Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Unbenannte Anlage 00015.pdf

Overview

General Information

Sample name:Unbenannte Anlage 00015.pdf
Analysis ID:1431110
MD5:91184d58a2f2a336ac755a52be7a32d6
SHA1:06efc92b74bd749bfbdd02bfdf15e0dbd45fc6b9
SHA256:d206fbe1ec3cf0fd39b9c5e5b93818b2a275badff047f32618612f98a1b08f07
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 576 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Unbenannte Anlage 00015.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6520 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 5700 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1520,i,8063962907802656780,12286299177463123418,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.5:49714 -> 23.3.84.164:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 23.3.84.164:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 23.3.84.164:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 23.3.84.164:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 23.3.84.164:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 23.3.84.164:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 23.3.84.164:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 23.3.84.164:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 23.3.84.164:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 23.3.84.164:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 23.3.84.164:443
Source: global trafficTCP traffic: 23.3.84.164:443 -> 192.168.2.5:49714
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 23.3.84.164:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 23.3.84.164:443
Source: global trafficTCP traffic: 23.3.84.164:443 -> 192.168.2.5:49714
Source: global trafficTCP traffic: 23.3.84.164:443 -> 192.168.2.5:49714
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 23.3.84.164:443
Source: global trafficTCP traffic: 23.3.84.164:443 -> 192.168.2.5:49714
Source: global trafficTCP traffic: 23.3.84.164:443 -> 192.168.2.5:49714
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 23.3.84.164:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 23.3.84.164:443
Source: global trafficTCP traffic: 23.3.84.164:443 -> 192.168.2.5:49714
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 23.3.84.164:443
Source: global trafficTCP traffic: 23.3.84.164:443 -> 192.168.2.5:49714
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 23.3.84.164:443
Source: global trafficTCP traffic: 23.3.84.164:443 -> 192.168.2.5:49714
Source: global trafficTCP traffic: 23.3.84.164:443 -> 192.168.2.5:49714
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 23.3.84.164:443
Source: global trafficTCP traffic: 192.168.2.5:49714 -> 23.3.84.164:443
Source: global trafficTCP traffic: 23.3.84.164:443 -> 192.168.2.5:49714
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.3.84.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.3.84.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.3.84.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.3.84.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.3.84.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.3.84.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.3.84.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.3.84.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.3.84.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.3.84.164
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: classification engineClassification label: clean1.winPDF@14/41@0/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2468Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 15-40-10-752.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Unbenannte Anlage 00015.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1520,i,8063962907802656780,12286299177463123418,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1520,i,8063962907802656780,12286299177463123418,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Unbenannte Anlage 00015.pdfInitial sample: PDF keyword /JS count = 0
Source: Unbenannte Anlage 00015.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Unbenannte Anlage 00015.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive12
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1431110 Sample: Unbenannte Anlage 00015.pdf Startdate: 24/04/2024 Architecture: WINDOWS Score: 1 6 Acrobat.exe 20 62 2->6         started        process3 8 AcroCEF.exe 105 6->8         started        process4 10 AcroCEF.exe 2 8->10         started        dnsIp5 13 23.3.84.164, 443, 49714 AKAMAI-ASUS United States 10->13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Unbenannte Anlage 00015.pdf0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
23.3.84.164
unknownUnited States
16625AKAMAI-ASUSfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1431110
Start date and time:2024-04-24 15:39:24 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 55s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:9
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:Unbenannte Anlage 00015.pdf
Detection:CLEAN
Classification:clean1.winPDF@14/41@0/1
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 23.1.100.158, 18.207.85.246, 107.22.247.231, 54.144.73.197, 34.193.227.236, 162.159.61.3, 172.64.41.3, 23.219.38.26, 23.219.38.58
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
23.3.84.164SOA_OCT.xlsGet hashmaliciousUnknownBrowse

    Domains

    No context

    ASNs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    AKAMAI-ASUShttps://campaign-statistics.com/link_click/PJygYHTMZ2_OXDfP/30633247af9f78d20f1e067eab9a8276Get hashmaliciousHTMLPhisherBrowse
    • 23.209.84.171
    sIQywRNC5M.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
    • 184.85.65.125
    qJKiVKZdFk.exeGet hashmaliciousClipboard Hijacker, Djvu, VidarBrowse
    • 23.65.44.84
    https://i.imgur.com/EoTj4iI.pngGet hashmaliciousUnknownBrowse
    • 184.28.252.71
    https://i.imgur.com/VlAllek.pngGet hashmaliciousUnknownBrowse
    • 184.28.252.71
    Z4CYGTBlj7.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
    • 184.85.65.125
    SUwX12D2S6.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
    • 23.66.133.162
    file.exeGet hashmaliciousPureLog Stealer, VidarBrowse
    • 23.66.133.162
    rq0mVjR9ar.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
    • 96.17.209.196
    8jvTeVxooN.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
    • 184.30.90.143

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.226995311978256
    Encrypted:false
    SSDEEP:6:hWtQL+q2P92nKuAl9OmbnIFUt8WISG1Zmw+WISQLVkwO92nKuAl9OmbjLJ:hiv4HAahFUt8WS1/+WE5LHAaSJ
    MD5:1EA820526A41BE0389D5315C04F7F33B
    SHA1:A4C27A4B66FF069D9BBEC25D19DC7799DB43B6A4
    SHA-256:AEB5CEF25A2009C39E8384A78738197F3B41C817F097BCC9FD8780278861E282
    SHA-512:C52E625608538373E99ABD7C4E93EB7A595173686268328FD2CB80B67104E5FBB30AA825B2098FB2A1DEF607FCE9923D87EA6F90426843A88D3B5CF34E7C9249
    Malicious:false
    Reputation:low
    Preview:2024/04/24-15:40:08.496 1838 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/24-15:40:08.497 1838 Recovering log #3.2024/04/24-15:40:08.497 1838 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.226995311978256
    Encrypted:false
    SSDEEP:6:hWtQL+q2P92nKuAl9OmbnIFUt8WISG1Zmw+WISQLVkwO92nKuAl9OmbjLJ:hiv4HAahFUt8WS1/+WE5LHAaSJ
    MD5:1EA820526A41BE0389D5315C04F7F33B
    SHA1:A4C27A4B66FF069D9BBEC25D19DC7799DB43B6A4
    SHA-256:AEB5CEF25A2009C39E8384A78738197F3B41C817F097BCC9FD8780278861E282
    SHA-512:C52E625608538373E99ABD7C4E93EB7A595173686268328FD2CB80B67104E5FBB30AA825B2098FB2A1DEF607FCE9923D87EA6F90426843A88D3B5CF34E7C9249
    Malicious:false
    Reputation:low
    Preview:2024/04/24-15:40:08.496 1838 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/24-15:40:08.497 1838 Recovering log #3.2024/04/24-15:40:08.497 1838 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):338
    Entropy (8bit):5.195137531876985
    Encrypted:false
    SSDEEP:6:ry+q2P92nKuAl9Ombzo2jMGIFUt8+LXZmw+xtVkwO92nKuAl9Ombzo2jMmLJ:3v4HAa8uFUt8+b/+B5LHAa8RJ
    MD5:9A16942472EB0A9200FB2D838C72AD4C
    SHA1:B02B73C58DFC330B96BD766E3D117C93263E7E0C
    SHA-256:AD1D2F1BBAA31B0B57C9648A84419CE35977120381C80E16EBCA973D245F8378
    SHA-512:2B4AECA335C8B854EDB2226C269EB319ACA144FEEE9A85BFF2D8E9222E5D29AC1507FA551CC36F964D53A65A8A6AD6732681282FC97E7AC5FE3D42BDD24E94E1
    Malicious:false
    Reputation:low
    Preview:2024/04/24-15:40:08.662 1498 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/24-15:40:08.663 1498 Recovering log #3.2024/04/24-15:40:08.664 1498 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):338
    Entropy (8bit):5.195137531876985
    Encrypted:false
    SSDEEP:6:ry+q2P92nKuAl9Ombzo2jMGIFUt8+LXZmw+xtVkwO92nKuAl9Ombzo2jMmLJ:3v4HAa8uFUt8+b/+B5LHAa8RJ
    MD5:9A16942472EB0A9200FB2D838C72AD4C
    SHA1:B02B73C58DFC330B96BD766E3D117C93263E7E0C
    SHA-256:AD1D2F1BBAA31B0B57C9648A84419CE35977120381C80E16EBCA973D245F8378
    SHA-512:2B4AECA335C8B854EDB2226C269EB319ACA144FEEE9A85BFF2D8E9222E5D29AC1507FA551CC36F964D53A65A8A6AD6732681282FC97E7AC5FE3D42BDD24E94E1
    Malicious:false
    Reputation:low
    Preview:2024/04/24-15:40:08.662 1498 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/24-15:40:08.663 1498 Recovering log #3.2024/04/24-15:40:08.664 1498 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\084be99d-81e5-4395-837b-bb5a11b8e1e4.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:modified
    Size (bytes):508
    Entropy (8bit):5.060916805092798
    Encrypted:false
    SSDEEP:12:YH/um3RA8sqZoVksBdOg2HUXAcaq3QYiubxnP7E4T3OF+:Y2sRdsJdMHUXr3QYhbxP7nbI+
    MD5:5E925D8A39CF5E003AC239D8D449F409
    SHA1:67D84A89C6630D69C582D064462D763378D6E56B
    SHA-256:4F18491BE91A07E1A201A9DE071F283E796CADF7372F631F904AB85893B809D1
    SHA-512:66D1058FE17EE20D30300538451F1A57B04CB2B4879C33281D42C14E9F88A9BBC360CD294FCBF37AC9AA61A7E8858A696790CDFA65AF7814582C206A571E6B54
    Malicious:false
    Reputation:low
    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358526020576499","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":154229},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):508
    Entropy (8bit):5.060916805092798
    Encrypted:false
    SSDEEP:12:YH/um3RA8sqZoVksBdOg2HUXAcaq3QYiubxnP7E4T3OF+:Y2sRdsJdMHUXr3QYhbxP7nbI+
    MD5:5E925D8A39CF5E003AC239D8D449F409
    SHA1:67D84A89C6630D69C582D064462D763378D6E56B
    SHA-256:4F18491BE91A07E1A201A9DE071F283E796CADF7372F631F904AB85893B809D1
    SHA-512:66D1058FE17EE20D30300538451F1A57B04CB2B4879C33281D42C14E9F88A9BBC360CD294FCBF37AC9AA61A7E8858A696790CDFA65AF7814582C206A571E6B54
    Malicious:false
    Reputation:low
    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358526020576499","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":154229},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):4509
    Entropy (8bit):5.238940203774214
    Encrypted:false
    SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUeXCm7IrVmVIIXs:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLq
    MD5:9D47D5319158813C78A4F877DD31E468
    SHA1:303CAECD2533A41DBB107AF0A7BCD753961E1C5A
    SHA-256:314BC9D52EA0BD4A1B6AFE481C994E6D7DC443F5A29452204262D257B21DD23A
    SHA-512:30AC1404AA79100E65BF3063C15B93899965A41961A35BD2451AC093F00D445161B2CAE442228EE11F06DF16E86323B66752CD7879CBCBF1AF878FA290E62DB3
    Malicious:false
    Reputation:low
    Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):326
    Entropy (8bit):5.194322560907786
    Encrypted:false
    SSDEEP:6:/+q2P92nKuAl9OmbzNMxIFUt8BbZmw+1IVkwO92nKuAl9OmbzNMFLJ:Gv4HAa8jFUt8Bb/+1g5LHAa84J
    MD5:7E1936BCA07FC2F7A43EE308E305ED9D
    SHA1:BFF16672D22342AB331F46A19227163B7990E739
    SHA-256:2B2CD3E52AAE2FA4871840AB05328A02ACBCCFE6E13D4AF93E7E0089E0A29B89
    SHA-512:91D7F0B798189669DF2D73227E5E1F44CAF003654E911AF9C69402C10BB2F7FFF306B2339E71E05CD2EBCF92F5DA1558F2E133B012743C09370D52F0DED3B3DF
    Malicious:false
    Reputation:low
    Preview:2024/04/24-15:40:08.711 1498 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/24-15:40:08.712 1498 Recovering log #3.2024/04/24-15:40:08.713 1498 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):326
    Entropy (8bit):5.194322560907786
    Encrypted:false
    SSDEEP:6:/+q2P92nKuAl9OmbzNMxIFUt8BbZmw+1IVkwO92nKuAl9OmbzNMFLJ:Gv4HAa8jFUt8Bb/+1g5LHAa84J
    MD5:7E1936BCA07FC2F7A43EE308E305ED9D
    SHA1:BFF16672D22342AB331F46A19227163B7990E739
    SHA-256:2B2CD3E52AAE2FA4871840AB05328A02ACBCCFE6E13D4AF93E7E0089E0A29B89
    SHA-512:91D7F0B798189669DF2D73227E5E1F44CAF003654E911AF9C69402C10BB2F7FFF306B2339E71E05CD2EBCF92F5DA1558F2E133B012743C09370D52F0DED3B3DF
    Malicious:false
    Reputation:low
    Preview:2024/04/24-15:40:08.711 1498 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/24-15:40:08.712 1498 Recovering log #3.2024/04/24-15:40:08.713 1498 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424134012Z-157.bmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PC bitmap, Windows 3.x format, 164 x -115 x 32, cbSize 75494, bits offset 54
    Category:dropped
    Size (bytes):75494
    Entropy (8bit):1.2893035433313043
    Encrypted:false
    SSDEEP:96:1Gs64t0BkjnY7jMM4uMvby2iMMnMiMMBMM4MMfxEMRMnJ238gw/MR3MgMNLw8KVL:1RvuMohUDCY+YPB
    MD5:7E032A1DBF7F381F8DB8788AA8E11B91
    SHA1:C543B36DE654AD41CAA560CADC7E28D283487483
    SHA-256:798A48E877548C62FEF49413EE9A6A62C96A646BEB8966C4955E73B245E30F72
    SHA-512:966226EB9BE4080D4975A490D69FC72F9B8451B1ED1804F6E2F6C82658C8CD53631D94F4F9B95EDCDB1C9C03C5B26624312DE283073FBCBBFC61B85BEBF624D9
    Malicious:false
    Reputation:low
    Preview:BM.&......6...(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2468

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PostScript document text
    Category:dropped
    Size (bytes):185099
    Entropy (8bit):5.182478651346149
    Encrypted:false
    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
    MD5:94185C5850C26B3C6FC24ABC385CDA58
    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
    Malicious:false
    Reputation:moderate, very likely benign file
    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PostScript document text
    Category:dropped
    Size (bytes):185099
    Entropy (8bit):5.182478651346149
    Encrypted:false
    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
    MD5:94185C5850C26B3C6FC24ABC385CDA58
    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
    Malicious:false
    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):228346
    Entropy (8bit):3.3890581331110528
    Encrypted:false
    SSDEEP:1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgf/rRoL+sn:DPCaJ/3AYvYwgXFoL+sn
    MD5:BAE090D23B1C0D4F6DC247F0080D349E
    SHA1:8A7AAD52A54F9A3CCEF3CE323F6BBD5B2B530461
    SHA-256:D7D3096317CF32DBEDF75D85390FE89A96170D44C09B2F6D164036064F506AE3
    SHA-512:208136EBA10544EA5EADA1C32EADFD8066047A9D851FF95BADF9938D40AFA1771003C2725DB8C78991E700C73FA2FC3C9F3CC3712B3332E4CF6F8DDE0E539130
    Malicious:false
    Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):295
    Entropy (8bit):5.310879287265236
    Encrypted:false
    SSDEEP:6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJM3g98kUwPeUkwRe9:YvXKXNSYpW7PXq55GMbLUkee9
    MD5:BEAB647D3B1E1CEED7D9C2CD0008CE17
    SHA1:0D4A2DA9E50B565506F8A04BF4765586B7A8E629
    SHA-256:C36B4672A54732BB0DED78C1C491E0155693D4272208DB85218B0519AB88B0C0
    SHA-512:0D277976DA7C1B2A98E1D5C570833D1FB60B9AB47C22D5D0011992DD4D4FE43ABDE70CF3A649A8C505ECFF198DA00CA50E19557DEF5527B7BB0DFC1EA2DC4EA5
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"5bc3a69f-e5d5-43a6-ae86-0d0adca7dd20","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714142670172,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.248535956536991
    Encrypted:false
    SSDEEP:6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJfBoTfXpnrPeUkwRe9:YvXKXNSYpW7PXq55GWTfXcUkee9
    MD5:A682A49E132309E4A1DABBCF8F1B383C
    SHA1:527001EFC7612636C66BB1022220198A1648596D
    SHA-256:5BC2FF77D4F389E7E98D451F77CB5D88EE0929F0270FCB01EB4BE352CD1D0A4D
    SHA-512:BF0C01AE6EBE5744E8C51B77458D0D12C62F8B190D947DFE3676C3EDF38BDC7EFFE2E1AF89A5485BD312288AAF066165DAB79881D00198D8B60773CEB4ED83AB
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"5bc3a69f-e5d5-43a6-ae86-0d0adca7dd20","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714142670172,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.227084273062996
    Encrypted:false
    SSDEEP:6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJfBD2G6UpnrPeUkwRe9:YvXKXNSYpW7PXq55GR22cUkee9
    MD5:E071B0A3FF169ABD83BB95BDCE0421E6
    SHA1:53A675FBD6C2F2C35C56815B7EE80F7DC53F2191
    SHA-256:05515B5B0E904F3A60247CECB9A44A1C8DBF4D3FDBEB4D50A6BC3F4C311B482B
    SHA-512:4EC525C431A482263B1FD2FC8FDB9843B9B9B2B6A41DF072B30214366E01CEA8E3BBB636CC4428848BED5263DCF0D38967CE7389C0261CBBE6E150922E9E332D
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"5bc3a69f-e5d5-43a6-ae86-0d0adca7dd20","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714142670172,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):285
    Entropy (8bit):5.287930617584015
    Encrypted:false
    SSDEEP:6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJfPmwrPeUkwRe9:YvXKXNSYpW7PXq55GH56Ukee9
    MD5:AC7339C41AF76F34923E55061AF8550E
    SHA1:F1683DE7577844F5CCE0A7BB3FEFC8959B64BA80
    SHA-256:4F66DE05DA5E6B87052604E477E47CFCDF1A7550CA868616E7075466AD96C637
    SHA-512:579978391E52EEB5EEEB97E997669F27DFEE711BF92D758E5CAC1805D24F73141F1FC7EDF823576BBD3D98344387C86478D846926509C77C8374850EC45D6B98
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"5bc3a69f-e5d5-43a6-ae86-0d0adca7dd20","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714142670172,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.242881804325009
    Encrypted:false
    SSDEEP:6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJfJWCtMdPeUkwRe9:YvXKXNSYpW7PXq55GBS8Ukee9
    MD5:919228112E740D7BCDF39BEE37182A53
    SHA1:919D149B9C2022F25B5EC4C41473B1688099506A
    SHA-256:98DA7A1414420CDC20F46113159A73B8D35B89053DDE69C535837A36BDD737E7
    SHA-512:DB71A9DAE1092505D83B59ACCBBD3870E065A5994CCC5A16B6428C4AC55FB5BC1764F937B0FB5D588C5B989A473DB6B87BC8AA86DF9BF77093F6BCD725C3514C
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"5bc3a69f-e5d5-43a6-ae86-0d0adca7dd20","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714142670172,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.228395177261431
    Encrypted:false
    SSDEEP:6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJf8dPeUkwRe9:YvXKXNSYpW7PXq55GU8Ukee9
    MD5:CF3EF9CB9F3B393355F8C1B0F2CA6D8C
    SHA1:1EC451170EDB60C1CDC348F7C365F21E808022CD
    SHA-256:FEF92E169F14CC0A9E551BB4F56F16092A23BE57330F712394915D6D89F8CEB3
    SHA-512:8CB5C982D3A7A8CA7FCBBC4D869540DB30CCED4EF7DFE2547351E87ACDF36F25BB3D0BD6E9AB975E9D3AF62DA5F1302DC967168B3833EE1DD10C74462971B3FD
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"5bc3a69f-e5d5-43a6-ae86-0d0adca7dd20","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714142670172,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.2309298277385246
    Encrypted:false
    SSDEEP:6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJfQ1rPeUkwRe9:YvXKXNSYpW7PXq55GY16Ukee9
    MD5:D7ABBBA43D5BE0D2C8F92ED1245132F1
    SHA1:D1678297B87C30E6EF8B52F0781932CA834E2209
    SHA-256:2026099287D6CE7229B0230532B43A061AEBB77F0BD8D25E180ECCFD042A648A
    SHA-512:7ACE55BC218A900576713BC5A155635B5F2B78265FB51FDE47CA7942C938F3A0D457807030CD616D11D73E5D02FAE6C88192AE173A7DD4ABDBF8FDD2DD13F1EF
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"5bc3a69f-e5d5-43a6-ae86-0d0adca7dd20","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714142670172,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.246735106750028
    Encrypted:false
    SSDEEP:6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJfFldPeUkwRe9:YvXKXNSYpW7PXq55Gz8Ukee9
    MD5:7A4DE753BCF912D0DF0374136C259C9F
    SHA1:B1C1C30B8B4F50B6901E5325A4732B0B221D3063
    SHA-256:99C689A5E077D94D6E10D446C656DAD55562EDAA0A0609FCD2D52390B422560C
    SHA-512:82401FE6887185CB8E266DFF7BAE514C8FEAD7904FDD3B856A13756828E6E39FEB57767018EC5B6FE243D888D73685FBAEA40F6520CFA4EDD78B81F8C34EF688
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"5bc3a69f-e5d5-43a6-ae86-0d0adca7dd20","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714142670172,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1372
    Entropy (8bit):5.72943648424955
    Encrypted:false
    SSDEEP:24:Yv6XN3ii5lKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNeJq:YviSivEgigrNt0wSJn+ns8cvFJYJq
    MD5:9FC0B0578A68B793C12B85E0DC390D7F
    SHA1:9532FF14EC6DF86A2F774EF4681AA24CEB5CBAEA
    SHA-256:9C2A31F5E6858CFA42475BC28D019B38D862EDE4DE2C8E979039EFCDC0C9AD71
    SHA-512:35887728021D30D4350894A4584B913C32A078CCDA588409E86DCBF09DC5C590EA02416031F2ACB25398F61061F328A34A5F78017D841520A274BB5A1AE591AC
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"5bc3a69f-e5d5-43a6-ae86-0d0adca7dd20","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714142670172,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.2363673505593145
    Encrypted:false
    SSDEEP:6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJfYdPeUkwRe9:YvXKXNSYpW7PXq55Gg8Ukee9
    MD5:D0D51B64F0EC4AC42607A51C818DE9D5
    SHA1:37E81985CA51C9FC28DE31E200B6D1CA64D63E61
    SHA-256:B7CD29BA6F23CBBE9F239E6122D848F83E5647DBD450CAD8240FF082680FB532
    SHA-512:AFB9CF8B852FEFAED6C2121432545DE56CC9AFDB3BF34C925E172089815586B17CA36D8D58BD360E8F0B5946453635C5006D097FC425EA499C42761C261B013E
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"5bc3a69f-e5d5-43a6-ae86-0d0adca7dd20","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714142670172,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1395
    Entropy (8bit):5.764070453926904
    Encrypted:false
    SSDEEP:24:Yv6XN3ii5YrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNGJq:YviSiyHgDv3W2aYQfgB5OUupHrQ9FJUM
    MD5:152CA81EE236A8A5BF0163AE33E3A17B
    SHA1:72D7F5E6EE930A3DF1B7127BDBADEB2F21D706B4
    SHA-256:4FB07F880559FBC15521BFECDDE033F083881A91E826E90733F364EDBBD3047E
    SHA-512:87D3C5E7CA36A3B527A05E75477718E6DB8CE72E78B6C4BE06F143E6BF29721D31C123735DBB0D12C16D1A06F29398820C9ACCFFD72EF1F03BE8D35EAC252F39
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"5bc3a69f-e5d5-43a6-ae86-0d0adca7dd20","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714142670172,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):291
    Entropy (8bit):5.220351786030021
    Encrypted:false
    SSDEEP:6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJfbPtdPeUkwRe9:YvXKXNSYpW7PXq55GDV8Ukee9
    MD5:603FE05D6BC102D531DF6DF29F3C94F8
    SHA1:7A5BC9DA8629B337258BEE3EA43810FB07F97524
    SHA-256:FF253342D378C077A69BA3C362A7553F5D4DE7411AC4C8769E162ECA8027CB7E
    SHA-512:9BEF07C2D06B7CA20386EA6A614BE317BDF0632111684EEE1E80C70E1A6311D9D438634DF20363EA165FFEFEF2336E347FCC88470451902F1610F1E3A5CC658A
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"5bc3a69f-e5d5-43a6-ae86-0d0adca7dd20","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714142670172,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):287
    Entropy (8bit):5.2219842025067145
    Encrypted:false
    SSDEEP:6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJf21rPeUkwRe9:YvXKXNSYpW7PXq55G+16Ukee9
    MD5:0AFD78AD44618AAF5563A6220BDC9D83
    SHA1:4E0C5D1495BEFF0E8E51F9C7F6D6DCE139B32485
    SHA-256:C99B3AD2161A5FDFEF4E518645168CB9E62908911D607037EEE433E6A3D28558
    SHA-512:DAA5F4FDD1B26363704EB2741957999F41E9D750BF33AFAA19DB2D52C3C3A766F94F5EFEC2EC5C10FE34D33B8142EFFA9890E1311F5B5E665C980A8428B1B7BE
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"5bc3a69f-e5d5-43a6-ae86-0d0adca7dd20","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714142670172,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.243202479317462
    Encrypted:false
    SSDEEP:6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJfbpatdPeUkwRe9:YvXKXNSYpW7PXq55GVat8Ukee9
    MD5:433EE2173EC5C4A3082A940B203385FF
    SHA1:0A17BB1238118E1AFBA6897E44BB3FE5E3F2186E
    SHA-256:842E907DC5C1B3DF16EB3109629398E23E36846AB15189A8A9ADA9F5B92BBC70
    SHA-512:68F51F5628637C1027413C9603CD7E9C9065E0B79724788732123619446DA4382C93A0AFE1B9E5E64D2CD3287CFFABB4502D050972B0CA17BE2E2C28842E0371
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"5bc3a69f-e5d5-43a6-ae86-0d0adca7dd20","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714142670172,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):286
    Entropy (8bit):5.1933354445452435
    Encrypted:false
    SSDEEP:6:YEQXJ2HXH/KRqDH7+FIbRI6XVW7+0YAXq5DeoAvJfshHHrPeUkwRe9:YvXKXNSYpW7PXq55GUUUkee9
    MD5:41D78A765773CD9BB8013BCDE5B79726
    SHA1:6E8E072B97E722BEBE8A67C7B788BF4C84F91889
    SHA-256:E46C4632E3D8421B1F84DFA4BF4893444CD35B5B7EC51BBFEEB6BBF1BC3EFB40
    SHA-512:2DA71297C31129C7AA0D40D9D1CA002D1B7A5814107DAD341612F29CB21ECF3720B410CB362E04D0824C3695A75B9C5A5F77A178642EFBD26C22FC4DF8209E06
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"5bc3a69f-e5d5-43a6-ae86-0d0adca7dd20","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714142670172,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):782
    Entropy (8bit):5.345573550165266
    Encrypted:false
    SSDEEP:12:YvXKXNSYpW7PXq55GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWKrFfS:Yv6XN3ii5V168CgEXX5kcIfANhBJq
    MD5:937B4F211E6E7C82CDCA58856375A085
    SHA1:958870E226B5D1B6DA0903D97D2C47CBBFB29C7B
    SHA-256:42751FFF17EF8341278AEE0896EC9AC10C079B1C2A85822BC4C71C0A4C6DE111
    SHA-512:F90EEAB227E76DBF83CA526FAB681C0ABC803C54E8A75949F87720D17E6B73EBE68EE93E5AC5D631E48EBA12E1FBE231540A33E4B5F1C770DF7D7CFE11F5568B
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"5bc3a69f-e5d5-43a6-ae86-0d0adca7dd20","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714142670172,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1713966015203}}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):4
    Entropy (8bit):0.8112781244591328
    Encrypted:false
    SSDEEP:3:e:e
    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
    Malicious:false
    Preview:....

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):2814
    Entropy (8bit):5.140119878001567
    Encrypted:false
    SSDEEP:48:YewfuKHdcOS9avg0C6gs4iofyiKO7wvw6/rgJ9rPcG6Wff9OoBOT:3Y19vkgg0C6gs4iofyiKO7w46/rg3rUD
    MD5:1D1D8FC45793E331F3363E2BCAC61515
    SHA1:801EDF8D4B1D10936C751AD5AD8E2906FAACB0C7
    SHA-256:9843C3CDF546A1D7A22FA5F21C38BFF2A6631378A49BDDD937123183046DF42D
    SHA-512:22B97CAB5846998D2D5077123F015D2F2A1267D4E9280ED1A8BBB4395FD8536C7F2FC3ED4935DB7AF002920D12ACF20AF797E50CED389DE87B29B18A8210E370
    Malicious:false
    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"7c6aa30218a85f5dae857fabb246a931","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713966014000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"e909b089c9087bf35088a477fe0e0a2c","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713966014000},{"id":"Edit_InApp_Aug2020","info":{"dg":"490c0b38b4dd7f276fac64df69dbc01e","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713966014000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"f70295ccde88df2a51dd45837c53f80a","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713966014000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"90b14bf08dcd69de0d2937f90be58bbe","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713966014000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"f0d9c3350f5c5757b5a6f58d584a73c7","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713966014000},

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
    Category:dropped
    Size (bytes):12288
    Entropy (8bit):0.9848297705722995
    Encrypted:false
    SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Spc0j4zJwtNBwtNbRZ6bRZ4z0jF:TVl2GL7ms6ggOVpcpzutYtp6PaG
    MD5:3C1D2B0FD1473C686AC84B3DD82B22ED
    SHA1:34FF6F6720DFA4F424FCB7F75683F484C4ACF270
    SHA-256:16FFEB5CFEDC96B04130B13BFAEFF5F0F06B437D6D889741040ACE508212323E
    SHA-512:1EA8EE85AF07BA3B3DC22B86FE5FC9C129AA6F300725D2291B7616D6E31510B36EFF9476032706D16BD187D99020CC3E58ACEA39B0C72CEC410CB0DADC1C16DD
    Malicious:false
    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):8720
    Entropy (8bit):1.337113438267653
    Encrypted:false
    SSDEEP:24:7+t3AD1RZKHs/Ds/Spc0jPzJwtNBwtNbRZ6bRZWf1RZKNqLBx/XYKQvGJF7ursEn:7M3GgOVpcyzutYtp6PM0qll2GL7msEn
    MD5:4D475FEC8C1752249EDA7DD43737B02D
    SHA1:7092395533B2398A978E408B725C52652569F15E
    SHA-256:372008CAD11D95A9B0A5025E6E3E91F2667772D88E65EB46361B9D910DD3EDE7
    SHA-512:D1E9C5D8D63B7A93B7CED2E2ACE48E675A62BAB2E1C15CBD6343765E7EB60147B5FFAA17EB7BC57DDCFBBD9DC9BAA74E676ADB2C7A118A716CA0A078CC22379C
    Malicious:false
    Preview:.... .c.....,..L......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\MSIef639.LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):246
    Entropy (8bit):3.5065515051498046
    Encrypted:false
    SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c+a8j:Qw946cPbiOxDlbYnuRKH8
    MD5:39F454B81C579D3B97115A02AC2FF8AE
    SHA1:0B3AC33534B8AAAC233E66D724D3ACA0C42FDF9E
    SHA-256:C1C19C2A8B0B4BCA5C154B62785C34AC7B130984A788750C19EAE4A44F06FF89
    SHA-512:771257AA444E213559146EA27D3A8C5B29190A14BB88BA49C09110F589203CCD2B211E53A90CA24DF94ADD6097B6F8CD35A41D967A3CF272A5493BA1EF8D0503
    Malicious:false
    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.0.4./.2.0.2.4. . .1.5.:.4.0.:.1.5. .=.=.=.....

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 15-40-10-752.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393)
    Category:dropped
    Size (bytes):16525
    Entropy (8bit):5.376360055978702
    Encrypted:false
    SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
    MD5:1336667A75083BF81E2632FABAA88B67
    SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
    SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
    SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
    Malicious:false
    Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393), with CRLF line terminators
    Category:dropped
    Size (bytes):16603
    Entropy (8bit):5.367343356532586
    Encrypted:false
    SSDEEP:384:dUwVgaurCNrtNG7OA38a8niad6ctNJcwHThXjR5tGt59WIq8wKfueCbCLKIiTjEm:3x4+/
    MD5:BDCD4CD120ACDC43B0C8A459B0E5F2C9
    SHA1:99748B4FA344F7C3A45C0E23176B11A10725391C
    SHA-256:02E8F94819885000FDC88891C6F68248A9F0571B7D5708A9A62029B534C3455D
    SHA-512:130DD201874BF758324A11C1E4603B7A8A8021D172FC900E6B96FA55E326E1CE6DD7ACE53A92CD7D0F3268B9095EA76C17BDF0A2D9F793464FD935C91E9CA089
    Malicious:false
    Preview:SessionID=9685b172-0d4b-4889-92e9-130b369a6234.1713966010767 Timestamp=2024-04-24T15:40:10:768+0200 ThreadID=3792 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=9685b172-0d4b-4889-92e9-130b369a6234.1713966010767 Timestamp=2024-04-24T15:40:10:770+0200 ThreadID=3792 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=9685b172-0d4b-4889-92e9-130b369a6234.1713966010767 Timestamp=2024-04-24T15:40:10:770+0200 ThreadID=3792 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=9685b172-0d4b-4889-92e9-130b369a6234.1713966010767 Timestamp=2024-04-24T15:40:10:770+0200 ThreadID=3792 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=9685b172-0d4b-4889-92e9-130b369a6234.1713966010767 Timestamp=2024-04-24T15:40:10:770+0200 ThreadID=3792 Component=ngl-lib_NglAppLib Description="SetConf

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):29845
    Entropy (8bit):5.3837413751797785
    Encrypted:false
    SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbh:l
    MD5:DD306F19AA0E68EA4B110C73C1BB5665
    SHA1:EE458E2DD52E93EE7773A6D5DA0C6106A3DFE825
    SHA-256:47BF303FF30A5ED8929821AE9D67626F2563664F31E6B6D95CE701F62F270D6E
    SHA-512:6E7225F15D29A2E0E5DDA8ED53A8118647DCEBC097246CF4EB15A1DF6F2E4BF5391B2CAE1E9807598D06AC7CFBFD1B5FE021CC1E5311E1E3F4AB87F8E68CA0D3
    Malicious:false
    Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

    C:\Users\user\AppData\Local\Temp\acrocef_low\3548b6e5-3d87-42d9-a813-db1d13cdee31.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
    Category:dropped
    Size (bytes):386528
    Entropy (8bit):7.9736851559892425
    Encrypted:false
    SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
    MD5:5C48B0AD2FEF800949466AE872E1F1E2
    SHA1:337D617AE142815EDDACB48484628C1F16692A2F
    SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
    SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
    Malicious:false
    Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

    C:\Users\user\AppData\Local\Temp\acrocef_low\9a6d4b75-12ce-4c1a-b7b1-83273d4922f2.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
    Category:dropped
    Size (bytes):1407294
    Entropy (8bit):7.97605879016224
    Encrypted:false
    SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
    MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
    SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
    SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
    SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
    Malicious:false
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    C:\Users\user\AppData\Local\Temp\acrocef_low\cc37dd18-4b12-43a9-871d-d13fc8b9c2eb.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
    Category:dropped
    Size (bytes):1419751
    Entropy (8bit):7.976496077007677
    Encrypted:false
    SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
    MD5:18E3D04537AF72FDBEB3760B2D10C80E
    SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
    SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
    SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
    Malicious:false
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    C:\Users\user\AppData\Local\Temp\acrocef_low\dfbf5f5b-1758-4de9-a4c3-49b2965f5f80.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
    Category:dropped
    Size (bytes):758601
    Entropy (8bit):7.98639316555857
    Encrypted:false
    SSDEEP:12288:ONh3P65+Tegs6121D1ybxrr/IxkB1mabFhOXZ/fEa+bSWBlkipdjuGTJJJJv+9U0:O3Pjegf121DMNB1Dofj0S8lkipdj/JJg
    MD5:410BB1A54ECCE470696636D4C2000E33
    SHA1:53A6AC06832DAA17D7C006C0A9B8B30597701926
    SHA-256:8B6D42D70862D6623F66B09F6819A35E1AF4ACC409461E140DA020F386877F92
    SHA-512:1A46EDB52F5785C7B9D1FF702CC62764BFDD3EDA5848740B00751E7F4C3AE7C691E88A26B1AE7F5213242887846BEC92C02C744B43046E7414F4D6B85E0E5913
    Malicious:false
    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

    Static File Info

    General

    File type:PDF document, version 1.7, 1 pages
    Entropy (8bit):7.842134747965441
    TrID:
    • Adobe Portable Document Format (5005/1) 100.00%
    File name:Unbenannte Anlage 00015.pdf
    File size:94'059 bytes
    MD5:91184d58a2f2a336ac755a52be7a32d6
    SHA1:06efc92b74bd749bfbdd02bfdf15e0dbd45fc6b9
    SHA256:d206fbe1ec3cf0fd39b9c5e5b93818b2a275badff047f32618612f98a1b08f07
    SHA512:0d7cb60ee919fb621bd751fac3bb447b819411f247bbb37b99340bf4f5cc7a461f0e734778a21c351954d3551ec14e4974ad8f188a8a422eb436a489b14a77a2
    SSDEEP:1536:q696P9/x991s5l0zQCzNa8WpVIWGTBF5rKR7R+gZFeQPe/oNGpPR0lHL1E79d5f3:OPZfs5KMpVGTpKR7NZdm/oNGRRAHZg93
    TLSH:D293CF54814938CDD2A153C22B5B3D2D331DB271B1C946903EACC79707A2ABBD92FE4B
    File Content Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(de-DE) /StructTreeRoot 19 0 R/MarkInfo<</Marked true>>/Metadata 165 0 R/ViewerPreferences 166 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 4 0 R] >>..endobj..3 0 obj..<</Title(Titel) /Autho

    File Icon

    Icon Hash:62cc8caeb29e8ae0

    Static PDF Info

    General

    Header:%PDF-1.7
    Total Entropy:7.842135
    Total Bytes:94059
    Stream Entropy:7.948248
    Stream Bytes:84328
    Entropy outside Streams:4.623500
    Bytes outside Streams:9731
    Number of EOF found:2
    Bytes after EOF:

    Keywords Statistics

    NameCount
    obj30
    endobj30
    stream8
    endstream8
    xref2
    trailer2
    startxref2
    /Page1
    /Encrypt0
    /ObjStm1
    /URI0
    /JS0
    /JavaScript0
    /AA0
    /OpenAction0
    /AcroForm0
    /JBIG2Decode0
    /RichMedia0
    /Launch0
    /EmbeddedFile0

    Network Behavior

    Network Port Distribution

    TCP Packets

    TimestampSource PortDest PortSource IPDest IP
    Apr 24, 2024 15:40:21.823941946 CEST49714443192.168.2.523.3.84.164
    Apr 24, 2024 15:40:21.823986053 CEST4434971423.3.84.164192.168.2.5
    Apr 24, 2024 15:40:21.824067116 CEST49714443192.168.2.523.3.84.164
    Apr 24, 2024 15:40:21.824238062 CEST49714443192.168.2.523.3.84.164
    Apr 24, 2024 15:40:21.824250937 CEST4434971423.3.84.164192.168.2.5
    Apr 24, 2024 15:40:22.317254066 CEST4434971423.3.84.164192.168.2.5
    Apr 24, 2024 15:40:22.317811012 CEST49714443192.168.2.523.3.84.164
    Apr 24, 2024 15:40:22.317830086 CEST4434971423.3.84.164192.168.2.5
    Apr 24, 2024 15:40:22.318852901 CEST4434971423.3.84.164192.168.2.5
    Apr 24, 2024 15:40:22.318927050 CEST49714443192.168.2.523.3.84.164
    Apr 24, 2024 15:40:22.320915937 CEST49714443192.168.2.523.3.84.164
    Apr 24, 2024 15:40:22.320980072 CEST4434971423.3.84.164192.168.2.5
    Apr 24, 2024 15:40:22.321083069 CEST49714443192.168.2.523.3.84.164
    Apr 24, 2024 15:40:22.321089983 CEST4434971423.3.84.164192.168.2.5
    Apr 24, 2024 15:40:22.375680923 CEST49714443192.168.2.523.3.84.164
    Apr 24, 2024 15:40:22.492088079 CEST4434971423.3.84.164192.168.2.5
    Apr 24, 2024 15:40:22.492172003 CEST4434971423.3.84.164192.168.2.5
    Apr 24, 2024 15:40:22.492331982 CEST49714443192.168.2.523.3.84.164
    Apr 24, 2024 15:40:22.492757082 CEST49714443192.168.2.523.3.84.164
    Apr 24, 2024 15:40:22.492778063 CEST4434971423.3.84.164192.168.2.5

    HTTP Request Dependency Graph

    • armmf.adobe.com

    HTTPS Proxied Packets

    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    0192.168.2.54971423.3.84.1644435700C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    TimestampBytes transferredDirectionData
    2024-04-24 13:40:22 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
    Host: armmf.adobe.com
    Connection: keep-alive
    Accept-Language: en-US,en;q=0.9
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: no-cors
    Sec-Fetch-Dest: empty
    Accept-Encoding: gzip, deflate, br
    If-None-Match: "78-5faa31cce96da"
    If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
    2024-04-24 13:40:22 UTC198INHTTP/1.1 304 Not Modified
    Content-Type: text/plain; charset=UTF-8
    Last-Modified: Mon, 01 May 2023 15:02:33 GMT
    ETag: "78-5faa31cce96da"
    Date: Wed, 24 Apr 2024 13:40:22 GMT
    Connection: close


    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    High Level Behavior Distribution

    Click to dive into process behavior distribution

    Behavior

    Click to jump to process

    System Behavior

    General

    Target ID:0
    Start time:15:40:07
    Start date:24/04/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Unbenannte Anlage 00015.pdf"
    Imagebase:0x7ff686a00000
    File size:5'641'176 bytes
    MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:moderate
    Has exited:true

    General

    Target ID:2
    Start time:15:40:08
    Start date:24/04/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
    Imagebase:0x7ff6413e0000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:moderate
    Has exited:true

    General

    Target ID:4
    Start time:15:40:08
    Start date:24/04/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1520,i,8063962907802656780,12286299177463123418,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    Imagebase:0x7ff6413e0000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:moderate
    Has exited:true

    Disassembly

    No disassembly