Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BRWCC6B1E080BAC_007512.pdf

Overview

General Information

Sample name:BRWCC6B1E080BAC_007512.pdf
Analysis ID:1438583
MD5:48c6eaa0d75d8a998ba92b92c8551a65
SHA1:f62edc755e9d762817340e7a28a5f34c5e7014af
SHA256:c29ac9d47e8d316ab8f227e7de8d67eee972d0d403502452f0850e8ee03c6563
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7404 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\BRWCC6B1E080BAC_007512.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7588 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7788 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2132 --field-trial-handle=1592,i,2049043064737998012,7321684436256655777,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 173.222.196.143:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 173.222.196.143:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 173.222.196.143:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 173.222.196.143:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 173.222.196.143:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 173.222.196.143:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 173.222.196.143:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 173.222.196.143:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 173.222.196.143:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 173.222.196.143:443 -> 192.168.2.4:49741
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficTCP traffic: 192.168.2.4:49741 -> 173.222.196.143:443
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.196.143
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.196.143
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.196.143
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.196.143
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.196.143
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.196.143
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.196.143
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.196.143
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.196.143
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.196.143
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.196.143
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.196.143
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: classification engineClassification label: clean1.winPDF@14/43@0/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7484Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-08 21-34-08-761.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\BRWCC6B1E080BAC_007512.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2132 --field-trial-handle=1592,i,2049043064737998012,7321684436256655777,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2132 --field-trial-handle=1592,i,2049043064737998012,7321684436256655777,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: BRWCC6B1E080BAC_007512.pdfInitial sample: PDF keyword /JS count = 0
Source: BRWCC6B1E080BAC_007512.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: BRWCC6B1E080BAC_007512.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive12
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1438583 Sample: BRWCC6B1E080BAC_007512.pdf Startdate: 08/05/2024 Architecture: WINDOWS Score: 1 6 Acrobat.exe 18 72 2->6         started        process3 8 AcroCEF.exe 104 6->8         started        process4 10 AcroCEF.exe 2 8->10         started        dnsIp5 13 173.222.196.143, 443, 49741 AKAMAI-ASUS United States 10->13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
173.222.196.143
unknownUnited States
16625AKAMAI-ASUSfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1438583
Start date and time:2024-05-08 21:33:21 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 53s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:10
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:BRWCC6B1E080BAC_007512.pdf
Detection:CLEAN
Classification:clean1.winPDF@14/43@0/1
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 23.192.208.138, 34.193.227.236, 18.207.85.246, 54.144.73.197, 107.22.247.231, 104.98.118.169, 162.159.61.3, 172.64.41.3
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
  • Not all processes where analyzed, report is missing behavior information
  • VT rate limit hit for: BRWCC6B1E080BAC_007512.pdf

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
173.222.196.143https://johnsonme.com/wp-content/uploads/E-Catalogue-JTSP.pdfGet hashmaliciousUnknownBrowse

    Domains

    No context

    ASNs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    AKAMAI-ASUShttps://www.googleadservices.com/pagead/aclk?sa=L&ai=CEPSIY7k7Zpu1AY3rkPIP8q21mAvP_pi8d4PY85XiEsq6jPG-ARABIPT5xiVgyeaGi7ykoBqgAcCz_YIDyAEC4AIAqAMByAMIqgSdAk_QZfhjp8EKKRw8Ud-sac3T3jbhfjxjJ1sRhgU3SOjAuI5huqeTvemsIazylmO5A9WU45_edGutcUqL46MvuNtxU89a64S7xhljcSlyUs-dysnWLJ2j0jUpH_gKnco9owTuaX1dg-lH7IYSpQI3MKj-Dr00v1SC_8ZhuzoINVR1E2pcblzJpyD5_udwujRkOY3Fao0Lt8Mai9Sq-EbJfdXMijbwOeNV94FwcwlSMZ7he13IkHy_a1HexFAPvo5qqjQXKG7VuYCajYpF3q5URq0loIuDY5WXWNc5RPV77yzvPDM2ytOukuK76vBmfoFdcFIyWUc5xZIVsm9dr8SzjJNE1z63RwDOkXHpq4VxrPcl1gRfUlqaUGyYeMbOoMAEp9WvltcE4AQBiAWQgcDhTpAGAaAGAoAHqMyCfYgHAZAHAqgH2baxAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAevvrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQKoB_jCsQKoB_vCsQLYBwHSCCcIABACGB0yAQA6Dp_QgICAgASAwICAgKAoSL39wTpYjsuajM3-hQOxCUbAF_v0mAHVgAoDmAsByAsBqg0CVVPIDQHiDRMIlf2ajM3-hQMVjTVECB3yVg2z2BMM0BUB-BYBgBcBshgJEgLeaBgCIgEA6BgB&ae=1&gclid=Cj0KCQjwxeyxBhC7ARIsAC7dS38YLg3rX_OKomm_dfFxFHKQ-xaABBJ-7gCz8VhxHk9qVjyKpQQOlOIaAvqNEALw_wcB&num=1&cid=CAQSQwB7FLtqgUEuOym-5Tn68arUiPJ1jdwPgw46Y6zUHfAkI3hTIEhGQzVeYafsm9LBj6pxutwTRiLFJPhCq9OvYdD7CqQYAQ&sig=AOD64_2G4fRbd2sH1E5jnf1iXQS4SW_Q2g&client=ca-pub-6396844742497208&rf=5&nx=CLICK_X&ny=CLICK_Y&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)&uaw=UACH(wow64)&uafvl=UACH(fullVersionList)&nb=2&adurl=https://browsingwithwave.com/%3Fsrc%3Dd-aff16-cp21142438032%26ob%3Dobgcobedobem%26dvc%3Dc%26k%3D%26crt%3D695418066867%26adp%3D%26plc%3D%26tgt%3D%26sl%3D%26cpd%3D21142438032%26iid%3Dwav%26gclid%3DCj0KCQjwxeyxBhC7ARIsAC7dS38YLg3rX_OKomm_dfFxFHKQ-xaABBJ-7gCz8VhxHk9qVjyKpQQOlOIaAvqNEALw_wcBGet hashmaliciousUnknownBrowse
    • 23.34.172.65
    yyyyyyyyyyyy.msgGet hashmaliciousDarkGate, MailPassViewBrowse
    • 23.192.208.109
    Proce.zipGet hashmaliciousUnknownBrowse
    • 23.192.208.109
    file.exeGet hashmaliciousPrivateLoader, VidarBrowse
    • 23.195.238.96
    https://sivaspastane.com/Notion-x86.msixGet hashmaliciousUnknownBrowse
    • 96.7.158.101
    windows.10.codec.pack.v2.2.0.setup.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse
    • 104.96.203.40
    windows.10.codec.pack.v2.2.0.setup.exeGet hashmaliciousUnknownBrowse
    • 96.7.158.101
    invoice cum packing list #4_fdp.Scr.exeGet hashmaliciousRemcos, PrivateLoader, PureLog StealerBrowse
    • 96.7.156.186
    YvPa06OoUd.elfGet hashmaliciousMiraiBrowse
    • 23.44.181.43
    bRlvBJEl6T.exeGet hashmaliciousVidarBrowse
    • 23.195.238.96

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.204738534511756
    Encrypted:false
    SSDEEP:6:DDyq2Pwkn2nKuAl9OmbnIFUt86jg11Zmw+6jgjRkwOwkn2nKuAl9OmbjLJ:DuvYfHAahFUt86e1/+6Q5JfHAaSJ
    MD5:C689ADF85005FCB218D664FCF33BB223
    SHA1:2094D99E55092A200E5BCCD1F6E7D97AE6E4E551
    SHA-256:E9F63111295A094221B4A4A132E9D54047A573A9FD3537DE487BCFFCA72A3F3C
    SHA-512:6E636A9909A0B2757B87C9874368147B8759A8697E769DFD7F5BAC77BADF066392C9B8B213C9A53213FD15EE6C6171781C5700008EB43E9ED2677D0D03BEA1CA
    Malicious:false
    Reputation:low
    Preview:2024/05/08-21:34:06.484 1dc0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/05/08-21:34:06.485 1dc0 Recovering log #3.2024/05/08-21:34:06.485 1dc0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.204738534511756
    Encrypted:false
    SSDEEP:6:DDyq2Pwkn2nKuAl9OmbnIFUt86jg11Zmw+6jgjRkwOwkn2nKuAl9OmbjLJ:DuvYfHAahFUt86e1/+6Q5JfHAaSJ
    MD5:C689ADF85005FCB218D664FCF33BB223
    SHA1:2094D99E55092A200E5BCCD1F6E7D97AE6E4E551
    SHA-256:E9F63111295A094221B4A4A132E9D54047A573A9FD3537DE487BCFFCA72A3F3C
    SHA-512:6E636A9909A0B2757B87C9874368147B8759A8697E769DFD7F5BAC77BADF066392C9B8B213C9A53213FD15EE6C6171781C5700008EB43E9ED2677D0D03BEA1CA
    Malicious:false
    Reputation:low
    Preview:2024/05/08-21:34:06.484 1dc0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/05/08-21:34:06.485 1dc0 Recovering log #3.2024/05/08-21:34:06.485 1dc0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):336
    Entropy (8bit):5.188706520398469
    Encrypted:false
    SSDEEP:6:D2oZlyq2Pwkn2nKuAl9Ombzo2jMGIFUt862iVFz1Zmw+62iVFlRkwOwkn2nKuAlx:DHIvYfHAa8uFUt8671/+6r5JfHAa8RJ
    MD5:AFBF6FE3EFCC2178B437FE0FDDE8702C
    SHA1:CF13F7B0A4C638B1A1324875D3ABBDEF8AF53A8C
    SHA-256:63A64D23A2699B36735FA33EB703562DF827D90D3ABBB7558876E62AD7EEA28E
    SHA-512:314854F06040EA29891BC88EF72720109D61E1DECAF79B7F82139E1790444F656110120604D3BEB4897F5AE8CEF8DE8B85CE1B9F863B6E46294293142E9CF42A
    Malicious:false
    Reputation:low
    Preview:2024/05/08-21:34:06.568 1ea0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/05/08-21:34:06.573 1ea0 Recovering log #3.2024/05/08-21:34:06.573 1ea0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):336
    Entropy (8bit):5.188706520398469
    Encrypted:false
    SSDEEP:6:D2oZlyq2Pwkn2nKuAl9Ombzo2jMGIFUt862iVFz1Zmw+62iVFlRkwOwkn2nKuAlx:DHIvYfHAa8uFUt8671/+6r5JfHAa8RJ
    MD5:AFBF6FE3EFCC2178B437FE0FDDE8702C
    SHA1:CF13F7B0A4C638B1A1324875D3ABBDEF8AF53A8C
    SHA-256:63A64D23A2699B36735FA33EB703562DF827D90D3ABBB7558876E62AD7EEA28E
    SHA-512:314854F06040EA29891BC88EF72720109D61E1DECAF79B7F82139E1790444F656110120604D3BEB4897F5AE8CEF8DE8B85CE1B9F863B6E46294293142E9CF42A
    Malicious:false
    Reputation:low
    Preview:2024/05/08-21:34:06.568 1ea0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/05/08-21:34:06.573 1ea0 Recovering log #3.2024/05/08-21:34:06.573 1ea0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):475
    Entropy (8bit):4.954820884383589
    Encrypted:false
    SSDEEP:12:YH/um3RA8sqZcvEsBdOg2HScaq3QYiubInP7E4T3y:Y2sRdsLdMH93QYhbG7nby
    MD5:08A8D0459047150B01AFA5D7A5E62F43
    SHA1:D98E3A5AF837EE65DA4AA30204A97E148B5366E8
    SHA-256:6AE35727737CC7F65579160D2835C70ABEF337331194AED5F0C708D073E973D0
    SHA-512:80F554A3F5989DAE77EA3973D8989D12FD3F3067BF86F3BD89077CDD7E794B78A68E915D60FAE61E92DA472CDE8AB0F9EE2DD5C8F1A3CA26723DE7420E3052BD
    Malicious:false
    Reputation:low
    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13359756858561311","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":164331},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bebbf874-cc97-4a73-ac7f-328907a68fc6.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:modified
    Size (bytes):475
    Entropy (8bit):4.954820884383589
    Encrypted:false
    SSDEEP:12:YH/um3RA8sqZcvEsBdOg2HScaq3QYiubInP7E4T3y:Y2sRdsLdMH93QYhbG7nby
    MD5:08A8D0459047150B01AFA5D7A5E62F43
    SHA1:D98E3A5AF837EE65DA4AA30204A97E148B5366E8
    SHA-256:6AE35727737CC7F65579160D2835C70ABEF337331194AED5F0C708D073E973D0
    SHA-512:80F554A3F5989DAE77EA3973D8989D12FD3F3067BF86F3BD89077CDD7E794B78A68E915D60FAE61E92DA472CDE8AB0F9EE2DD5C8F1A3CA26723DE7420E3052BD
    Malicious:false
    Reputation:low
    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13359756858561311","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":164331},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):4730
    Entropy (8bit):5.257640894376322
    Encrypted:false
    SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7Cbi4BfNAbRR44GZ:etJCV4FiN/jTN/2r8Mta02fEhgO73gok
    MD5:EDB7D7F5CDDE65F2ACC63037DFD5BA20
    SHA1:362DD387575A9D3CB9519C8C3B2E1826DB61EC12
    SHA-256:4B3243BD35F06440CA0D7DBE9386E0D1647D0F363305816D4C383B9593C6F87A
    SHA-512:D6EE0028FD00E5F1CBB04109CD472F4ED737055DFC11892F39E7D9DBF0348F32EBA349C05C74B9092ADBC5872182ADBB2CA05B2069D65D96130DC78DB02E7EEB
    Malicious:false
    Reputation:low
    Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):324
    Entropy (8bit):5.156052175886799
    Encrypted:false
    SSDEEP:6:D6/yq2Pwkn2nKuAl9OmbzNMxIFUt86SW1Zmw+6URVFlRkwOwkn2nKuAl9OmbzNMT:D6qvYfHAa8jFUt86SW1/+6w5JfHAa84J
    MD5:C3CC1F11180927288810FC8A022EBD87
    SHA1:053E0160AFCE1BFCFDF6E06F44686D57E5812505
    SHA-256:A543F02C5551C65AAF3FBBB64AF70452E658C3F7AE2CC0262C59D3FB0E2B121F
    SHA-512:E47F5C1D80BBE94D502D36A7EA498E619FF7F5620D01E83B9B93E4117440BF2904974B34A6E74E9C9353EE265F6FE821063CC8762F506E73CE1E18F1678077A7
    Malicious:false
    Reputation:low
    Preview:2024/05/08-21:34:06.800 1ea0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/05/08-21:34:06.832 1ea0 Recovering log #3.2024/05/08-21:34:06.853 1ea0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):324
    Entropy (8bit):5.156052175886799
    Encrypted:false
    SSDEEP:6:D6/yq2Pwkn2nKuAl9OmbzNMxIFUt86SW1Zmw+6URVFlRkwOwkn2nKuAl9OmbzNMT:D6qvYfHAa8jFUt86SW1/+6w5JfHAa84J
    MD5:C3CC1F11180927288810FC8A022EBD87
    SHA1:053E0160AFCE1BFCFDF6E06F44686D57E5812505
    SHA-256:A543F02C5551C65AAF3FBBB64AF70452E658C3F7AE2CC0262C59D3FB0E2B121F
    SHA-512:E47F5C1D80BBE94D502D36A7EA498E619FF7F5620D01E83B9B93E4117440BF2904974B34A6E74E9C9353EE265F6FE821063CC8762F506E73CE1E18F1678077A7
    Malicious:false
    Reputation:low
    Preview:2024/05/08-21:34:06.800 1ea0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/05/08-21:34:06.832 1ea0 Recovering log #3.2024/05/08-21:34:06.853 1ea0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240508193410Z-152.bmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
    Category:dropped
    Size (bytes):71190
    Entropy (8bit):1.3462168918357618
    Encrypted:false
    SSDEEP:768:sr9gTVrtBgX4U695K5xVQCpSM3IlT699L:sr9gTVJBC4U695K5xVQCpSM3Ix699L
    MD5:42679C44BC3E24D9F0FD5A2E12B48DE8
    SHA1:89F5B5268CBAA55348D5D383589D710EA80C258B
    SHA-256:89BFA96829A2B12B594DB1FAD3189CA01B246C93EB0A418F1004E5041FA37A64
    SHA-512:7CA0E0638E23EB027C02FCDA5A75806513822E435FD01C1ECE3F2016608F89F65DA921B8267D2BE5AEB7365617B38D4A4FAB50D0AEFBA4E66BA2F4852F2DC52F
    Malicious:false
    Reputation:low
    Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
    Category:dropped
    Size (bytes):86016
    Entropy (8bit):4.445288544920547
    Encrypted:false
    SSDEEP:384:yezci5tIiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rvs3OazzU89UTTgUL
    MD5:35D67C70035F0FD15B4F407A01E3F29C
    SHA1:64447ED1E0D5E7B3561DF7AF1635D73669696EA9
    SHA-256:7A5F36C0D4989CB9E8F66E29CFEE0637331C7EA9CDDBDDE1AB4FB1E01F5D32A2
    SHA-512:7968BE0E4CD57D2120A8FCA47B472D7806BB47A3F1066C9A95F93B13A74AB4696053EA4718E05189007D78B77FF8B5445EA8D2B73EBECD8BEE43752795EAB624
    Malicious:false
    Reputation:low
    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):8720
    Entropy (8bit):3.7716193661416773
    Encrypted:false
    SSDEEP:48:7Mfp/E2ioyVuioy9oWoy1Cwoy1uKOioy1noy1AYoy1Wioy1hioybioykoy1noy15:7opjuuFdXKQBRb9IVXEBodRBkP
    MD5:A02E60D97F10ECCBD047B0B3E8E1381A
    SHA1:0E618218D3921FEC8C9DAE4267A8212866CE9251
    SHA-256:36417AABDB16B4E960B031A5FC3477C28E5E59F31ADD436F19922E2F81A93C07
    SHA-512:5DFEAB20E2A60325119106D60BADABFE924930320B632F0539C7F2CDA03DC8E7A6678FB809137E7F8F2D6C5F27BA1CEB9B106CCC4AE4BFC27D0BC158B16D9857
    Malicious:false
    Reputation:low
    Preview:.... .c.....Umu................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7484

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PostScript document text
    Category:dropped
    Size (bytes):185099
    Entropy (8bit):5.182478651346149
    Encrypted:false
    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
    MD5:94185C5850C26B3C6FC24ABC385CDA58
    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
    Malicious:false
    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PostScript document text
    Category:dropped
    Size (bytes):185099
    Entropy (8bit):5.182478651346149
    Encrypted:false
    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
    MD5:94185C5850C26B3C6FC24ABC385CDA58
    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
    Malicious:false
    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):243196
    Entropy (8bit):3.3450692389394283
    Encrypted:false
    SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
    MD5:F5567C4FF4AB049B696D3BE0DD72A793
    SHA1:EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
    SHA-256:D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
    SHA-512:E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
    Malicious:false
    Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):295
    Entropy (8bit):5.371044053237623
    Encrypted:false
    SSDEEP:6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJM3g98kUwPeUkwRe9:YvXKXadsZc0v/GMbLUkee9
    MD5:38A53DB394E2358F79691523E1BB2B7D
    SHA1:2D50472286918B3712F2CD21CDC1EB84A5BCDECE
    SHA-256:190695E6F7F64985A9102E9CE043D7BBBFB76BF7AA32B850E91DC5B34B5815F0
    SHA-512:5D8A627F22E9C2B9CF987FF9C0D85EFC393EADC426C970C11768C183DA64DAB8732E9367B198E9A151A36452679003F81ED0C802DA87A75C8520A1F45DBDB9E9
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"76ce3de6-b605-4cb9-b718-b181b35cf4a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715371137736,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.320618976783587
    Encrypted:false
    SSDEEP:6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJfBoTfXpnrPeUkwRe9:YvXKXadsZc0v/GWTfXcUkee9
    MD5:EFB77A61FE0949534D131298F5AD7C15
    SHA1:D240E2C5E9ADC9FBD046979208D58163862196E9
    SHA-256:311FFBE74DA9FA4D4B7F914D74087E5BE362C8906B09CAA86109CCA3D9EC2E72
    SHA-512:8E14B0468C7BC9008A55770D11FF06B2EC810E831318813659545FBE79375E09095CBF5D61E16856612319507532B896B05870D62275D0D4D1825EAE6C974AA2
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"76ce3de6-b605-4cb9-b718-b181b35cf4a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715371137736,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.2987578915288545
    Encrypted:false
    SSDEEP:6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJfBD2G6UpnrPeUkwRe9:YvXKXadsZc0v/GR22cUkee9
    MD5:7519A63C81B4DD4802A310DFE2F6276D
    SHA1:A6429EC76723E11DF87B593323498335F3E81B6D
    SHA-256:A28A16584F1CD57AEEED04A0557F438F21EDA7AD9991FFA1F316283ED5B08847
    SHA-512:790E95DC767EA503FB9525EF79DCCA511FFDA42B587FC886DAC5624AC153A2D59D5C361C55ED44F0914793C3871E605861C3F45EA3CD3C524261DD4F4475D389
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"76ce3de6-b605-4cb9-b718-b181b35cf4a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715371137736,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):285
    Entropy (8bit):5.358324056517709
    Encrypted:false
    SSDEEP:6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJfPmwrPeUkwRe9:YvXKXadsZc0v/GH56Ukee9
    MD5:75479B52AD55DD8440513723CCEF332C
    SHA1:9210F3000151E3F4C17FBD3136640B25AB2A0706
    SHA-256:95B785C067BE260A6291136CE0414D2FE271628752F183D42E4E33B12DBB48DC
    SHA-512:20C9C09BBE85322A19F685005692E5D4F92D13AAAF1A2AA05CFA0E46992FDA4D67FF90D13F3B19DEE8C13A74DE5DEAB7FE60DC20A47C4B72BF886E87632A424A
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"76ce3de6-b605-4cb9-b718-b181b35cf4a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715371137736,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.318889288939371
    Encrypted:false
    SSDEEP:6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJfJWCtMdPeUkwRe9:YvXKXadsZc0v/GBS8Ukee9
    MD5:E2846EBDD64B32DD6DAD59010646A4D9
    SHA1:807DA5E2192054ED0DA2D04A1B2742BC0B1306C7
    SHA-256:F49F462CCE2D185FB3208A32B4875164F51FAE88D938805099CBD5C4546A9783
    SHA-512:0967674C0E1A31601A17AB650A4EFA79E49A8CBEE2A0CF7ECA4BBCB5DCD5219A8BC0270D5290B1E0EF43244FAD34AD1148466A7F1B1F1A24A5886A1BA44F57BA
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"76ce3de6-b605-4cb9-b718-b181b35cf4a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715371137736,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.3054135420191235
    Encrypted:false
    SSDEEP:6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJf8dPeUkwRe9:YvXKXadsZc0v/GU8Ukee9
    MD5:CB9D35A56F200E4B81F453F7804D1107
    SHA1:9C6E2C62FE468BD369C6D29EE0B43BE206C0366E
    SHA-256:7EC5DFA07F541E7729527F25A5F6646E68A411165E8441F40E5B003B44EC6C43
    SHA-512:479A7AD5EA2F3F26DB9EC6B02295663A1CAA70EE10A15BC826EC82DD30FA37CDB1B5B57E8F3E52F6E5ACDB26E11D4900C636A6377C8B88DFCF9DE92B9C6F656C
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"76ce3de6-b605-4cb9-b718-b181b35cf4a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715371137736,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.30894956167962
    Encrypted:false
    SSDEEP:6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJfQ1rPeUkwRe9:YvXKXadsZc0v/GY16Ukee9
    MD5:3439D0CA1D98F9F79C239BF1CD3D3BDB
    SHA1:C38C6EB54797773A3C472E9F9A3ABA5102F1AA9E
    SHA-256:3A57285A9C266DC0E635AAC413631038C284BAF6E9B9946AC4BD13D572F536CA
    SHA-512:51246BDBE7ACC1D57948F75701424CF76E918B6CA73F23E2EB10E234C9CB30796F8BCA90AC38BA198C8BD26BEF7BC762EEFA3A4B50F463DD6BF686B2DB0D383B
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"76ce3de6-b605-4cb9-b718-b181b35cf4a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715371137736,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.316176243387815
    Encrypted:false
    SSDEEP:6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJfFldPeUkwRe9:YvXKXadsZc0v/Gz8Ukee9
    MD5:E037BC3C10DC99C68B400C6C33FFB327
    SHA1:190ED28BC27C64AA755D50C99B03E6566FA34620
    SHA-256:15A00D8D5D5FFF66AC8DE8FAFD1C7D8408DB59CC6B1E08289E6DACE7E419010C
    SHA-512:13A3458DD6287794C03C9DB05471104BA55047AD45B300409587250DAEC64CB4C734F8F7B622AC4D5379E840EBC257FA03C894A1E510D20CA0A6ADFD1D7975A2
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"76ce3de6-b605-4cb9-b718-b181b35cf4a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715371137736,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1372
    Entropy (8bit):5.741648739035263
    Encrypted:false
    SSDEEP:24:Yv6Xa+zvHKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJN0Y:YvUfEgigrNt0wSJn+ns8cvFJH
    MD5:E86B49767CFDA7F6C23B480A529EF353
    SHA1:0C8AD0B85522A972167FCC7CA7498127EE6C21BC
    SHA-256:AD1D939EC8E95F61D7A12C6C8B61F40C43DC688F5BF68C895D3D84BBDE5CA584
    SHA-512:0AAC788073DB0ECCB2C8F3D0A3D3907DFAF6F90F1676C2E7E3D40E3773D2ECC912CA41EBA9E7D47EFED157E084DCD664F05710256017A498F6E2853B45FB9E6A
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"76ce3de6-b605-4cb9-b718-b181b35cf4a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715371137736,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.312158670462221
    Encrypted:false
    SSDEEP:6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJfYdPeUkwRe9:YvXKXadsZc0v/Gg8Ukee9
    MD5:AF2C187E4DFEDC3B607CAD5584AF01A0
    SHA1:7CC4371DCD231A75892EC23C7A43C885527AC8ED
    SHA-256:1828C7520944829DF1CAD46D595BFFF6E7586C9AADECDF276EBF768ABC6DEAA2
    SHA-512:4EC5EF7097BFD20EDE0898368CBBDE88616683D5A5E267E5B20DAC7D554762ED2FECEB0A0B8D136186F44B99AE793F85EA2D74EB0729F73F55A0B952AB213924
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"76ce3de6-b605-4cb9-b718-b181b35cf4a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715371137736,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1395
    Entropy (8bit):5.7794005954212535
    Encrypted:false
    SSDEEP:24:Yv6Xa+zvarLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNsY:YvUiHgDv3W2aYQfgB5OUupHrQ9FJL
    MD5:8EE187BFCD358BE4576AE9B1EAC37D0C
    SHA1:332AB2D7EF0D0BE11F87CBBAFEC3FAA953DCB434
    SHA-256:25B9E644792FC3B1C989A3820F534D4CF7454B88BE98FE5F9F81F70ADEA0F7FA
    SHA-512:725B01BC59173674EC81CA5F89E9B50AF955314A38005884C6DEE8E744E9C833A561B76CE827247BF2E1A90D7BB149690F87526A30425577E811ED7AE92638CE
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"76ce3de6-b605-4cb9-b718-b181b35cf4a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715371137736,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):291
    Entropy (8bit):5.29562220339064
    Encrypted:false
    SSDEEP:6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJfbPtdPeUkwRe9:YvXKXadsZc0v/GDV8Ukee9
    MD5:C466FC92BAF768822A486F39A446319C
    SHA1:459845B60A5D40D7FF0C9FE74872AFF568953DC7
    SHA-256:C22AE962DAEB33731CE59994096C8EAD0EEC6060F483DBAEC46F98858067CD61
    SHA-512:BEB74FCD707748839726B8688CAC4F728ED22C419037AC5ABFE89CB42C095C814C50B9FA4F56FB7AE44009286AFB1C1C945B06838B8F37ABA0095F92E22AB923
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"76ce3de6-b605-4cb9-b718-b181b35cf4a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715371137736,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):287
    Entropy (8bit):5.300127569572103
    Encrypted:false
    SSDEEP:6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJf21rPeUkwRe9:YvXKXadsZc0v/G+16Ukee9
    MD5:D37863DBCD975B081E720EEE6EA852E5
    SHA1:0A2FB08333B69D62E16ECA85FDA8DDBBC8DFD261
    SHA-256:99CECE5C81623DE29364711876A52E91CBFF9479ABECF921891C9DEEC951C87A
    SHA-512:BCA52CD6EDE85DEDBB47CFC54A0D04EC6E43EB041488ACAE1233FA18782E64CACD17D1A392BCB7B8CB14FA615AC022C759B8F28CB7A95C89F00D97E926EA30FB
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"76ce3de6-b605-4cb9-b718-b181b35cf4a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715371137736,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.318993799220369
    Encrypted:false
    SSDEEP:6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJfbpatdPeUkwRe9:YvXKXadsZc0v/GVat8Ukee9
    MD5:F507DB3FDB84D3C86670761E3F67226F
    SHA1:3B4B7C051717D62F6863F6B30A5AA97229487670
    SHA-256:105D51062C15F86081460ADA023A260C6356BF350F1A64B7F19276304901340E
    SHA-512:209922D26282BCD622B429400D3D0796024506142BD6C97F46EC1E04B9DCA5C9AE01AE4E9370AF1C4114E23EAC11AB5B7E704EA82F88178F8695A7A2BEBAA5B3
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"76ce3de6-b605-4cb9-b718-b181b35cf4a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715371137736,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):286
    Entropy (8bit):5.277141818734792
    Encrypted:false
    SSDEEP:6:YEQXJ2HXfx0HeEPdVoZcg1vRcR0Y8eoAvJfshHHrPeUkwRe9:YvXKXadsZc0v/GUUUkee9
    MD5:BA8F3726307585193734ED4788A31C96
    SHA1:36B6D3332AF948646DDD8999BC44C13E4BEBCD65
    SHA-256:12FF4FF1C913CD8527868969D4ADE1168E3E3974D8D0B6385E5D9D791B4B8B48
    SHA-512:6585384242783738A8CA0004C17586472039E2E52E23890EED0A27C18644646CAB3759DCCBEC694F0411A6EAFDD63540C747A290C4854FDE9A911D65017696C9
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"76ce3de6-b605-4cb9-b718-b181b35cf4a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715371137736,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):782
    Entropy (8bit):5.375179017022997
    Encrypted:false
    SSDEEP:12:YvXKXadsZc0v/GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWe1Y:Yv6Xa+zvv168CgEXX5kcIfANh7Y
    MD5:275F915D2FFB0B90E80BC1D0A3C96EC2
    SHA1:73166431395C55D0CD7C6C265C19D629370DC66B
    SHA-256:3099F80DFE5508AD0901327CBF6EDB940DB888B4C08F283CE3C89DF10B7B9F97
    SHA-512:C14B6B1AE0796412D5AB211E00128353ADB6FE99B41FF8369DF649B8CBC3CD76565671F0395C72CEC7E8B2C04B5B923C417683D0F4100DD823405FA8B749F4CF
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"76ce3de6-b605-4cb9-b718-b181b35cf4a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715371137736,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1715196852768}}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):4
    Entropy (8bit):0.8112781244591328
    Encrypted:false
    SSDEEP:3:e:e
    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
    Malicious:false
    Preview:....

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):2814
    Entropy (8bit):5.132188281296859
    Encrypted:false
    SSDEEP:24:YosJAqCFNV2yBNb2LStEVYYpPzsBaKEhaysDHlKzY3dspUxHX43SjEwUsj0StA2F:YPS/hLAV5pEEmt1XPfU+iSAJj9ON
    MD5:5654DE793F21BB91E83B1C22AF509509
    SHA1:90351B890D40180CED2021503EC59D83ADDE445C
    SHA-256:41C6A9652C002A837491DE1D9CBBA40C29698767F75B887EF891D89C3271EC94
    SHA-512:119451D381FCE8CE75D6F7B22D12207D862FB8EB2CAF3748CC34C7C415CA3CB3091834E727D6E2CB6920AC09BC75EFDB0454F9E9A99D211E661AB1CB1EA170BB
    Malicious:false
    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"88887da19be2593d3a3bd144a1224147","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1715196852000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"1e6599eb50b15a86875d10f795b7b338","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1715196852000},{"id":"Edit_InApp_Aug2020","info":{"dg":"44ac45115ba76c8eeded665567586048","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1715196852000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"e160ba949caa8df8567bfd8fa5afa4c1","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1715196852000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"b80ff75850cdc080f13390eeb4316b8f","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1715196852000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"bbde06d6fdb5ede21699591485ea2ec8","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
    Category:dropped
    Size (bytes):12288
    Entropy (8bit):1.188243804139362
    Encrypted:false
    SSDEEP:48:TGufl2GL7msEHUUUUUUUUm5k0OSvR9H9vxFGiDIAEkGVvpS5k0I:lNVmswUUUUUUUUm5k0O+FGSItm5k0I
    MD5:37BA80BD5D6010425471F17D28373DEB
    SHA1:5FFFB3D080FE9CAA997A5C87471B09823EE255D2
    SHA-256:4E5C7E4622E8A198556D5FB42EEADF5168DD40B37207E995428DBAA9C53FE04A
    SHA-512:997B35B5CA95E4D530E7AEC6FCB8DB60C90EB013BDF67A892D3C328482CC38C19448918E632396509679310DFF6961DC82B4A6F98C3FC33547B664CC6DB07256
    Malicious:false
    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):8720
    Entropy (8bit):1.60770568089006
    Encrypted:false
    SSDEEP:48:7M0KUUUUUUUUUUm5k0cvR9H9vxFGiDIAEkGVvnqFl2GL7msU:7cUUUUUUUUUUm5k0sFGSIthKVmsU
    MD5:E45A6C20363A2BCADE0CAC1C48E7579E
    SHA1:B54651230EE871B4D0B91486C2997FDB00478949
    SHA-256:10825D7BE575156002FB08F86E3620B6E13BFEC2F5DF7583278EFCC137A509D9
    SHA-512:51663AC7BDCA8FFAF6B914F81BFF0C6574CDD691779F1B2DBF7B41DFDD7C998A26E5BBC6BC4CDF560F8E6E1738B99B012582157EE999B2DE4EDE7D29DEFC5D86
    Malicious:false
    Preview:.... .c.....`.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\MSI37878.LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):246
    Entropy (8bit):3.5278731006694652
    Encrypted:false
    SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8eo/24:Qw946cPbiOxDlbYnuRK6
    MD5:BCB7EDC7FB25045CB8600CAF0D6A4D15
    SHA1:DF92686BCEF50F87FACCFED98DBD0694A6E0F93B
    SHA-256:C83BBC51AD2BEADA7C6DA4C5E54785AA67720588869E1371FC285E65E608E29B
    SHA-512:3BBBE8EC35EF6A7D91CD35E918F5A9BD03A3773F71CB4A6565132D2E98D36E8ABB0E5A1624A029A5E3086BB6095B1C0A0712B42E4A408A425410F481A5C200F0
    Malicious:false
    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.8./.0.5./.2.0.2.4. . .2.1.:.3.4.:.1.4. .=.=.=.....

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-08 21-34-08-761.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393)
    Category:dropped
    Size (bytes):16525
    Entropy (8bit):5.345946398610936
    Encrypted:false
    SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
    MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
    SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
    SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
    SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
    Malicious:false
    Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393), with CRLF line terminators
    Category:dropped
    Size (bytes):16603
    Entropy (8bit):5.374144560796888
    Encrypted:false
    SSDEEP:384:BcApTfQtMPP68M7gk3etLtoAngcwRdLGNdxj3TWfVXW8XRTmXDXdXwX2pXFXcXFr:KJ9hkyfEy
    MD5:E44064280230DCB2B2A6A348D3E2641D
    SHA1:ACAD3E494AE42A657BC18D4A5EE8076401A685BD
    SHA-256:A398BCA7AF88997C8D7E5CD9637A9443E643C8CEBAFC3C767623A9151C9B2A3B
    SHA-512:81FADA7A49364BEE2A55F199FA1969586CE2579CC1D60F206FA18786DDCB77429D3AF012D64C281CF08F10D6EEE7FA57BB1227F598CE661FFFDFFF9F9CA69993
    Malicious:false
    Preview:SessionID=a3d514d5-1585-4269-a90c-0d3bac671cfc.1715196848801 Timestamp=2024-05-08T21:34:08:801+0200 ThreadID=6108 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=a3d514d5-1585-4269-a90c-0d3bac671cfc.1715196848801 Timestamp=2024-05-08T21:34:08:802+0200 ThreadID=6108 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=a3d514d5-1585-4269-a90c-0d3bac671cfc.1715196848801 Timestamp=2024-05-08T21:34:08:802+0200 ThreadID=6108 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=a3d514d5-1585-4269-a90c-0d3bac671cfc.1715196848801 Timestamp=2024-05-08T21:34:08:802+0200 ThreadID=6108 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=a3d514d5-1585-4269-a90c-0d3bac671cfc.1715196848801 Timestamp=2024-05-08T21:34:08:805+0200 ThreadID=6108 Component=ngl-lib_NglAppLib Description="SetConf

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):29845
    Entropy (8bit):5.390330370378727
    Encrypted:false
    SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rA:0
    MD5:8BBE6D2F1C8EF2CBCD43CD3C5B9B0E86
    SHA1:E209BACE9379C3B60F11AFDFC40D47D87E13A7B5
    SHA-256:FB8C54659EEE098925EC2040F4E81179A3F61C8F5858EE136D0B68B4455AE68C
    SHA-512:9DEE8837208A00D6617C3BD473492341BA40FAF007A54CEE12C89F07DA642127EAE56DCF8DEF2B74CCA9D90DEA00054A077433EE8B5316043AD65C994FC50B9E
    Malicious:false
    Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

    C:\Users\user\AppData\Local\Temp\acrocef_low\092bf2b0-4fea-4304-96bf-4f8e981d9ab0.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
    Category:dropped
    Size (bytes):386528
    Entropy (8bit):7.9736851559892425
    Encrypted:false
    SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
    MD5:5C48B0AD2FEF800949466AE872E1F1E2
    SHA1:337D617AE142815EDDACB48484628C1F16692A2F
    SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
    SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
    Malicious:false
    Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

    C:\Users\user\AppData\Local\Temp\acrocef_low\4d76207e-5d23-4b49-bc89-d333423a8f91.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
    Category:dropped
    Size (bytes):1407294
    Entropy (8bit):7.97605879016224
    Encrypted:false
    SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
    MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
    SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
    SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
    SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
    Malicious:false
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    C:\Users\user\AppData\Local\Temp\acrocef_low\63f6eacc-0822-47d9-a69a-27cc31acc344.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
    Category:dropped
    Size (bytes):1419751
    Entropy (8bit):7.976496077007677
    Encrypted:false
    SSDEEP:24576:/xA7owWLcGZtwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLcGZtwZGk3mlind9i4ufFXpAXkru
    MD5:A46246FAEAB95D87F5B4FE236C2B3D3E
    SHA1:7F018DB9238A63FEAD8D11A92297E7366058A75A
    SHA-256:7E822FECC47177C5A7F4C250E7D53509D104DE68B0D0CE9445877B508400988E
    SHA-512:8AAB79958BF39F014FBA7F69287FE0C357746E63FA3482DE3231BDF4A97B964A0815DAF7BFE9751C55BA6BE618E0A964CEB23FC30B4FA9DFEB284F42EBA897BF
    Malicious:false
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    C:\Users\user\AppData\Local\Temp\acrocef_low\d5681d34-c93c-4126-8886-8346f3308521.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
    Category:dropped
    Size (bytes):758601
    Entropy (8bit):7.98639316555857
    Encrypted:false
    SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
    MD5:3A49135134665364308390AC398006F1
    SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
    SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
    SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
    Malicious:false
    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

    Static File Info

    General

    File type:PDF document, version 1.4, 1 pages
    Entropy (8bit):6.780122266816325
    TrID:
    • Adobe Portable Document Format (5005/1) 100.00%
    File name:BRWCC6B1E080BAC_007512.pdf
    File size:116'309 bytes
    MD5:48c6eaa0d75d8a998ba92b92c8551a65
    SHA1:f62edc755e9d762817340e7a28a5f34c5e7014af
    SHA256:c29ac9d47e8d316ab8f227e7de8d67eee972d0d403502452f0850e8ee03c6563
    SHA512:99850bb1b80701583bf7f570212a44706384a9867e553baedf6f5a5fc74b10d4408b265eda402e8a48bda4dbad9d1e5744b940376eb98a68eb089b2041271205
    SSDEEP:1536:NboZkxVoX5kaot+SZkO/cFKMxLHp6WCvc2oRFCOpF0:KZknoX5potNSO/cJpV6chF0
    TLSH:0AB3CB178818DF87A068C3E4BF034E6C2F072B1DA9857AEB10524E9F7F606225DCE52D
    File Content Preview:%PDF-1.4..%@PDF0123456789 1..3 0 obj..<<.. /CreationDate (D:20240508114627-07'00'').. /Creator (Brother Scanner System : MFC-L6700DW series).. /Producer (Brother Scanner System Image Conversion).. /ModDate (D:20240508114627-07'00'')..>>..endob

    File Icon

    Icon Hash:62cc8caeb29e8ae0

    Static PDF Info

    General

    Header:%PDF-1.4
    Total Entropy:6.780122
    Total Bytes:116309
    Stream Entropy:6.760808
    Stream Bytes:115000
    Entropy outside Streams:4.978987
    Bytes outside Streams:1309
    Number of EOF found:1
    Bytes after EOF:

    Keywords Statistics

    NameCount
    obj9
    endobj9
    stream2
    endstream2
    xref1
    trailer1
    startxref1
    /Page1
    /Encrypt0
    /ObjStm0
    /URI0
    /JS0
    /JavaScript0
    /AA0
    /OpenAction0
    /AcroForm0
    /JBIG2Decode0
    /RichMedia0
    /Launch0
    /EmbeddedFile0

    Image Streams

    IDDHASHMD5Preview
    474606776354e0000dc933df89a23e4e2f4b4d9b9245a53e5

    Network Behavior

    Network Port Distribution

    TCP Packets

    TimestampSource PortDest PortSource IPDest IP
    May 8, 2024 21:34:19.306806087 CEST49741443192.168.2.4173.222.196.143
    May 8, 2024 21:34:19.306855917 CEST44349741173.222.196.143192.168.2.4
    May 8, 2024 21:34:19.306927919 CEST49741443192.168.2.4173.222.196.143
    May 8, 2024 21:34:19.307090044 CEST49741443192.168.2.4173.222.196.143
    May 8, 2024 21:34:19.307112932 CEST44349741173.222.196.143192.168.2.4
    May 8, 2024 21:34:19.810194016 CEST44349741173.222.196.143192.168.2.4
    May 8, 2024 21:34:19.810578108 CEST49741443192.168.2.4173.222.196.143
    May 8, 2024 21:34:19.810601950 CEST44349741173.222.196.143192.168.2.4
    May 8, 2024 21:34:19.811476946 CEST44349741173.222.196.143192.168.2.4
    May 8, 2024 21:34:19.811537981 CEST49741443192.168.2.4173.222.196.143
    May 8, 2024 21:34:19.813649893 CEST49741443192.168.2.4173.222.196.143
    May 8, 2024 21:34:19.813714027 CEST44349741173.222.196.143192.168.2.4
    May 8, 2024 21:34:19.814008951 CEST49741443192.168.2.4173.222.196.143
    May 8, 2024 21:34:19.814029932 CEST44349741173.222.196.143192.168.2.4
    May 8, 2024 21:34:19.868500948 CEST49741443192.168.2.4173.222.196.143
    May 8, 2024 21:34:19.977904081 CEST44349741173.222.196.143192.168.2.4
    May 8, 2024 21:34:19.978034019 CEST44349741173.222.196.143192.168.2.4
    May 8, 2024 21:34:19.978094101 CEST49741443192.168.2.4173.222.196.143
    May 8, 2024 21:34:19.978416920 CEST49741443192.168.2.4173.222.196.143
    May 8, 2024 21:34:19.978441954 CEST44349741173.222.196.143192.168.2.4
    May 8, 2024 21:34:19.978491068 CEST49741443192.168.2.4173.222.196.143
    May 8, 2024 21:34:19.978522062 CEST49741443192.168.2.4173.222.196.143

    HTTP Request Dependency Graph

    • armmf.adobe.com

    HTTPS Proxied Packets

    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
    0192.168.2.449741173.222.196.1434437788C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    TimestampBytes transferredDirectionData
    2024-05-08 19:34:19 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
    Host: armmf.adobe.com
    Connection: keep-alive
    Accept-Language: en-US,en;q=0.9
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: no-cors
    Sec-Fetch-Dest: empty
    Accept-Encoding: gzip, deflate, br
    If-None-Match: "78-5faa31cce96da"
    If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
    2024-05-08 19:34:19 UTC198INHTTP/1.1 304 Not Modified
    Content-Type: text/plain; charset=UTF-8
    Last-Modified: Mon, 01 May 2023 15:02:33 GMT
    ETag: "78-5faa31cce96da"
    Date: Wed, 08 May 2024 19:34:19 GMT
    Connection: close


    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    High Level Behavior Distribution

    Click to dive into process behavior distribution

    Behavior

    Click to jump to process

    System Behavior

    General

    Target ID:0
    Start time:21:34:05
    Start date:08/05/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\BRWCC6B1E080BAC_007512.pdf"
    Imagebase:0x7ff6bc1b0000
    File size:5'641'176 bytes
    MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:moderate
    Has exited:true

    General

    Target ID:1
    Start time:21:34:06
    Start date:08/05/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
    Imagebase:0x7ff74bb60000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:moderate
    Has exited:true

    General

    Target ID:3
    Start time:21:34:06
    Start date:08/05/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2132 --field-trial-handle=1592,i,2049043064737998012,7321684436256655777,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    Imagebase:0x7ff74bb60000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:moderate
    Has exited:true

    Disassembly

    No disassembly