false
                              Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                              C:\Users\user\AppData\Local\Temp\acrocef_low\6da33d09-8603-4fc2-b762-3712b3b00257.tmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                              Category:dropped
                              Size (bytes):758601
                              Entropy (8bit):7.98639316555857
                              Encrypted:false
                              SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                              MD5:3A49135134665364308390AC398006F1
                              SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                              SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                              SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                              Malicious:false
                              Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                              C:\Users\user\AppData\Local\Temp\acrocef_low\b68055ba-c295-47f8-8028-93cf53ec037f.tmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                              Category:dropped
                              Size (bytes):1407294
                              Entropy (8bit):7.97605879016224
                              Encrypted:false
                              SSDEEP:24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje
                              MD5:716C2C392DCD15C95BBD760EEBABFCD0
                              SHA1:4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
                              SHA-256:DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
                              SHA-512:E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
                              Malicious:false
                              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                              C:\Users\user\AppData\Local\Temp\acrocef_low\be6a46fb-c61c-4598-8e8f-50c663b3681a.tmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                              Category:dropped
                              Size (bytes):1419751
                              Entropy (8bit):7.976496077007677
                              Encrypted:false
                              SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                              MD5:18E3D04537AF72FDBEB3760B2D10C80E
                              SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                              SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                              SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                              Malicious:false
                              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                              C:\Users\user\AppData\Local\Temp\acrocef_low\dedad9e8-40ea-4d5a-88c2-135cd69fa7ab.tmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                              Category:dropped
                              Size (bytes):386528
                              Entropy (8bit):7.9736851559892425
                              Encrypted:false
                              SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                              MD5:5C48B0AD2FEF800949466AE872E1F1E2
                              SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                              SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                              SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                              Malicious:false
                              Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                              C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):24
                              Entropy (8bit):3.66829583405449
                              Encrypted:false
                              SSDEEP:3:So6FwHn:So6FwHn
                              MD5:DD4A3BD8B9FF61628346391EA9987E1D
                              SHA1:474076C122CACAAF112469FC62976BB69187AA2B
                              SHA-256:7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
                              SHA-512:FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
                              Malicious:false
                              Preview:<</Settings [/c <<>>].>>

                              C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):36
                              Entropy (8bit):4.294653473544341
                              Encrypted:false
                              SSDEEP:3:8QvCyKGziFLpn:8QayKGyLpn
                              MD5:5C6B932A79952B4B27833691305E61DB
                              SHA1:09804DB0986A989C2C49CDCEA563567FB4C7B1A0
                              SHA-256:DEE5A5925227B125F4AC6D9B70A277E6EC8494FFC73D1CCE9E08CC7A78D6208A
                              SHA-512:4FAA9585BB10156D5DEA3B62D3A3A1BFA92430BA6E1E3381FC4C76C3071C85E53D5CBCE0016DBA1D1F9EA1B7AF37B4A4EFBAF4F3106B7D958B6E2E90AA0DF059
                              Malicious:false
                              Preview:%PDFTrustManagerDocsData 1.0........

                              C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):54
                              Entropy (8bit):3.7119196645733785
                              Encrypted:false
                              SSDEEP:3:8QvCxXLV1AiLKltVln:8QaRhJ2ltPn
                              MD5:6A614A7743B0C781AAECA60448E861D6
                              SHA1:67B7DF5EBEB4527E4C31F3F9B7E52A0581DC4B6D
                              SHA-256:9703120DC62C2C3F843BAD5B1E77594682CA7820F0345AE0BBD73021C1427146
                              SHA-512:3A45B27ED6F3AAA8C2113FBB21637675CC91D1239754447A7032D1A86CB1E7381575B28F992E5FFC9986354C2B9C173C614F1F703CA4C2BEE63AB3BC6ED909A6
                              Malicious:false
                              Preview:%PDFTrustManagerGroupPerms 1.0........................

                              Static File Info

                              General

                              File type:PDF document, version 1.6
                              Entropy (8bit):7.990606089533537
                              TrID:
                              • Adobe Portable Document Format (5005/1) 100.00%
                              File name:00. business card_Luca STRANIERO.pdf
                              File size:4'156'024 bytes
                              MD5:8729536ff1fc73f263c67050fa1e9aaa
                              SHA1:4b2445ddfdae6a556102f466d8dc51711b0c0bb9
                              SHA256:0be36f317fbd8ac2ab33fd81020ce6d768ea60f0fbd850b12efbe42f26f71e39
                              SHA512:a1fcf394175b706e77bd5c9ed21728d80028954d0248e67922ab3a2a35842510d9b27f74b6e0898ef5adef08748a7b856ec7c767ba72be49598883636916cffe
                              SSDEEP:98304:xpc/xLNvTrUM5XhhMVlDagNXrrBjGjCcyKPEQmX3/Cx8:xWxtHUmXhh4FNXnBQw4ED/a8
                              TLSH:DE1633354519682AF8413F3006143D92C7A77D6F46CE95607E3EB2A10FC78962B1EABF
                              File Content Preview:%PDF-1.6.%.....2 0 obj.<<./AcroForm 4 0 R./Metadata 5 0 R./OCProperties <<./D <<./ON [6 0 R]./Order 7 0 R./RBGroups [].>>./OCGs [6 0 R].>>./Pages 8 0 R./Type /Catalog.>>.endobj.5 0 obj.<<./Length 14112./Subtype /XML./Type /Metadata.>>.stream.<?xpacket beg

                              File Icon

                              Icon Hash:62cc8caeb29e8ae0

                              Static PDF Info

                              General

                              Header:%PDF-1.6
                              Total Entropy:7.990606
                              Total Bytes:4156024
                              Stream Entropy:7.994030
                              Stream Bytes:4104329
                              Entropy outside Streams:3.703452
                              Bytes outside Streams:51695
                              Number of EOF found:1
                              Bytes after EOF:

                              Keywords Statistics

                              NameCount
                              obj66
                              endobj65
                              stream63
                              endstream63
                              xref0
                              trailer0
                              startxref1
                              /Page0
                              /Encrypt0
                              /ObjStm1
                              /URI0
                              /JS0
                              /JavaScript0
                              /AA0
                              /OpenAction0
                              /AcroForm1
                              /JBIG2Decode0
                              /RichMedia0
                              /Launch0
                              /EmbeddedFile0

                              Image Streams

                              IDDHASHMD5Preview
                              240000000000000000cbc7993bed3955cc4cf1acafdf600250
                              250000000000000000c8b72e9beee236dc5f6b21d37225adca
                              260000000000000000e17dc0b012f51760532d173048cfac3b
                              3300000000000000003cb0ad040a5739257365c7704cb9b389
                              350000000000000000922365737f7c8a4756fe7e390a3c56af

                              Network Behavior

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Apr 24, 2024 15:39:32.233283997 CEST49740443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.233325005 CEST44349740162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:32.233402967 CEST49740443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.236393929 CEST49741443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.236417055 CEST44349741162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:32.236485004 CEST49741443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.236876965 CEST49740443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.236896038 CEST44349740162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:32.237401009 CEST49741443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.237418890 CEST44349741162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:32.554512024 CEST44349740162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:32.555105925 CEST49740443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.555128098 CEST44349740162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:32.556615114 CEST44349740162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:32.556680918 CEST49740443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.558465004 CEST44349741162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:32.584017038 CEST49741443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.584038973 CEST44349741162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:32.584331989 CEST49740443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.584494114 CEST44349740162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:32.584604979 CEST49740443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.584623098 CEST44349740162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:32.588089943 CEST44349741162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:32.588180065 CEST49741443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.659425974 CEST49741443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.659720898 CEST44349741162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:32.660491943 CEST49741443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.660526991 CEST44349741162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:32.722810984 CEST49741443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.738440990 CEST49740443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.803709030 CEST49744443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.803739071 CEST44349744162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:32.803828001 CEST49744443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.804029942 CEST49744443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.804044962 CEST44349744162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:32.894275904 CEST44349740162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:32.894395113 CEST44349740162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:32.894556046 CEST49740443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.894649982 CEST49740443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.894670010 CEST44349740162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:32.898400068 CEST44349741162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:32.898458958 CEST44349741162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:32.898520947 CEST49741443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.898631096 CEST49741443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:32.898643970 CEST44349741162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:33.117084980 CEST44349744162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:33.117532015 CEST49744443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:33.117551088 CEST44349744162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:33.118525028 CEST44349744162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:33.118635893 CEST49744443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:33.148060083 CEST49744443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:33.148272038 CEST44349744162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:33.148361921 CEST49744443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:33.148371935 CEST44349744162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:33.238538027 CEST49744443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:33.465370893 CEST44349744162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:33.465570927 CEST44349744162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:33.465629101 CEST49744443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:33.494184017 CEST49744443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:33.494199991 CEST44349744162.159.61.3192.168.2.4

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Apr 24, 2024 15:39:31.993639946 CEST5827653192.168.2.41.1.1.1
                              Apr 24, 2024 15:39:32.147105932 CEST53582761.1.1.1192.168.2.4
                              Apr 24, 2024 15:39:37.206800938 CEST52410443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:37.361037970 CEST44352410162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:37.361468077 CEST44352410162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:37.361499071 CEST44352410162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:37.362231970 CEST52410443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:37.404905081 CEST52410443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:37.405145884 CEST52410443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:37.406254053 CEST52410443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:37.560022116 CEST44352410162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:37.560036898 CEST44352410162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:37.560046911 CEST44352410162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:37.560058117 CEST44352410162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:37.560488939 CEST52410443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:37.560549021 CEST52410443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:37.560683966 CEST44352410162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:37.586865902 CEST52410443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:39:37.714410067 CEST44352410162.159.61.3192.168.2.4
                              Apr 24, 2024 15:39:37.739877939 CEST52410443192.168.2.4162.159.61.3
                              Apr 24, 2024 15:40:04.856709957 CEST52410443192.168.2.4162.159.61.3

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Apr 24, 2024 15:39:31.993639946 CEST192.168.2.41.1.1.10xf678Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Apr 24, 2024 15:39:32.147105932 CEST1.1.1.1192.168.2.40xf678No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                              Apr 24, 2024 15:39:32.147105932 CEST1.1.1.1192.168.2.40xf678No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false

                              HTTP Request Dependency Graph

                              • chrome.cloudflare-dns.com

                              HTTPS Proxied Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.449740162.159.61.34437240C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              TimestampBytes transferredDirectionData
                              2024-04-24 13:39:32 UTC245OUTPOST /dns-query HTTP/1.1
                              Host: chrome.cloudflare-dns.com
                              Connection: keep-alive
                              Content-Length: 128
                              Accept: application/dns-message
                              Accept-Language: *
                              User-Agent: Chrome
                              Accept-Encoding: identity
                              Content-Type: application/dns-message
                              2024-04-24 13:39:32 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Data Ascii: wwwgstaticcom)TP
                              2024-04-24 13:39:32 UTC247INHTTP/1.1 200 OK
                              Server: cloudflare
                              Date: Wed, 24 Apr 2024 13:39:32 GMT
                              Content-Type: application/dns-message
                              Connection: close
                              Access-Control-Allow-Origin: *
                              Content-Length: 468
                              CF-RAY: 879680022fbb09f3-LAS
                              alt-svc: h3=":443"; ma=86400
                              2024-04-24 13:39:32 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 29 00 04 8e fa 65 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Data Ascii: wwwgstaticcom)e^)


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.449741162.159.61.34437240C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              TimestampBytes transferredDirectionData
                              2024-04-24 13:39:32 UTC245OUTPOST /dns-query HTTP/1.1
                              Host: chrome.cloudflare-dns.com
                              Connection: keep-alive
                              Content-Length: 128
                              Accept: application/dns-message
                              Accept-Language: *
                              User-Agent: Chrome
                              Accept-Encoding: identity
                              Content-Type: application/dns-message
                              2024-04-24 13:39:32 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Data Ascii: wwwgstaticcom)TP
                              2024-04-24 13:39:32 UTC247INHTTP/1.1 200 OK
                              Server: cloudflare
                              Date: Wed, 24 Apr 2024 13:39:32 GMT
                              Content-Type: application/dns-message
                              Connection: close
                              Access-Control-Allow-Origin: *
                              Content-Length: 468
                              CF-RAY: 879680022fd10adb-LAS
                              alt-svc: h3=":443"; ma=86400
                              2024-04-24 13:39:32 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 2c 00 04 8e fa 65 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Data Ascii: wwwgstaticcom,e^)


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              2192.168.2.449744162.159.61.34437240C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              TimestampBytes transferredDirectionData
                              2024-04-24 13:39:33 UTC245OUTPOST /dns-query HTTP/1.1
                              Host: chrome.cloudflare-dns.com
                              Connection: keep-alive
                              Content-Length: 128
                              Accept: application/dns-message
                              Accept-Language: *
                              User-Agent: Chrome
                              Accept-Encoding: identity
                              Content-Type: application/dns-message
                              2024-04-24 13:39:33 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Data Ascii: wwwgstaticcom)TP
                              2024-04-24 13:39:33 UTC247INHTTP/1.1 200 OK
                              Server: cloudflare
                              Date: Wed, 24 Apr 2024 13:39:33 GMT
                              Content-Type: application/dns-message
                              Connection: close
                              Access-Control-Allow-Origin: *
                              Content-Length: 468
                              CF-RAY: 87968005ba4f0ad3-LAS
                              alt-svc: h3=":443"; ma=86400
                              2024-04-24 13:39:33 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 29 00 04 8e fb 02 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Data Ascii: wwwgstaticcom)^)


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:0
                              Start time:15:39:08
                              Start date:24/04/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\00. business card_Luca STRANIERO.pdf"
                              Imagebase:0x7ff6bc1b0000
                              File size:5'641'176 bytes
                              MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:moderate
                              Has exited:true

                              General

                              Target ID:1
                              Start time:15:39:09
                              Start date:24/04/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
                              Imagebase:0x7ff737cc0000
                              File size:11'469'784 bytes
                              MD5 hash:8A41FC5F946230805512B943C45AC9D8
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:false

                              General

                              Target ID:2
                              Start time:15:39:10
                              Start date:24/04/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7788
                              Imagebase:0x7ff737cc0000
                              File size:11'469'784 bytes
                              MD5 hash:8A41FC5F946230805512B943C45AC9D8
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:false

                              General

                              Target ID:3
                              Start time:15:39:11
                              Start date:24/04/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
                              Imagebase:0x7ff737cc0000
                              File size:11'469'784 bytes
                              MD5 hash:8A41FC5F946230805512B943C45AC9D8
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:4
                              Start time:15:39:11
                              Start date:24/04/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7960
                              Imagebase:0x7ff737cc0000
                              File size:11'469'784 bytes
                              MD5 hash:8A41FC5F946230805512B943C45AC9D8
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:5
                              Start time:15:39:13
                              Start date:24/04/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
                              Imagebase:0x7ff737cc0000
                              File size:11'469'784 bytes
                              MD5 hash:8A41FC5F946230805512B943C45AC9D8
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:6
                              Start time:15:39:13
                              Start date:24/04/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8068
                              Imagebase:0x7ff737cc0000
                              File size:11'469'784 bytes
                              MD5 hash:8A41FC5F946230805512B943C45AC9D8
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:7
                              Start time:15:39:15
                              Start date:24/04/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
                              Imagebase:0x7ff737cc0000
                              File size:11'469'784 bytes
                              MD5 hash:8A41FC5F946230805512B943C45AC9D8
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:8
                              Start time:15:39:15
                              Start date:24/04/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=8176
                              Imagebase:0x7ff737cc0000
                              File size:11'469'784 bytes
                              MD5 hash:8A41FC5F946230805512B943C45AC9D8
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:9
                              Start time:15:39:17
                              Start date:24/04/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
                              Imagebase:0x7ff737cc0000
                              File size:11'469'784 bytes
                              MD5 hash:8A41FC5F946230805512B943C45AC9D8
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:10
                              Start time:15:39:17
                              Start date:24/04/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7372
                              Imagebase:0x7ff737cc0000
                              File size:11'469'784 bytes
                              MD5 hash:8A41FC5F946230805512B943C45AC9D8
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:11
                              Start time:15:39:19
                              Start date:24/04/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
                              Imagebase:0x7ff737cc0000
                              File size:11'469'784 bytes
                              MD5 hash:8A41FC5F946230805512B943C45AC9D8
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:12
                              Start time:15:39:19
                              Start date:24/04/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7352
                              Imagebase:0x7ff737cc0000
                              File size:11'469'784 bytes
                              MD5 hash:8A41FC5F946230805512B943C45AC9D8
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:13
                              Start time:15:39:22
                              Start date:24/04/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
                              Imagebase:0x400000
                              File size:218'280 bytes
                              MD5 hash:92366A2F482926C3D0DD02D6F952F742
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:14
                              Start time:15:39:24
                              Start date:24/04/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                              Imagebase:0x7ff74bb60000
                              File size:3'581'912 bytes
                              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:16
                              Start time:15:39:25
                              Start date:24/04/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1732,i,15913500959655005552,13017635812736798014,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                              Imagebase:0x7ff74bb60000
                              File size:3'581'912 bytes
                              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              Disassembly

                              No disassembly