Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
B0CVFJGTZY.pdf

Overview

General Information

Sample name:B0CVFJGTZY.pdf
Analysis ID:1431854
MD5:ac5b74f11fd6e27983a5883b7b6ff3b5
SHA1:87749916e71702d0678fcf722eb73c24ea701b52
SHA256:4fc3f5c6068ed6bc23f00d8d5171ff22c23dc38209d677839b681ad11500af5b
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7332 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\B0CVFJGTZY.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7528 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7760 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1524,i,11071811492861082364,15687375164594026252,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49740
Source: global trafficTCP traffic: 192.168.2.4:49740 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.4:49740
Source: Joe Sandbox ViewIP Address: 184.25.164.138 184.25.164.138
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: classification engineClassification label: clean2.winPDF@14/41@0/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7412Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 21-46-21-685.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\B0CVFJGTZY.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1524,i,11071811492861082364,15687375164594026252,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1524,i,11071811492861082364,15687375164594026252,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: B0CVFJGTZY.pdfInitial sample: PDF keyword /JS count = 0
Source: B0CVFJGTZY.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: B0CVFJGTZY.pdfInitial sample: PDF keyword /Page count = 19
Source: B0CVFJGTZY.pdfInitial sample: PDF keyword stream count = 56
Source: B0CVFJGTZY.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: B0CVFJGTZY.pdfInitial sample: PDF keyword endobj count = 208
Source: B0CVFJGTZY.pdfInitial sample: PDF keyword obj count = 209
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive12
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1431854 Sample: B0CVFJGTZY.pdf Startdate: 25/04/2024 Architecture: WINDOWS Score: 2 6 Acrobat.exe 78 2->6         started        process3 8 AcroCEF.exe 104 6->8         started        process4 10 AcroCEF.exe 2 8->10         started        dnsIp5 13 184.25.164.138, 443, 49740, 49741 BBIL-APBHARTIAirtelLtdIN United States 10->13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
B0CVFJGTZY.pdf0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
184.25.164.138
unknownUnited States
9498BBIL-APBHARTIAirtelLtdINfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1431854
Start date and time:2024-04-25 21:45:30 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 15s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:11
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:B0CVFJGTZY.pdf
Detection:CLEAN
Classification:clean2.winPDF@14/41@0/1
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 96.7.224.35, 96.7.224.81, 96.7.224.58, 96.7.224.59, 184.31.60.185, 23.22.254.206, 52.202.204.11, 54.227.187.23, 52.5.13.197, 172.64.41.3, 162.159.61.3, 96.7.224.9, 96.7.224.49, 96.7.224.48, 96.7.224.67, 96.7.224.64, 23.34.82.70, 23.34.82.78, 23.47.204.33, 23.47.204.4, 23.47.204.8, 173.223.239.135, 173.223.239.171
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
184.25.164.138aios3.exeGet hashmaliciousUnknownBrowse
    ppop_verification_request.zipGet hashmaliciousUnknownBrowse
      Proposal Invitation_ Proposal is Due by the EOB May 15.emlGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
        file.pdf.download.lnkGet hashmaliciousUnknownBrowse
          Factura_SA161.pdf.lnkGet hashmaliciousRHADAMANTHYSBrowse
            Re_ Medina County Kitchen.emlGet hashmaliciousUnknownBrowse
              oiDDogdK9A.exeGet hashmaliciousLokibot, PureLog Stealer, zgRATBrowse
                New_Order.xlsGet hashmaliciousUnknownBrowse
                  https://enfoldindia.org/wp-content/uploads/2019/06/Restorative-Circle-Handbook-for-CCI.pdfGet hashmaliciousUnknownBrowse
                    TaxForm.lnkGet hashmaliciousDarkGate, MailPassViewBrowse

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      BBIL-APBHARTIAirtelLtdINaios3.exeGet hashmaliciousUnknownBrowse
                      • 184.25.164.138
                      BitTorrent-7.6.exeGet hashmaliciousUnknownBrowse
                      • 122.185.41.86
                      ppop_verification_request.zipGet hashmaliciousUnknownBrowse
                      • 184.25.164.138
                      https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:24e81d17-b801-4fad-ae25-120d655923c5Get hashmaliciousRemcosBrowse
                      • 23.209.188.17
                      Proposal Invitation_ Proposal is Due by the EOB May 15.emlGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                      • 184.25.164.138
                      file.pdf.download.lnkGet hashmaliciousUnknownBrowse
                      • 184.25.164.138
                      Factura_SA161.pdf.lnkGet hashmaliciousRHADAMANTHYSBrowse
                      • 184.25.164.138
                      Ud310iQZnO.elfGet hashmaliciousMiraiBrowse
                      • 182.74.25.30
                      tWpGuzQQoW.elfGet hashmaliciousMiraiBrowse
                      • 122.185.203.209
                      kGbjOmkleq.elfGet hashmaliciousMiraiBrowse
                      • 125.23.195.204

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.2528392225323595
                      Encrypted:false
                      SSDEEP:6:3U5++h+q2Pwkn2nKuAl9OmbnIFUt8MU5+0c5Zmw+MU5+0ctVkwOwkn2nKuAl9Omt:kE+svYfHAahFUt8VE0c5/+VE0cT5JfHi
                      MD5:4D7840D44511615CAA6B6830C9DE1ECE
                      SHA1:268948D699718FC3099324510D690BCF560B37E2
                      SHA-256:A812659CA752F8F6637048CC0B4B10C28FA7E78755DA69E41762AA0D44299CF5
                      SHA-512:DFCABC218069C7C0AE1A4FFCAB80BEAB760D827C2FBB1DC7463F1A357C1BCAD7A98BF37B5E413E4D507B6B55392B81F66ECAB2D6D0377D4FB74FE61D07225605
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/25-21:46:21.883 1d98 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/25-21:46:21.884 1d98 Recovering log #3.2024/04/25-21:46:21.884 1d98 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.2528392225323595
                      Encrypted:false
                      SSDEEP:6:3U5++h+q2Pwkn2nKuAl9OmbnIFUt8MU5+0c5Zmw+MU5+0ctVkwOwkn2nKuAl9Omt:kE+svYfHAahFUt8VE0c5/+VE0cT5JfHi
                      MD5:4D7840D44511615CAA6B6830C9DE1ECE
                      SHA1:268948D699718FC3099324510D690BCF560B37E2
                      SHA-256:A812659CA752F8F6637048CC0B4B10C28FA7E78755DA69E41762AA0D44299CF5
                      SHA-512:DFCABC218069C7C0AE1A4FFCAB80BEAB760D827C2FBB1DC7463F1A357C1BCAD7A98BF37B5E413E4D507B6B55392B81F66ECAB2D6D0377D4FB74FE61D07225605
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/25-21:46:21.883 1d98 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/25-21:46:21.884 1d98 Recovering log #3.2024/04/25-21:46:21.884 1d98 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):336
                      Entropy (8bit):5.164717695371136
                      Encrypted:false
                      SSDEEP:6:3U5/AdpM+q2Pwkn2nKuAl9Ombzo2jMGIFUt8MU58SZmw+MU58oMVkwOwkn2nKuAv:kx4pM+vYfHAa8uFUt8ViS/+VioMV5Jfg
                      MD5:E4B6F3299EF2EF165A01406C84F86C84
                      SHA1:51B625D9F0873EA2B7650B6EB7C4CFEBF3BFC88F
                      SHA-256:94601A0A0EB89E41891542547A86D8C94B83FA4E84390D26AED551C83459F7A1
                      SHA-512:F16C0884503A1E0242FA5367B3C21DB9C4DE30BC6F993B453B7D8F8E2BB1B225F4BFBA99BCC3A8F534610160C25E213DA650EE2BB8492D65319EF0814DDE3254
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/25-21:46:22.029 1e8c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/25-21:46:22.030 1e8c Recovering log #3.2024/04/25-21:46:22.031 1e8c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):336
                      Entropy (8bit):5.164717695371136
                      Encrypted:false
                      SSDEEP:6:3U5/AdpM+q2Pwkn2nKuAl9Ombzo2jMGIFUt8MU58SZmw+MU58oMVkwOwkn2nKuAv:kx4pM+vYfHAa8uFUt8ViS/+VioMV5Jfg
                      MD5:E4B6F3299EF2EF165A01406C84F86C84
                      SHA1:51B625D9F0873EA2B7650B6EB7C4CFEBF3BFC88F
                      SHA-256:94601A0A0EB89E41891542547A86D8C94B83FA4E84390D26AED551C83459F7A1
                      SHA-512:F16C0884503A1E0242FA5367B3C21DB9C4DE30BC6F993B453B7D8F8E2BB1B225F4BFBA99BCC3A8F534610160C25E213DA650EE2BB8492D65319EF0814DDE3254
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/25-21:46:22.029 1e8c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/25-21:46:22.030 1e8c Recovering log #3.2024/04/25-21:46:22.031 1e8c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\78bcf6d5-b2bc-43fd-86c9-b90edf718c56.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:modified
                      Size (bytes):475
                      Entropy (8bit):4.957862660042655
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqZhhsBdOg2H8Acaq3QYiubInP7E4T3y:Y2sRdsTdMH8r3QYhbG7nby
                      MD5:633C4677AB384D0D0DA548B0F5398E1A
                      SHA1:0526B5C216DF08DD183AB81BCA75E594253F56E2
                      SHA-256:8A2E2DB8ECA8A44023F26A492B23B5F385C40E92237A06A9EB38307A6ED1B168
                      SHA-512:263F29D36192F59CD631735C75D9E3512E0C3FFCFA848AF3280978DD2C5A7C8B65C4E27AD389A1AC6837625C7E3213164D97E1C1467D8A4D8176EB6B394E9F9F
                      Malicious:false
                      Reputation:low
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358634391360004","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":111615},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):475
                      Entropy (8bit):4.957862660042655
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqZhhsBdOg2H8Acaq3QYiubInP7E4T3y:Y2sRdsTdMH8r3QYhbG7nby
                      MD5:633C4677AB384D0D0DA548B0F5398E1A
                      SHA1:0526B5C216DF08DD183AB81BCA75E594253F56E2
                      SHA-256:8A2E2DB8ECA8A44023F26A492B23B5F385C40E92237A06A9EB38307A6ED1B168
                      SHA-512:263F29D36192F59CD631735C75D9E3512E0C3FFCFA848AF3280978DD2C5A7C8B65C4E27AD389A1AC6837625C7E3213164D97E1C1467D8A4D8176EB6B394E9F9F
                      Malicious:false
                      Reputation:low
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358634391360004","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":111615},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4320
                      Entropy (8bit):5.253826749261448
                      Encrypted:false
                      SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo78duyezs1:etJCV4FiN/jTN/2r8Mta02fEhgO73goO
                      MD5:B446CEF020159AE1124B72D652F9618D
                      SHA1:7286268C2E1B309D13409878FAA188A6F9800127
                      SHA-256:B4BDB26DADB51AF11E0C6DE0E7DF47C9AAD3B073F503C7228D9AEDEA340F2F94
                      SHA-512:DDEA0BFAE800086245D372408CFDA33C5D781F7514027FABF9BB9EA78F7FC62445ABBC6F9CB7B6856AD12D336341C879FAFAFBBFD0AC7643314BDA745979386A
                      Malicious:false
                      Reputation:low
                      Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):324
                      Entropy (8bit):5.1425558259729565
                      Encrypted:false
                      SSDEEP:6:3U5U/jpM+q2Pwkn2nKuAl9OmbzNMxIFUt8MU5U/jmZmw+MU5UGGqMVkwOwkn2nKA:kK/VM+vYfHAa8jFUt8VK/K/+VK4MV5JH
                      MD5:FEDC3FAC76CE2EBD684959137B31D271
                      SHA1:F7522A1B18841DEACCDB7821D3C7F08519EA2B8F
                      SHA-256:CB2268082BBFF262614434A7EB322DCA0DF80E80E4393A3EE7B331A79F8B750A
                      SHA-512:1F51C8032BD4DCE7D99E97A4B98482C9A0A2274A2B883A30D3DBF201554F0E24BBF39C7FE430A80E6FBECBA574ABBC2922CFDAE91FD3BE87F389958CB1424E22
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/25-21:46:22.120 1e8c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/25-21:46:22.120 1e8c Recovering log #3.2024/04/25-21:46:22.121 1e8c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):324
                      Entropy (8bit):5.1425558259729565
                      Encrypted:false
                      SSDEEP:6:3U5U/jpM+q2Pwkn2nKuAl9OmbzNMxIFUt8MU5U/jmZmw+MU5UGGqMVkwOwkn2nKA:kK/VM+vYfHAa8jFUt8VK/K/+VK4MV5JH
                      MD5:FEDC3FAC76CE2EBD684959137B31D271
                      SHA1:F7522A1B18841DEACCDB7821D3C7F08519EA2B8F
                      SHA-256:CB2268082BBFF262614434A7EB322DCA0DF80E80E4393A3EE7B331A79F8B750A
                      SHA-512:1F51C8032BD4DCE7D99E97A4B98482C9A0A2274A2B883A30D3DBF201554F0E24BBF39C7FE430A80E6FBECBA574ABBC2922CFDAE91FD3BE87F389958CB1424E22
                      Malicious:false
                      Reputation:low
                      Preview:2024/04/25-21:46:22.120 1e8c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/25-21:46:22.120 1e8c Recovering log #3.2024/04/25-21:46:22.121 1e8c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                      Category:dropped
                      Size (bytes):86016
                      Entropy (8bit):4.4449986289457915
                      Encrypted:false
                      SSDEEP:384:yezci5tPiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rEs3OazzU89UTTgUL
                      MD5:59BF5BFE0673AF1A76B5C08A8A43ED6C
                      SHA1:42D8F05A8E630DB6659EBF1DCA25AC4D80F13705
                      SHA-256:2B79DA1CC0E15F12913A80A90907D74B3E648DFF000DD143504E7CC295DE0958
                      SHA-512:7BCC39A736A8199EA625EC0A6E988FA2AA51A80959309AC552136A23B47987F64F91124141108BAB16D47DED34C6EDE40CD2933A1B58BCDEB6BDC0E49F29426F
                      Malicious:false
                      Reputation:low
                      Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):3.7735897410475796
                      Encrypted:false
                      SSDEEP:48:7M6pA2ioyVYioywoWoy1Cwoy14KOioy1noy1AYoy1Wioy11ioyeioyBoy1noy1O/:7ppfuYCfX2jipb9IVXEBodRBkW
                      MD5:0012B2EB6B943945B19E15DCA853D491
                      SHA1:181496AFC84FCCD38FD1892469CB9E98B52C296B
                      SHA-256:1C33C65A6F1CF3C2154057B9EA3430814D43E775EBBAA57DCF0BE73C2AE36E64
                      SHA-512:8C0537A2069AB1144889CE787AA53B6B1D7F94B5ED49BF01DB1E571FDBAD417C16AD63028735CC9A0C44B5C821801BB526EA231DEB1AF70BB44C875EE7B1FEB4
                      Malicious:false
                      Reputation:low
                      Preview:.... .c........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7412

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):185099
                      Entropy (8bit):5.182478651346149
                      Encrypted:false
                      SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                      MD5:94185C5850C26B3C6FC24ABC385CDA58
                      SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                      SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                      SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                      Malicious:false
                      Reputation:moderate, very likely benign file
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):185099
                      Entropy (8bit):5.182478651346149
                      Encrypted:false
                      SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                      MD5:94185C5850C26B3C6FC24ABC385CDA58
                      SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                      SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                      SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                      Malicious:false
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):295
                      Entropy (8bit):5.361615678842941
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJM3g98kUwPeUkwRe9:YvXKXFeUEz3EZc0vAYsGMbLUkee9
                      MD5:6A3B0444FD4DD0E894955E3F80390609
                      SHA1:CFACC7D80BA406A1F607981A6954688DEE8DD388
                      SHA-256:23F91D5FAD78B0B4EF727819D7861F94DADC762E927847787A921D03B6BBA6BE
                      SHA-512:4E79370A40D00C582C8C484EAE5B0FA7135623FB18B4556269E204BEFCAB209E00C6384EBD2FE6C7ABBF6A29227B7A0FB6058B20C20EA6BF91A4AEF9F85DB55D
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"280ab80a-d065-4123-b668-be9ac1a85294","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714248702061,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.313687484437564
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJfBoTfXpnrPeUkwRe9:YvXKXFeUEz3EZc0vAYsGWTfXcUkee9
                      MD5:E9C332CEC5121E72B4770DF13DE9BF88
                      SHA1:C66EDCB6D6AC55B4F26914E9F7C5D2A5A8C0F05E
                      SHA-256:1480EFDD126282C550ED061A7C68F70E76592BF171FCC58BC3135409D7E58A54
                      SHA-512:BF4014CF6702A0635BE1DB63885E28CC2596383977E40B29BF43D626104A6F2371529C163061A77907D37D8D9B0B09E4AA9D41186D62B83F04062982534DCA71
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"280ab80a-d065-4123-b668-be9ac1a85294","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714248702061,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.292393698664442
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJfBD2G6UpnrPeUkwRe9:YvXKXFeUEz3EZc0vAYsGR22cUkee9
                      MD5:C1EFCDC5FC4C3B9BD79F5EEFBF263BF0
                      SHA1:19527F3F125651CCAFDD1974924635ED5F4B9689
                      SHA-256:2B4514866853CD01EB2D6F60FE2D9A6AD57A421350EE9645B9C665C8841EBEF1
                      SHA-512:366F4AEA1B7328AE7AAC5BB5944E7E4E7150F62D9B6EF61C74EBE9DB6A55B0570B2A5A5A51FC26501DB5E9EB5EBDF05B6B0B63C00B733D0EFC66014CADBF5DA2
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"280ab80a-d065-4123-b668-be9ac1a85294","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714248702061,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):285
                      Entropy (8bit):5.348564861968828
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJfPmwrPeUkwRe9:YvXKXFeUEz3EZc0vAYsGH56Ukee9
                      MD5:92C7A1C51B5A9F489B621E8281A3FF5C
                      SHA1:6EB1F2DCCD621266B50D92060C1B076C4003E0AF
                      SHA-256:E8B1FBD090B9EDB4CEFFA3236238805E45ABC01CFFD8DB2622AB82584E479ADB
                      SHA-512:A30494023C3D75EDCBFD1AD418E4BE50A11BD216C816E653BF4CD9831909E11291B96E0E1A4BB1927A955555FCA6273B4261F8F550DD8B2AD8C3A494713443C5
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"280ab80a-d065-4123-b668-be9ac1a85294","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714248702061,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.3088428346322605
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJfJWCtMdPeUkwRe9:YvXKXFeUEz3EZc0vAYsGBS8Ukee9
                      MD5:B18431976734640659642E0DA8082DF2
                      SHA1:4D343EEDF5D516574721DB926E273D9D27E4DA41
                      SHA-256:01491450CFB8DD43BAC35FDD2441CC41FBCDBFC6C299948A28B10CFA4BF6DD11
                      SHA-512:BF93E7B694AF945D5A2CF715FA8B6CA35CE816490A381DF08DE728959C123A09261795B02EA42B53D2238BA620AAC45F99916F8D4A464643EBB0FBB32AE7A578
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"280ab80a-d065-4123-b668-be9ac1a85294","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714248702061,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.295923466540315
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJf8dPeUkwRe9:YvXKXFeUEz3EZc0vAYsGU8Ukee9
                      MD5:4617A5DDDDCD580BD524DC3923B2B31C
                      SHA1:27BA0A8764EE97DC026CB0094FC6E950E94E994E
                      SHA-256:4D370CEF7739CC7EC617C1A285D1483FBDEC45979E48FFB192EF81333C9480E2
                      SHA-512:1AA017BCD0772E4217DF9E2B2B033EEC2503C1D842BDDA88C6E32458745F37B870AF14C0034D79817FC6CB4E58793AE3FC64E038D3B031AED32498B25FE922B6
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"280ab80a-d065-4123-b668-be9ac1a85294","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714248702061,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.300722209877115
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJfQ1rPeUkwRe9:YvXKXFeUEz3EZc0vAYsGY16Ukee9
                      MD5:32A1E4897ADD64FE0BD056F3541920ED
                      SHA1:2A27B46489C86EE3B52FC670239BB942CDBE260D
                      SHA-256:B58DF9E90E01C5B5C6F63088E4FAB681D7DB35A56FD03F6AE7E920822C813596
                      SHA-512:C5AB2A2232BB9D6AD98E29B62E51C4A405B10990F42859338168345DF8B42972B927C9D83DE3CD0AC2A68828AEE8EA41A987C06FAB0F65203788A70326A9B5D8
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"280ab80a-d065-4123-b668-be9ac1a85294","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714248702061,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.305731682553468
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJfFldPeUkwRe9:YvXKXFeUEz3EZc0vAYsGz8Ukee9
                      MD5:BE1C327B8EA2DEB2407990AB80E07B08
                      SHA1:A38F0C1D6EC1EF1F484D6397B963711AF762E52F
                      SHA-256:E7F4DD4AB2A8AF56E54B0B32F23EE945254E254860144F8833F72BE90557C99A
                      SHA-512:8595B13E16EDC8F512CADF1C8138C6B7DF39E85715F7D5DFB732CEFA4CAE6DCAA2B9235C6004535C45444201BA20B84F04546785460ECC9196EE4BEAAE5C5B6B
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"280ab80a-d065-4123-b668-be9ac1a85294","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714248702061,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1372
                      Entropy (8bit):5.7385275023099265
                      Encrypted:false
                      SSDEEP:24:Yv6XRw0zvAYUKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNm:Yvj8Y7EgigrNt0wSJn+ns8cvFJg
                      MD5:8AEF7617817EC71F2C3312A01D6A6C67
                      SHA1:81D603D86185CDC8AD65643D903AF5D65B07606C
                      SHA-256:42F8425DC84EBCEE96AABA68C19FCDA495F7AEA219EB7D8D00FB0DCE9CD397B4
                      SHA-512:711BD9BB656B9D3446DFA531267437A56D0E86A2AB7E2752D6807D744540F72D9C3966212F703CF740A106E65926C0FCFC9D1AAC7881831B85A8CC4928BF49E6
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"280ab80a-d065-4123-b668-be9ac1a85294","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714248702061,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.302007927702095
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJfYdPeUkwRe9:YvXKXFeUEz3EZc0vAYsGg8Ukee9
                      MD5:4D02B4A9A174B0017CC11F8320B64643
                      SHA1:34068F4B73E5E479BD88865C747372B888B3E752
                      SHA-256:DDBABF2447A3371CBC305B703FDE45DE62B12A39E1A94A2395A6C572C5A20D5E
                      SHA-512:7B652DE8059F9934416155C8CF15A961DDA6C1600551D5DCAA21D637A58A20388615EB311CE8E289F66EE3EB78E07DF260EDCDF3C6A386F01E39805A68233AB0
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"280ab80a-d065-4123-b668-be9ac1a85294","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714248702061,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1395
                      Entropy (8bit):5.777844019767542
                      Encrypted:false
                      SSDEEP:24:Yv6XRw0zvAY7rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNO:Yvj8YmHgDv3W2aYQfgB5OUupHrQ9FJ0
                      MD5:20F702BF8D739A0B0D175423750AA0EF
                      SHA1:ACAA87A72E058BABC2FAC1048B44C0AC5E2C7BC3
                      SHA-256:13BE3B7D710306F2FC2A65F2D395733CF4AD87AD9083C74C2D2D61D75FBF9D2D
                      SHA-512:6E8AC0BD43CFAE35397E9DD2E29AA0B5525C8FE58F84E0E39455F81AAB10BAD6E7C448355092496772426243A13E46FA65E2B80C17C87526A2F6158889108003
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"280ab80a-d065-4123-b668-be9ac1a85294","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714248702061,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):291
                      Entropy (8bit):5.285541225185567
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJfbPtdPeUkwRe9:YvXKXFeUEz3EZc0vAYsGDV8Ukee9
                      MD5:C8DE651105BE85099BFCD2BF3D758842
                      SHA1:BF4D85BD5FFBA6FAF54DB82F176BD62277D1C2B9
                      SHA-256:DAAE25585822A593D7FB2E5E39795AC037B98E2BC47F3E850C5B581459B643BA
                      SHA-512:29303496E6B9ACCBB04E35814C1EDAC1AC200B44316E9D6FB6555DEA4E9CBF099ECE2A9353C6194928304B49C5D8125F44E90D4E6F17CBC9724794AF0A2AF6FD
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"280ab80a-d065-4123-b668-be9ac1a85294","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714248702061,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):287
                      Entropy (8bit):5.290795747293072
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJf21rPeUkwRe9:YvXKXFeUEz3EZc0vAYsG+16Ukee9
                      MD5:4DB1D86D4D6E317B29527202DD506671
                      SHA1:4A4F91CB00916CC30CDAFB63A45AC4722E9551AC
                      SHA-256:5D7BE85B27F57BFADEC17C40192414CBE2823D1439945ED1EF8563F9AAB8F307
                      SHA-512:A837D452FDAE657EDB3DFC072CFE21F401CB8004AB9ED08ED3992AC6B4CBE3CFCEB74A16F398A8307BFF98C98709D0209B1EC802DC2888B91A146DA56E231F77
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"280ab80a-d065-4123-b668-be9ac1a85294","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714248702061,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.308549238386021
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJfbpatdPeUkwRe9:YvXKXFeUEz3EZc0vAYsGVat8Ukee9
                      MD5:A14FE1695DE89A8D8F2972E408C544A7
                      SHA1:0900B5AEACE1ED40135130332DAB5DFC49590BDE
                      SHA-256:B25BE637A4CE47CA2BD8CBCA4172B5E17F44D7684F7240B343F8237A2CEC583A
                      SHA-512:58242C717294B91906F70656518663B793C163CD783A60784F8C90C475F67DA72585433FA9907BE0786AA1737D128F3B4F46D8532BC7A1D43F04153DECFC121B
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"280ab80a-d065-4123-b668-be9ac1a85294","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714248702061,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):286
                      Entropy (8bit):5.266587699570015
                      Encrypted:false
                      SSDEEP:6:YEQXJ2HXFeUEMIn519VoZcg1vRcR0Y/7YDoAvJfshHHrPeUkwRe9:YvXKXFeUEz3EZc0vAYsGUUUkee9
                      MD5:C37BC1B4C578EE19E2A77865A415B6A0
                      SHA1:E33A598E67719C05FE4AFAB213933A761D9EB443
                      SHA-256:BD2814AC6B5216B3F5C4BA87247E15952B18A19C1925E417D2BD0F9779CFAC79
                      SHA-512:489D662DA3DEB354FCBA53D3FB1486B5E0466446DFDA495B46195D0A9CE2704F41A7CEF38B52EE1E6F050C4F944404139F94F4F1813F008B3BB80AB81E3AA146
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"280ab80a-d065-4123-b668-be9ac1a85294","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714248702061,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):782
                      Entropy (8bit):5.366838024114456
                      Encrypted:false
                      SSDEEP:12:YvXKXFeUEz3EZc0vAYsGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWYZ:Yv6XRw0zvAYC168CgEXX5kcIfANhf
                      MD5:22D08A0DEA4EBBE8EA0C93C7B626AEF1
                      SHA1:6492F1B4403B52DD06BBAF6BF0BF29412785522F
                      SHA-256:6A7E6BAB941717E82ECAEF0FEB0D00CA1086E744E9B71F8645176A6BF384C0C0
                      SHA-512:CE19226CC2FEC53A9EFB3E76F33A91598C40B808B8D8CE6118601E170BB4AD11D85AB5BCB45F2957FBFF3C8821558A839B237D4E3E978ACA1EC72E1919C1193A
                      Malicious:false
                      Preview:{"analyticsData":{"responseGUID":"280ab80a-d065-4123-b668-be9ac1a85294","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714248702061,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1714074387094}}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4
                      Entropy (8bit):0.8112781244591328
                      Encrypted:false
                      SSDEEP:3:e:e
                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                      Malicious:false
                      Preview:....

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2814
                      Entropy (8bit):5.135163337914118
                      Encrypted:false
                      SSDEEP:48:YjJShQuGuZPwzMrpgMeqEAdIM/ryDyAMSIrMJDlG+ENNh9Gxx1:qGP4MFBxECFDyD7AYDsnQ7
                      MD5:80A35B8F0B270EAD01B43873103D0541
                      SHA1:15824246C8376E0818F7139FC75A3BD9E68F77A7
                      SHA-256:BB6CD97EE909BD45DA4AFC53E17F67BE3F4F8814F6FF82D31A73E90265439E4E
                      SHA-512:E706CC7EAEB01A523A9433EFD55941ABE1269318968EAB301B64CCC7B24A1A6A44678F3E83D9ED8CBEE1EB6037DF8D46FD2D2D8345D50088AA30A0404878319F
                      Malicious:false
                      Preview:{"all":[{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"42dbea5ee10d38585c1721427fb34dcf","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1714074386000},{"id":"Edit_InApp_Aug2020","info":{"dg":"76491a0ce9a8e621b2da407c7e03e040","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1714074386000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"93a971ce18be619d3efe17a040a25811","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1714074386000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"cfb9db421445fcf8b0fa0031ea64ef73","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1714074386000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"b2e7b662138169894529a12f6b82627a","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1714074386000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"24f041adcde3d1dded5916838cf51b98","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":289,"ts":1714074386000},

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                      Category:dropped
                      Size (bytes):12288
                      Entropy (8bit):1.1889630154038788
                      Encrypted:false
                      SSDEEP:48:TGufl2GL7msEHUUUUUUUUVSSvR9H9vxFGiDIAEkGVvpJU:lNVmswUUUUUUUUVS+FGSItVU
                      MD5:81DC5A883B6793B5CC72407956196AB0
                      SHA1:45314BBD75F213F40D26F9D0D1E4FA132E400A28
                      SHA-256:9F22301C2E86F14DC78DD6CAF5D2AE6711404E7194821A01336DF10DE8A2E1EF
                      SHA-512:6DE91702E72173300C4A6B8B64EDACE323846DDD9D21F9884F6FBFE97DCC934AB4BDF24319F4D92ECB6E617D0A2349A92E314A8FC3156AC64BE0F2A8F3B2F4B2
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):1.6087959304880828
                      Encrypted:false
                      SSDEEP:48:7M+CKUUUUUUUUUUVAvR9H9vxFGiDIAEkGVvfqFl2GL7mseZ:7hUUUUUUUUUUV4FGSIt9KVmseZ
                      MD5:7F9B64C2BFC29EBF859C705EC3855915
                      SHA1:23DA9732FBF8A1EF5D1CC78D4ADD545E2568AE4E
                      SHA-256:7669E4D4B93901B0B21478E4D8504704495FA5A8F5B1164A53596A35CF245F81
                      SHA-512:4D7772F490C3C9FFEE2DD682D73BA422C3ED0D6A839CF9BCFEA186001718B197810C81D509DD7F31BC36BDF8656666C58A138DF7C6414B46DC05C1C2EDCE2011
                      Malicious:false
                      Preview:.... .c......-........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\MSIf9c22.LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):246
                      Entropy (8bit):3.5136057226030957
                      Encrypted:false
                      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8++0le:Qw946cPbiOxDlbYnuRK8
                      MD5:8EA50D0C5217C726905B78C8239CCC8E
                      SHA1:E37976C8619BA5F4FE0B01E1412BE5479E24E6ED
                      SHA-256:8F5F14383E7E8D9782F31F1D3124B99F8CBBC71AB899C6E88F38F7CB6AB1C6E4
                      SHA-512:95587A3E359F94CACE6CC7B446700D93FF87B3F645DE2D5B09E2C12E57E84316754EBB7264BE0C6A5754E0142E9AB8A0B72C7EFBD93A75E5C4B68F62B1728E6B
                      Malicious:false
                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.5./.0.4./.2.0.2.4. . .2.1.:.4.6.:.2.6. .=.=.=.....

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 21-46-21-685.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393)
                      Category:dropped
                      Size (bytes):16525
                      Entropy (8bit):5.345946398610936
                      Encrypted:false
                      SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                      MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                      SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                      SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                      SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                      Malicious:false
                      Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393), with CRLF line terminators
                      Category:dropped
                      Size (bytes):15114
                      Entropy (8bit):5.334706249108577
                      Encrypted:false
                      SSDEEP:384:1ftMddQcZIc9OOXJkHyAyHmO5ucPvjVBK7RnLBcV1RkI6H+e5Bjk7kBoc2Z1a6O7:1j
                      MD5:067DA26709DDA29AD533E1380CB74A49
                      SHA1:42715CEEA927CEE286D438FAF15A8FA0B46A8D56
                      SHA-256:5C93E42574759A5EE945B33F7DE4627CDE99D6B0F390D3F67CFE3ED80150FB2C
                      SHA-512:8DD3FDAE82024D032944E83F00AC3D16CA0453841464E9D57AED0501E0EC490F5DB1A523431F60C7DF294D6452AFEFBC616E6C34C4ACD30BBD74BAC0B051A956
                      Malicious:false
                      Preview:SessionID=b6e8711f-5b2e-47e7-bafa-b92815b7a8a0.1714074381712 Timestamp=2024-04-25T21:46:21:712+0200 ThreadID=7572 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=b6e8711f-5b2e-47e7-bafa-b92815b7a8a0.1714074381712 Timestamp=2024-04-25T21:46:21:716+0200 ThreadID=7572 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=b6e8711f-5b2e-47e7-bafa-b92815b7a8a0.1714074381712 Timestamp=2024-04-25T21:46:21:718+0200 ThreadID=7572 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=b6e8711f-5b2e-47e7-bafa-b92815b7a8a0.1714074381712 Timestamp=2024-04-25T21:46:21:718+0200 ThreadID=7572 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=b6e8711f-5b2e-47e7-bafa-b92815b7a8a0.1714074381712 Timestamp=2024-04-25T21:46:21:718+0200 ThreadID=7572 Component=ngl-lib_NglAppLib Description="SetConf

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):29752
                      Entropy (8bit):5.39367352436077
                      Encrypted:false
                      SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rq:m
                      MD5:586E879A26D46B7CC35656A65CD55997
                      SHA1:AA8402213FBA94D0D699D2EF00BB859B742A82DC
                      SHA-256:B84A2200F92CD09954FA19A068DD2CF28C646B6B84D2B8AD057CFFE0A542912E
                      SHA-512:AC51E1E206E6165DED2196DA647459689D7CD1B85A51FDEA581AF5B9737902B94618725B36244AECEF7A11423037888B6ED3793C3D1259146816690A5B97B292
                      Malicious:false
                      Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                      C:\Users\user\AppData\Local\Temp\acrocef_low\05b3856b-ec3b-41a7-9612-29acb24373d2.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                      Category:dropped
                      Size (bytes):1419751
                      Entropy (8bit):7.976496077007677
                      Encrypted:false
                      SSDEEP:24576:/xA7owWLcGZtwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLcGZtwZGk3mlind9i4ufFXpAXkru
                      MD5:A46246FAEAB95D87F5B4FE236C2B3D3E
                      SHA1:7F018DB9238A63FEAD8D11A92297E7366058A75A
                      SHA-256:7E822FECC47177C5A7F4C250E7D53509D104DE68B0D0CE9445877B508400988E
                      SHA-512:8AAB79958BF39F014FBA7F69287FE0C357746E63FA3482DE3231BDF4A97B964A0815DAF7BFE9751C55BA6BE618E0A964CEB23FC30B4FA9DFEB284F42EBA897BF
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      C:\Users\user\AppData\Local\Temp\acrocef_low\3e00a850-4742-46bc-a60f-60e70426f5ba.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                      Category:dropped
                      Size (bytes):758601
                      Entropy (8bit):7.98639316555857
                      Encrypted:false
                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                      MD5:3A49135134665364308390AC398006F1
                      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                      Malicious:false
                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                      C:\Users\user\AppData\Local\Temp\acrocef_low\a90e6a9c-f13d-4f05-84af-d6298351c6e4.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                      Category:dropped
                      Size (bytes):386528
                      Entropy (8bit):7.9736851559892425
                      Encrypted:false
                      SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                      MD5:5C48B0AD2FEF800949466AE872E1F1E2
                      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                      Malicious:false
                      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                      C:\Users\user\AppData\Local\Temp\acrocef_low\dddf7180-18b7-4a6b-b9a3-7368d9abb3f6.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                      Category:dropped
                      Size (bytes):1407294
                      Entropy (8bit):7.97605879016224
                      Encrypted:false
                      SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                      MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                      SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                      SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                      SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      Static File Info

                      General

                      File type:PDF document, version 1.7, 107 pages
                      Entropy (8bit):2.7417284292325386
                      TrID:
                      • Adobe Portable Document Format (5005/1) 100.00%
                      File name:B0CVFJGTZY.pdf
                      File size:3'342'153 bytes
                      MD5:ac5b74f11fd6e27983a5883b7b6ff3b5
                      SHA1:87749916e71702d0678fcf722eb73c24ea701b52
                      SHA256:4fc3f5c6068ed6bc23f00d8d5171ff22c23dc38209d677839b681ad11500af5b
                      SHA512:f6f4ca635ddea9c221ff8ec21981839e8465e7d21269625bd6b0a873070334b3db17a688aae53a532c03ae3aa36c5b583705da5b1804f1bef51e1a64c76236a8
                      SSDEEP:12288:L1HUe+Pud3K2CjJzWpSCZJj8ejm9UoPAJ77zEXk8V+KboVudiavqMkFTKG8T6Kbz:p1xdaFCpSm98AYkgXkzKVdix3pKUdifN
                      TLSH:97F51236EC18E49DCC8AEBB2EB9D35D58A86B3224BC5741A40184D43B1D0A25FF777C6
                      File Content Preview:%PDF-1.7.%.....1 0 obj.<<./Type /Pages./Count 107./Kids [ 4 0 R 33 0 R 56 0 R 93 0 R 121 0 R 147 0 R 163 0 R 175 0 R 188 0 R 201 0 R 204 0 R 207 0 R 209 0 R 220 0 R 222 0 R 224 0 R 226 0 R 228 0 R 230 0 R 232 0 R 234 0 R 284 0 R 295 0 R 298 0 R 302 0 R 31

                      File Icon

                      Icon Hash:62cc8caeb29e8ae0

                      Static PDF Info

                      General

                      Header:%PDF-1.7
                      Total Entropy:2.741728
                      Total Bytes:3342153
                      Stream Entropy:2.660027
                      Stream Bytes:3304017
                      Entropy outside Streams:5.256242
                      Bytes outside Streams:38136
                      Number of EOF found:0
                      Bytes after EOF:

                      Keywords Statistics

                      NameCount
                      obj209
                      endobj208
                      stream56
                      endstream54
                      xref0
                      trailer0
                      startxref0
                      /Page19
                      /Encrypt0
                      /ObjStm0
                      /URI80
                      /JS0
                      /JavaScript0
                      /AA0
                      /OpenAction0
                      /AcroForm0
                      /JBIG2Decode0
                      /RichMedia0
                      /Launch0
                      /EmbeddedFile0

                      Image Streams

                      IDDHASHMD5Preview
                      426cc86b23333710707c525045fe444505149cd40d1c517a1d7
                      4460221696102068382e63210b0d4fb6ab444dcf316d53cb9fb
                      4804a52393525292327106f6f3ae1be9726e473c729b37a165b

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Apr 25, 2024 21:46:32.058677912 CEST49740443192.168.2.4184.25.164.138
                      Apr 25, 2024 21:46:32.058715105 CEST44349740184.25.164.138192.168.2.4
                      Apr 25, 2024 21:46:32.058787107 CEST49740443192.168.2.4184.25.164.138
                      Apr 25, 2024 21:46:32.059412003 CEST49741443192.168.2.4184.25.164.138
                      Apr 25, 2024 21:46:32.059452057 CEST44349741184.25.164.138192.168.2.4
                      Apr 25, 2024 21:46:32.059525013 CEST49741443192.168.2.4184.25.164.138
                      Apr 25, 2024 21:46:32.059838057 CEST49740443192.168.2.4184.25.164.138
                      Apr 25, 2024 21:46:32.059849977 CEST44349740184.25.164.138192.168.2.4
                      Apr 25, 2024 21:46:32.060214043 CEST49741443192.168.2.4184.25.164.138
                      Apr 25, 2024 21:46:32.060228109 CEST44349741184.25.164.138192.168.2.4
                      Apr 25, 2024 21:46:32.393526077 CEST44349741184.25.164.138192.168.2.4
                      Apr 25, 2024 21:46:32.394644976 CEST44349740184.25.164.138192.168.2.4
                      Apr 25, 2024 21:46:32.399861097 CEST49741443192.168.2.4184.25.164.138
                      Apr 25, 2024 21:46:32.399924040 CEST44349741184.25.164.138192.168.2.4
                      Apr 25, 2024 21:46:32.399975061 CEST49740443192.168.2.4184.25.164.138
                      Apr 25, 2024 21:46:32.400005102 CEST44349740184.25.164.138192.168.2.4
                      Apr 25, 2024 21:46:32.400857925 CEST44349741184.25.164.138192.168.2.4
                      Apr 25, 2024 21:46:32.400968075 CEST49741443192.168.2.4184.25.164.138
                      Apr 25, 2024 21:46:32.403559923 CEST44349740184.25.164.138192.168.2.4
                      Apr 25, 2024 21:46:32.403657913 CEST49740443192.168.2.4184.25.164.138
                      Apr 25, 2024 21:46:32.404514074 CEST49741443192.168.2.4184.25.164.138
                      Apr 25, 2024 21:46:32.404594898 CEST49740443192.168.2.4184.25.164.138
                      Apr 25, 2024 21:46:32.404623985 CEST44349741184.25.164.138192.168.2.4
                      Apr 25, 2024 21:46:32.404764891 CEST44349740184.25.164.138192.168.2.4
                      Apr 25, 2024 21:46:32.404783010 CEST49741443192.168.2.4184.25.164.138
                      Apr 25, 2024 21:46:32.448163033 CEST44349741184.25.164.138192.168.2.4
                      Apr 25, 2024 21:46:32.455957890 CEST49740443192.168.2.4184.25.164.138
                      Apr 25, 2024 21:46:32.456008911 CEST44349740184.25.164.138192.168.2.4
                      Apr 25, 2024 21:46:32.456069946 CEST49741443192.168.2.4184.25.164.138
                      Apr 25, 2024 21:46:32.456130981 CEST44349741184.25.164.138192.168.2.4
                      Apr 25, 2024 21:46:32.502849102 CEST49740443192.168.2.4184.25.164.138
                      Apr 25, 2024 21:46:32.502854109 CEST49741443192.168.2.4184.25.164.138
                      Apr 25, 2024 21:46:32.515414953 CEST44349741184.25.164.138192.168.2.4
                      Apr 25, 2024 21:46:32.515527964 CEST44349741184.25.164.138192.168.2.4
                      Apr 25, 2024 21:46:32.515660048 CEST49741443192.168.2.4184.25.164.138
                      Apr 25, 2024 21:46:32.516161919 CEST49741443192.168.2.4184.25.164.138
                      Apr 25, 2024 21:46:32.516201019 CEST44349741184.25.164.138192.168.2.4
                      Apr 25, 2024 21:46:51.392390966 CEST44349740184.25.164.138192.168.2.4
                      Apr 25, 2024 21:46:51.392577887 CEST44349740184.25.164.138192.168.2.4
                      Apr 25, 2024 21:46:51.392702103 CEST49740443192.168.2.4184.25.164.138
                      Apr 25, 2024 21:47:36.393677950 CEST49740443192.168.2.4184.25.164.138
                      Apr 25, 2024 21:47:36.393712997 CEST44349740184.25.164.138192.168.2.4
                      Apr 25, 2024 21:48:21.393639088 CEST49740443192.168.2.4184.25.164.138
                      Apr 25, 2024 21:48:21.393687010 CEST44349740184.25.164.138192.168.2.4

                      HTTP Request Dependency Graph

                      • armmf.adobe.com

                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.449741184.25.164.1384437760C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      TimestampBytes transferredDirectionData
                      2024-04-25 19:46:32 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                      Host: armmf.adobe.com
                      Connection: keep-alive
                      Accept-Language: en-US,en;q=0.9
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                      Sec-Fetch-Site: same-origin
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      Accept-Encoding: gzip, deflate, br
                      If-None-Match: "78-5faa31cce96da"
                      If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                      2024-04-25 19:46:32 UTC198INHTTP/1.1 304 Not Modified
                      Content-Type: text/plain; charset=UTF-8
                      Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                      ETag: "78-5faa31cce96da"
                      Date: Thu, 25 Apr 2024 19:46:32 GMT
                      Connection: close


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:21:46:18
                      Start date:25/04/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\B0CVFJGTZY.pdf"
                      Imagebase:0x7ff6bc1b0000
                      File size:5'641'176 bytes
                      MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:false

                      General

                      Target ID:1
                      Start time:21:46:21
                      Start date:25/04/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                      Imagebase:0x7ff74bb60000
                      File size:3'581'912 bytes
                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:false

                      General

                      Target ID:3
                      Start time:21:46:21
                      Start date:25/04/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1524,i,11071811492861082364,15687375164594026252,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                      Imagebase:0x7ff74bb60000
                      File size:3'581'912 bytes
                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:moderate
                      Has exited:false

                      Disassembly

                      No disassembly