Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Sommatiebrief.pdf

Overview

General Information

Sample name:Sommatiebrief.pdf
Analysis ID:1353851
MD5:ab19b8aa82b1c8503395e381a0c345e9
SHA1:33fafd1e7ef7b93f59a04ab67fa2da32d0bb3bd1
SHA256:49c602e685f23245ea9d5482fa3a1c9521a13d5eaf478bdccc55f41e3c7290a8
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 4280 cmdline: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Sommatiebrief.pdf MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7392 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7588 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1636,i,10912911403685677101,208638167770011629,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Software Vulnerabilities
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 23.202.152.182:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 23.202.152.182:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 23.202.152.182:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 23.202.152.182:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 23.202.152.182:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 23.202.152.182:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 23.202.152.182:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 23.202.152.182:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 23.202.152.182:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 23.202.152.182:443 -> 192.168.2.5:49715
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficTCP traffic: 192.168.2.5:49715 -> 23.202.152.182:443
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.152.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.152.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.152.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.152.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.152.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.152.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.152.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.152.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.152.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.152.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.152.182
Source: unknownTCP traffic detected without corresponding DNS query: 23.202.152.182
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: classification engineClassification label: clean1.winPDF@14/39@0/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-12-05 10-31-05-647.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Sommatiebrief.pdf
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1636,i,10912911403685677101,208638167770011629,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1636,i,10912911403685677101,208638167770011629,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Sommatiebrief.pdfInitial sample: PDF keyword /JS count = 0
Source: Sommatiebrief.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Sommatiebrief.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
Valid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Non-Application Layer Protocol		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
Domain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration12
Application Layer Protocol		Data Encrypted for ImpactDNS ServerEmail Addresses
Local AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureTraffic Duplication1
Ingress Tool Transfer		Data DestructionVirtual Private ServerEmployee Names

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1353851 Sample: Sommatiebrief.pdf Startdate: 05/12/2023 Architecture: WINDOWS Score: 1 6 Acrobat.exe 20 65 2->6         started        process3 8 AcroCEF.exe 68 6->8         started        process4 10 AcroCEF.exe 2 8->10         started        dnsIp5 13 23.202.152.182, 443, 49715 AKAMAI-ASN1EU United States 10->13

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Sommatiebrief.pdf0%ReversingLabs
Sommatiebrief.pdf0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
23.202.152.182
unknownUnited States
20940AKAMAI-ASN1EUfalse

General Information

Joe Sandbox version:38.0.0 Ammolite
Analysis ID:1353851
Start date and time:2023-12-05 10:30:17 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 52s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:9
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:Sommatiebrief.pdf
Detection:CLEAN
Classification:clean1.winPDF@14/39@0/1
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer
  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 23.221.240.182, 18.213.11.84, 54.224.241.105, 50.16.47.176, 34.237.241.83, 162.159.61.3, 172.64.41.3, 23.222.5.137, 23.222.5.153, 23.40.62.83, 23.40.62.64, 23.222.5.139
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
23.202.152.182https://efss.qloud.my/index.php/s/BArcFZDA6bkojcyGet hashmaliciousHTMLPhisherBrowse
    Ordine_Frode_1027797000003171_Ordine_Frode_1027797000003171pdf.exeGet hashmaliciousUnknownBrowse
      Factura_FVR23041255_Factura_FVR23041255pdf.exeGet hashmaliciousUnknownBrowse
        Certificazione_Partecipazione_Corso_AML_IT15318pdf.exeGet hashmaliciousUnknownBrowse

          Domains

          No context

          ASNs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          AKAMAI-ASN1EUAWB_file.exeGet hashmaliciousFormBookBrowse
          • 172.232.128.154
          https://script.google.com/macros/s/AKfycby0tCU2I4XsTyjyFVk1amUr_ugr207T8e8yw8C8a98vWdvuRtaIvmxYloWPG-_eafkc8g/execGet hashmaliciousUnknownBrowse
          • 23.202.154.36
          7u9c57GShq.elfGet hashmaliciousMiraiBrowse
          • 92.122.218.171
          _221 Remington Fireball - Bing images.htmlGet hashmaliciousUnknownBrowse
          • 23.12.147.22
          1y4KChrnVA.elfGet hashmaliciousMiraiBrowse
          • 23.215.11.61
          cwilson.emlGet hashmaliciousPhisherBrowse
          • 23.46.153.73
          3BH9qvFmjA.exeGet hashmaliciousGlupteba, Petite Virus, Socks5SystemzBrowse
          • 23.222.79.195
          6qzgDEdCOl.exeGet hashmaliciousGlupteba, Petite Virus, Socks5Systemz, Stealc, VidarBrowse
          • 23.48.104.104
          file.exeGet hashmaliciousGlupteba, Petite Virus, Socks5Systemz, Stealc, VidarBrowse
          • 23.205.106.89
          https://t.co/wr6Lsmne2LGet hashmaliciousUnknownBrowse
          • 23.12.147.22
          http://cloudflare-ipfs.comGet hashmaliciousUnknownBrowse
          • 23.222.79.235
          https://cloudflare-ipfs.comGet hashmaliciousUnknownBrowse
          • 23.48.104.108
          http://operadarte.net/ikquojsGet hashmaliciousUnknownBrowse
          • 23.12.145.54
          wechat_XC560-1.exeGet hashmaliciousUnknownBrowse
          • 23.46.150.81
          er0O6iIWXW.exeGet hashmaliciousAmadey, Glupteba, Petite Virus, Socks5Systemz, onlyLoggerBrowse
          • 96.6.42.17
          https://tap-rt-prod1-t.campaign.adobe.com/r/?id=h9ecb88b,c1e96b3,69fe0fb&p1=www.google.com/amp/s/members.smoove.io/lk09ggctonnaanh3gtqkeg3y8gtcqhm7ecnsmbmb3ysintnakn8bfi8nndnienw.ashx#YnBpLmJnbC1sY3NpcnRAYmdsLmx1Get hashmaliciousHTMLPhisherBrowse
          • 172.233.64.157
          file.exeGet hashmaliciousAmadey, Glupteba, Petite Virus, Socks5Systemz, onlyLoggerBrowse
          • 23.48.104.78
          https://steam-glft.com/id=1047324172Get hashmaliciousUnknownBrowse
          • 23.8.65.235
          https://aws3-demo.link/RYfUelGet hashmaliciousUnknownBrowse
          • 23.12.147.165
          file.exeGet hashmaliciousAmadey, HTMLPhisher, Glupteba, Petite Virus, Socks5Systemz, onlyLoggerBrowse
          • 23.12.147.72

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          (copy)

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:PostScript document text
          Category:dropped
          Size (bytes):10880
          Entropy (8bit):5.214360287289079
          Encrypted:false
          SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
          MD5:B60EE534029885BD6DECA42D1263BDC0
          SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
          SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
          SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):294
          Entropy (8bit):5.165127067277431
          Encrypted:false
          SSDEEP:6:kmsTCRMq2P92nKuAl9OmbnIFUt9sTCFi9ZmwLsTCFiPkwO92nKuAl9OmbjLJ:kmsT0Mv4HAahFUt9sTYi9/LsTYiP5LHi
          MD5:2A80C9A77F8BA65036EB9A41B554C660
          SHA1:91AA2F66D41B4CA43F2FF58BADD902CF24B16025
          SHA-256:E0698C4236E028A53C3ED0E18CE3277DDE3B608D2D1D2A74BC75B15039420C2D
          SHA-512:5A51C523217B06C8E22EC8051F77CDF6451D1562280691AB08AE72F9902EBA16F6C35571C614D2A209E48B0BAE0DB2FC3B9E077194B0EE656F0C7FB0901C86B6
          Malicious:false
          Reputation:low
          Preview:2023/12/05-10:31:03.446 1d14 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2023/12/05-10:31:03.447 1d14 Recovering log #3.2023/12/05-10:31:03.447 1d14 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):338
          Entropy (8bit):5.14000640381476
          Encrypted:false
          SSDEEP:6:kmsTCJ9+q2P92nKuAl9Ombzo2jMGIFUt9sTCrHS3JZmwLsTCrHS39VkwO92nKuAv:kmsT4+v4HAa8uFUt9sTYHm/LsTYHiV5c
          MD5:4E1FE96B7D788F396FDDBBDD42512C84
          SHA1:4A745CE2716208FE783CA8F8FBFB0EF362C36369
          SHA-256:7E8BA4EFC1760862DCEF0F58996495A12BCBF438C52728269F55E3AC26CF41D6
          SHA-512:DF1D8A430151190C383D21CAC0F608B79E4A61F71FA7E4EF1FE34AEB7C2DC31183F4D559A65738EF5620383064F5CE040A92AE437D711E68F4CC54E22E2D376C
          Malicious:false
          Reputation:low
          Preview:2023/12/05-10:31:03.488 1dbc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2023/12/05-10:31:03.490 1dbc Recovering log #3.2023/12/05-10:31:03.490 1dbc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\31d1fb82-1277-43b8-8bc2-4291677351e7.tmp

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:JSON data
          Category:modified
          Size (bytes):507
          Entropy (8bit):5.061442308068985
          Encrypted:false
          SSDEEP:12:YH/um3RA8sq6WsBdOg2H6O2caq3QYiubxnP7E4T3OF+:Y2sRdsjdMH6s3QYhbxP7nbI+
          MD5:546AC5E59FD531C681CDFC9B29C2A5BC
          SHA1:7972FD689D912AAE20EB2E08F0FBB53726237695
          SHA-256:C726437E829AA0F9F2B34727D78D01528BA30181E84F3A93CC6F2364F3618BF8
          SHA-512:3AF1172358F9E502B930054D16F6B04725B7698EE4C9BA027A26A6C1CFB644B5B1632F29E2893987441D8E325FF65FA2CC8643A9405CF9B6A6B9BCC616DAD8B4
          Malicious:false
          Reputation:low
          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13346328675400887","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":97295},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):4509
          Entropy (8bit):5.236822155713174
          Encrypted:false
          SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUVevJAussuPeiZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLk
          MD5:9CEE9F0AC7D4B4BC5A1099499DF2337E
          SHA1:3C73848F6DD75A488A59A7AC6FAB16336BDE5C75
          SHA-256:DFFC16B9FF343488048A08E76811DAAA00799167BE3CA870D06A65245F98F84D
          SHA-512:4F51226F5C3FF685694A4B0E92D87DE9B6E69EE651EE561C56A0871C63E9263BB510B2258D2A81E08B740F3581CBDEF4ACF234ABD357513D95FFDB4AAA2FE21E
          Malicious:false
          Reputation:low
          Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):326
          Entropy (8bit):5.179937749836008
          Encrypted:false
          SSDEEP:6:kmsTOR9+q2P92nKuAl9OmbzNMxIFUt9sTOsBkJZmwLsTO0h39VkwO92nKuAl9Omk:kmsTU+v4HAa8jFUt9sTC/LsT3NV5LHAo
          MD5:2B12D5B24910DA9ECACCFD8190497E98
          SHA1:D8614C0B5C2B5940594C3BC79EDB6CF62C38415A
          SHA-256:80B3C4C30307A7A03932181915FAB771C4DD2198EF255F593922721F3B861407
          SHA-512:3F17388616CA8FA84BEA2396B47781B98AED2EB949CCDCB7CF90671C342E2A19C9D9BB6E4C629CAA85233FCB175A33A286CF07D95EAA7B0C3455EC8399237515
          Malicious:false
          Reputation:low
          Preview:2023/12/05-10:31:03.844 1dbc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2023/12/05-10:31:03.846 1dbc Recovering log #3.2023/12/05-10:31:03.847 1dbc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-231205093107Z-153.bmp

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
          Category:dropped
          Size (bytes):65110
          Entropy (8bit):2.1879042187305395
          Encrypted:false
          SSDEEP:384:d4I3bVAzvEWOxtq3hZX3L0u0BGiDxtVBpXcHqqDNs7eFUvkKox6:dfqrM/AhpF0DxxpsH6eFUvkKox6
          MD5:B26589E10CE571DDBA06644D4D930682
          SHA1:3FD638BD4F406676666AF214CEF7C44012209183
          SHA-256:DFC273413E3FB97127B390FF4AE05CC73915BF8E30192C669D19FCEACAFCBDAB
          SHA-512:9E69A90075D7549EA4F2B14E98DBF4E3E9BFE7790A6A3822B09C10ACF3E7F97F2CDCF19FF93D253DA73EE4D1D15EE334708D1AA7678CD93E56EB679F70FC3B5C
          Malicious:false
          Reputation:low
          Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7232

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:PostScript document text
          Category:dropped
          Size (bytes):1233
          Entropy (8bit):5.233980037532449
          Encrypted:false
          SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
          MD5:8BA9D8BEBA42C23A5DB405994B54903F
          SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
          SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
          SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7232

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:PostScript document text
          Category:dropped
          Size (bytes):10880
          Entropy (8bit):5.214360287289079
          Encrypted:false
          SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
          MD5:B60EE534029885BD6DECA42D1263BDC0
          SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
          SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
          SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
          Malicious:false
          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:data
          Category:dropped
          Size (bytes):227002
          Entropy (8bit):3.392780893644728
          Encrypted:false
          SSDEEP:1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
          MD5:87EDBEE38F56C20298F25D5D3D4D1B5C
          SHA1:7F904E9615AC3186A87472EF366DD8202855B0B7
          SHA-256:A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
          SHA-512:BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
          Malicious:false
          Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):295
          Entropy (8bit):5.331428880811347
          Encrypted:false
          SSDEEP:6:YEQXJ2HXmf4eCbM7+FIbRI6XVW7+0YyYsxoAvJM3g98kUwPeUkwRe9:YvXKXmwTzYpW7AGMbLUkee9
          MD5:B24770CB6A803F7AD9C041085B638922
          SHA1:C21CD8DBE3442DFA0BC24B9C023F4F668C476F4C
          SHA-256:FC92550170AA91ACDBF3FDD417E633D9C273D5BE802FA39E8FF14CDEB1FF3A96
          SHA-512:01216013F8941922719E18756B53F9B9889F7428F4C67D0566DE401FF00ED9BADE7FD063C9F0CE395344581B6A5901B12A231DB480C5B41C5B3DF79B936BEB21
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"a259e2e6-e232-4cd2-b525-8d25c88613bc","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1701947843254,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):294
          Entropy (8bit):5.269948618867591
          Encrypted:false
          SSDEEP:6:YEQXJ2HXmf4eCbM7+FIbRI6XVW7+0YyYsxoAvJfBoTfXpnrPeUkwRe9:YvXKXmwTzYpW7AGWTfXcUkee9
          MD5:ACCFC7E431851F3D0671776024B221EF
          SHA1:1A17B6050AF8333A650EC11A2F98285F26F2827D
          SHA-256:9402A2F09E7A2A95286F711D0ED25DE9BD94D56B227C6419B5BBC70D5A72C057
          SHA-512:1C544CDC2A578D75BFED8D9C05D6755CBD2E6D5F1D1ECEEE82385781EBE3A87458954885C5BC7EA1BD23E91ED7AA28A5286473452B772C5BECD75514164287FE
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"a259e2e6-e232-4cd2-b525-8d25c88613bc","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1701947843254,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):294
          Entropy (8bit):5.248360292132452
          Encrypted:false
          SSDEEP:6:YEQXJ2HXmf4eCbM7+FIbRI6XVW7+0YyYsxoAvJfBD2G6UpnrPeUkwRe9:YvXKXmwTzYpW7AGR22cUkee9
          MD5:C589F78078B6EA053ADE433D985A38A7
          SHA1:37A7D2FC323B352D975F2768EC58A9C86BD734D2
          SHA-256:06E2308C93854CFE06CB2131D36AA20ABAC1CEC2B61402C1CA260F8FB1E566B9
          SHA-512:86954708F9C0F1DF54DF9E0C707FCDCE42AE7C7A06E5739C9CE70F373EBC8DE5FBCADC82654D1C92A093E6B76D9232CC672B0CE0144FC585D06B58EE13608769
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"a259e2e6-e232-4cd2-b525-8d25c88613bc","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1701947843254,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):285
          Entropy (8bit):5.309201249500166
          Encrypted:false
          SSDEEP:6:YEQXJ2HXmf4eCbM7+FIbRI6XVW7+0YyYsxoAvJfPmwrPeUkwRe9:YvXKXmwTzYpW7AGH56Ukee9
          MD5:1AA04278E1D335ABDD0244CFE773A80B
          SHA1:CA5DCBF517AFB0EC271354EE33552E0BD67C2E3C
          SHA-256:05EDBD847F72495CA4C45AB9A27C381F5E9C3B98696BFAA07BBE3C3EFCAA3E1E
          SHA-512:4ECBCC93F3648520539C869469E160BABC95873FE912AFEB4F974A49BF882CD8301FA31F47D069353B8E9F16D3FCCB51C34C8E0E66AB40C6A45AF3676D95D902
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"a259e2e6-e232-4cd2-b525-8d25c88613bc","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1701947843254,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):1255
          Entropy (8bit):5.695451182466284
          Encrypted:false
          SSDEEP:24:Yv6XmioidpLgEsv4ce3KnctSrymTBcu14wChluBks8ctq3HAj:YvliPdhgnvjRrNTB5OJhABks8c2HAj
          MD5:C886CA3ECBA463B877C715EFDD1986DC
          SHA1:8763021F2A19FB972345646FBF12FA340C192FE9
          SHA-256:1B6841181403933479A92EFE996462E1B3932DFA30F7B6AAD974836B6C4DADA2
          SHA-512:61D2019EEA6B77A1C3300EE6D058895162BFEB68AA48B7301041E0DEAC63F1867831BF72775A3E3D42125DCCDD49F771D48A756D71D2991A34BA24918EBDCEFE
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"a259e2e6-e232-4cd2-b525-8d25c88613bc","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1701947843254,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_0","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"f7fa0e9f-7d25-4321-b719-c501bbb8a162","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJDb252ZXJ0IGZpbGVzIHRvIGFuZCBmcm9tIFBERiBcbndpdGhvdXQgbGltaXRzLiIsImJhY2tncm91bmRfc3R5bGluZyI6eyJiYWNrZ3JvdW5k

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):1250
          Entropy (8bit):5.702652948959302
          Encrypted:false
          SSDEEP:24:Yv6XmioiBVLgEsy4c19ZrGmTBcu14wCh5rgos8ctq3HAj:YvliPBFgnyl9ZrBTB5OJhFgos8c2HAj
          MD5:783F6C9D0E05F0AC3DEF1697B72A7C7E
          SHA1:EBFFA6926D8F2B2B8D33884A3F6306B709513860
          SHA-256:E4EB4E1732C33AA77AB5C0AF71954482D5F865138E9A4EA395AE734016669361
          SHA-512:5696E8DD7168E334FC51717F628CDE5A5346E252557ACBE83C61B0E16F5F0EFE063AE10455BAC4F760676040D7C68D69BAEDC8578667EE2A50071CD486FF7AF4
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"a259e2e6-e232-4cd2-b525-8d25c88613bc","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1701947843254,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_1","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"250f56c6-2d66-4fca-8033-eabbd2bc9951","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJDb252ZXJ0LCBlZGl0IGFuZCBlLXNpZ24gUERGXG4gZm9ybXMgJiBhZ3JlZW1lbnRzLiIsImJhY2tncm91bmRfc3R5bGluZyI6eyJiYWNrZ3JvdW5kX2Nvb

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):292
          Entropy (8bit):5.25377116273769
          Encrypted:false
          SSDEEP:6:YEQXJ2HXmf4eCbM7+FIbRI6XVW7+0YyYsxoAvJfQ1rPeUkwRe9:YvXKXmwTzYpW7AGY16Ukee9
          MD5:50553A6281654AFE0E0BCAB630A3B964
          SHA1:D115F5297161DE7E9DD9C641C6B9B4E88338B4F3
          SHA-256:04D74CB9E51DC6AD61E7B7F6AEB8289B181CD0A7CE697C5D300C94D0788D808F
          SHA-512:A92F2A3B76A420FEF0D1E85DB88C3078A118400E9A62CBB878D10A5BF67001FF5E1D3946E771C15B7E87B7B8641A689168400B2DAE327E208BA389A00FB628A6
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"a259e2e6-e232-4cd2-b525-8d25c88613bc","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1701947843254,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):1230
          Entropy (8bit):5.68874420113523
          Encrypted:false
          SSDEEP:24:Yv6Xmioiw2LgEsk4ccVrhmTBcu14wChds8ctq3HAj:YvliPwognkMVrYTB5OJhds8c2HAj
          MD5:7D7155FCC1DC8C214E307B1A50B35E87
          SHA1:B31747F7D8858DDB1F6E03DBD1AB00328DF552D5
          SHA-256:98B65F1F3FF18BC17F304B27788D58BBBB7A0CB6DCCD224D8A36293473BD738F
          SHA-512:A5DB7B509FCB9A7B66100536BF94E2CF9834E461419C6241A0EBC6F42A00DB3A58D974C26E34696A192548296BA6173549AEE20C634EF7F05C4A95D4F70BE92D
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"a259e2e6-e232-4cd2-b525-8d25c88613bc","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1701947843254,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_3","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"07caa165-20a7-4c5f-adf8-061ef3d98af3","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiIsImJhY2tncm91bmRfc3R5bGluZyI6eyJiYWNrZ3JvdW5kX2NvbG9yX2RhcmtfdGhlbWUiO

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):1368
          Entropy (8bit):5.750850067256579
          Encrypted:false
          SSDEEP:24:Yv6Xmioi4KLgEGcooZbq0jCaBrwJoZct5uWaHbX3HAj:YvliP4EgNoNtlSJEc3uWaHbHHAj
          MD5:6796D53E897F33F30CDB9E00F264E4FA
          SHA1:CCBD4DE5866E5F3C447CFDC746D549DA36C50610
          SHA-256:4F2CFBA967E58525EC2451B07C7C92D9E9490DD33F4602AF6B0684256BC5256F
          SHA-512:467D87382777C61D2BF8A77A01E2D4CC28DF2AF47B80158205C780041FCEE6A3FD5AF8B9F113CE6EEB1756DF054BD47FBE0B44EA52CD6B9C451D584312BF9D32
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"a259e2e6-e232-4cd2-b525-8d25c88613bc","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1701947843254,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"70654_217714ActionBlock_0","campaignId":70654,"containerId":"1","controlGroupId":"","treatmentId":"692283b7-dc9d-4f79-9ee2-bccf324c2980","variationId":"217714"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNyIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTEiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBhbGwgUERGIGFuZCBlLXNpZ25pbmcgdG9vbHMuIiwiYmFja2d

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):289
          Entropy (8bit):5.261046600537548
          Encrypted:false
          SSDEEP:6:YEQXJ2HXmf4eCbM7+FIbRI6XVW7+0YyYsxoAvJfYdPeUkwRe9:YvXKXmwTzYpW7AGg8Ukee9
          MD5:13B2C5602E9E5D886B71194F930905F2
          SHA1:A5724F2114121A915367E4F2B1A92DC6B8C904D4
          SHA-256:EFC53B529E42114CF22407358D2272172BAA773218DEF696B83693ADCF1785DC
          SHA-512:DCCDC47D99AF6EF294B983574254D3084CA3D98C0EB0FE0A78CBAB828FF98560CFF596360B0E8137382DB50ADF1C65DCF129BBFEAC559A4C098C48559D1FFA4E
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"a259e2e6-e232-4cd2-b525-8d25c88613bc","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1701947843254,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):1395
          Entropy (8bit):5.774873879194113
          Encrypted:false
          SSDEEP:24:Yv6XmioiXrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNRj:YvliPXHgDv3W2aYQfgB5OUupHrQ9FJPj
          MD5:39EFE943DB6FD0847AD5D0742FCCD01B
          SHA1:2275B37E76CF5EB3B4BC1FC819C7E7E2753CAFF8
          SHA-256:F51114F90E37795307AD4FA6D322024F9B83D01F45A51BFD3892357B802AE27F
          SHA-512:1A15E68070C1742E30DAB68771DF95492DF9F83393355630B40A0CB2E935152129079C0200215DF6B2FFB37EBD64EE01343C7FF8E1412B9A9199685B8C2F94A4
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"a259e2e6-e232-4cd2-b525-8d25c88613bc","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1701947843254,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):291
          Entropy (8bit):5.244861419169917
          Encrypted:false
          SSDEEP:6:YEQXJ2HXmf4eCbM7+FIbRI6XVW7+0YyYsxoAvJfbPtdPeUkwRe9:YvXKXmwTzYpW7AGDV8Ukee9
          MD5:AEDAFA64A67643571BE40E34E14FAE52
          SHA1:811A7B266CD0A5B5D2B8A572E44E4388E34E21F3
          SHA-256:09FB2732E372871E7D1CA92BC5D86753DD26BAC70C7781C99ABEB1EDBB7FD7EE
          SHA-512:F4D42338E513DA4C5CDFB13D8B4420324F0C537EEC0B91C07D26AC4188FDC2527381C0557ABFAFBD1DF0A14DDB857BA61F8E3DF86ED7F03612142BDA52595839
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"a259e2e6-e232-4cd2-b525-8d25c88613bc","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1701947843254,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):287
          Entropy (8bit):5.245681084622614
          Encrypted:false
          SSDEEP:6:YEQXJ2HXmf4eCbM7+FIbRI6XVW7+0YyYsxoAvJf21rPeUkwRe9:YvXKXmwTzYpW7AG+16Ukee9
          MD5:44D3442A759FCF9FA7B15BB32A2A05BF
          SHA1:D062B3240E385004CCB5E5D350FD45DA39566524
          SHA-256:7624F47A158CCAE4CA0B59F21D85C28DD1FC360A3BFD1235C4805F3963C260E6
          SHA-512:0D76B2420DB042A5EDA795D49AE73264DDD932314432D74BC87FDB5B2F180F0D55E419085D2071EEFA60031DF25FC93A1E47BA2B4035B619958D0C17EDB3C103
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"a259e2e6-e232-4cd2-b525-8d25c88613bc","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1701947843254,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):1250
          Entropy (8bit):5.715190311678183
          Encrypted:false
          SSDEEP:24:Yv6XmioilamXayLgEs54c3drNaHmTBcu14wChqx+plVCV9FJN3HAj:YvliPZBgn5drpTB5OJhr9Q9FJ9HAj
          MD5:7979D1EA88E51E02362A95FEFDCA3F32
          SHA1:A636090E839A039E336978FE139CC9F59489ADDC
          SHA-256:C9C0014E18AB74A82C0219D901AC6EE86A84B37A3CDCCF3EA79E73DEEE6F1FEE
          SHA-512:2E3DAD3B663B55186CDE3FD78562851369AC767151C3EFE16BBCF9977574F712368DB64419693908A237FE17BC7BC1640C2B7322677A6C6AF63B41A38E6B615C
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"a259e2e6-e232-4cd2-b525-8d25c88613bc","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1701947843254,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_2","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"8deb148d-1a64-4e57-9648-e8bf939c598e","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJTZW5kIGRvY3VtZW50cyAmIGZvcm1zIFxuZm9yIGZhc3QgZS1zaWduaW5nIG9ubGluZS4iLCJiYWNrZ3JvdW5kX3N0eWxpbmciOnsiYmFja2dyb3VuZF9jb

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):286
          Entropy (8bit):5.220753922627627
          Encrypted:false
          SSDEEP:6:YEQXJ2HXmf4eCbM7+FIbRI6XVW7+0YyYsxoAvJfshHHrPeUkwRe9:YvXKXmwTzYpW7AGUUUkee9
          MD5:AB2C495F304FD05B059D1CCC4B5FF37A
          SHA1:6EE614F60B5A29B5E21809F5785090A14F52D3EE
          SHA-256:3EA9F07462643207554F46ED8A78476359353146C6C346DA60FBC518987787AC
          SHA-512:C7B832FCBDCDDE125C17EEFF4DE016E5C54ACFE0E76E232FFDB5573A777772BA9319414F0FA066C7A445367BD2D028826A47E087189B49EAB65877E8CDBD8653
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"a259e2e6-e232-4cd2-b525-8d25c88613bc","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1701947843254,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):782
          Entropy (8bit):5.360659100236072
          Encrypted:false
          SSDEEP:12:YvXKXmwTzYpW7AGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWdj:Yv6Xmioi2168CgEXX5kcIfANhAj
          MD5:4084DC03EFE67C8D172886C8A8132DC3
          SHA1:56DBD58CF3AEF7DFF6841C2C6F97DF986BCB49A0
          SHA-256:6B1096F51B8E52E89B28F096C642C504CC51BF4C28CB5B3F8237475FE30F25C9
          SHA-512:4EA9A9A2BD7F04E4200DB601AB98E1A45D11DCD7C0C84AB3FFA37A0BA34211674716B63C0B53B5FA427A1356A6422C94173E53E16E58DFE48F3A54EF446BFD78
          Malicious:false
          Preview:{"analyticsData":{"responseGUID":"a259e2e6-e232-4cd2-b525-8d25c88613bc","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1701947843254,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1701768668284}}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:data
          Category:dropped
          Size (bytes):4
          Entropy (8bit):0.8112781244591328
          Encrypted:false
          SSDEEP:3:e:e
          MD5:DC84B0D741E5BEAE8070013ADDCC8C28
          SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
          SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
          SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
          Malicious:false
          Preview:....

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):2818
          Entropy (8bit):5.127347191521483
          Encrypted:false
          SSDEEP:48:Y74hgbSfhGhlmhzIZhOQiq5hihAyDh+hZyNhQK17Nhlij3hpc7T3hmZZhh/6U95L:8bSCgI3ytsM78js7wzCqF
          MD5:7482CF06A06E30380A4AC6795FB94ACD
          SHA1:14D5433366793ECFF6F053DF8A8AC4A9BD0800C0
          SHA-256:114FC1DE6435DFEC8B7C665F0AF138DCB93C36417B7F1E036E9834513314053A
          SHA-512:50AE5E58D0CBA6CD5BF9BDCC3C84999E7DF09EE96C880287AAB1B52CEA978A3F7ECE8540CCF46DD87C49DA033E604DA120171A11ACB25A815C1E82218497B5B2
          Malicious:false
          Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"f44fdd071cbcb11a779d3d7221f0f146","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1701768667000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"1173ade968b8cf01ad27ceaa5d1f30bc","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1368,"ts":1701768667000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"aaf8f49953652e128f7fe174732fbb52","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1701768667000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"b31c41f687cbd8bdf21aa34a6497f0bd","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1701768667000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"88d1cc37e2a298b55eb59d2133b4dafe","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1230,"ts":1701768667000},{"id":"Edit_InApp_Aug2020","info":{"dg":"855e01bef521b4154a60c423ad01a463","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
          Category:dropped
          Size (bytes):12288
          Entropy (8bit):0.9838948703168852
          Encrypted:false
          SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Spt74zJwtNBwtNbRZ6bRZ4Q7F:TVl2GL7ms6ggOVptUzutYtp6P7R
          MD5:4498E44ABEFB179B1AA629D9A85201D0
          SHA1:4E5E52A27D45E5766292FA2B618214898D3E1DF1
          SHA-256:B93DE4206DFFED100A300EE49776B1379914272FA98BD604FDA6003A6657AAB7
          SHA-512:BA16596968C05AB29361042720C6A6E8C33F0EBD11F51B34C507A3292D8161DC93EC041B0055CFFF938EDE0682959B81FBFEF54E9CE6EFADB6F7A12BD7450FA7
          Malicious:false
          Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:SQLite Rollback Journal
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):1.3369212163143975
          Encrypted:false
          SSDEEP:24:7+tpAD1RZKHs/Ds/Spt7PzJwtNBwtNbRZ6bRZWf1RZKqqLBx/XYKQvGJF7urs+:7MpGgOVptrzutYtp6PM/qll2GL7ms+
          MD5:69FDE2990AE85A755D73D58D451B2773
          SHA1:307DAD68A54AFE3FD8DE7B0A9A838937B185A6E5
          SHA-256:80964584AF6F05FC6E7F75FFE0D3884839F2CE340FB5A97193A197D4B6C5EE8B
          SHA-512:833EFCE43E720ED67A88D1CE87CF6748186B0F8115027B76D2B5755238ADDA2AECE69D523AA6B41F4CD41517DFC8DA14586219AD089CD3F2D4CFA20EBB853CA6
          Malicious:false
          Preview:.... .c.....5.K.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:data
          Category:dropped
          Size (bytes):66726
          Entropy (8bit):5.392739213842091
          Encrypted:false
          SSDEEP:768:RNOpblrU6TBH44ADKZEgRbo7TUXMTwqn75J7c6A0v8Yyu:6a6TZ44ADERb2TUXiwB68K
          MD5:CBE6BF96436671A50E0CC260E6E475E7
          SHA1:521B3CFD9949D975541D23F83B7FE14DBE17055C
          SHA-256:880B2A183B3C2A016F889D9B61C1BC057E1BB05F3F95276B8337F1BEB64C615B
          SHA-512:EA943831796B6BE7B93F7A95C23214D63E50487E733A566D17B3B95B9B1985E99B35B0B4EC67B2D4913C61FC19C0DE3BF2FA00F54FDFBB63ECC73F4CC30598E6
          Malicious:false
          Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

          C:\Users\user\AppData\Local\Temp\MSI68d78.LOG

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
          Category:dropped
          Size (bytes):246
          Entropy (8bit):3.4953527754662135
          Encrypted:false
          SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8wcElXMN3EYlYH:Qw946cPbiOxDlbYnuRKplkEYlYH
          MD5:763EB4FCDB00D82D19E270C461288E2B
          SHA1:DC5832D1675B188F48AE5A6ADEF717B04D5F949B
          SHA-256:1CBCBB242681DEFCA8B34076819E3CCFB96B576C55770D51B58451658A10AA7C
          SHA-512:DC2560C7F0D8C442AD5DA30A91F3B12A5D403774CA8E0C60435475E7609FF764D5F812B822E098DB31A97568A9958A041EB2041098488C53F423F2B782F23289
          Malicious:false
          Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.5./.1.2./.2.0.2.3. . .1.0.:.3.1.:.1.0. .=.=.=.....

          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-12-05 10-31-05-647.log

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:ASCII text, with very long lines (393)
          Category:dropped
          Size (bytes):16525
          Entropy (8bit):5.376360055978702
          Encrypted:false
          SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
          MD5:1336667A75083BF81E2632FABAA88B67
          SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
          SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
          SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
          Malicious:false
          Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:ASCII text, with very long lines (393), with CRLF line terminators
          Category:dropped
          Size (bytes):16603
          Entropy (8bit):5.3783333902928945
          Encrypted:false
          SSDEEP:384:FnhmCsvcXhJDKUnE5pTymQaXLExl2OKkDAiQ2ywdJ23i/BdsMzRdSFSbmVjBt+uI:/O6xZ
          MD5:E64E5EE74C2BE6C1B156919AC14C7BA5
          SHA1:E8D376553A1442CD6C823B8CFCC6FC9F4B276735
          SHA-256:F33616DA9223A1F8B21FC5190179B47D72EB22B99219141933786F143EC17DE0
          SHA-512:EBDAA2A2567C050414DE3B9C8BF23689A0E2FC81BEAFCCD12D09663DC5CE887E1BF40B981344BDA7E0659682B4242FC2E1ABC357A873B53A4DAD00D20F746AB9
          Malicious:false
          Preview:SessionID=0d382b8f-5be9-4fb3-9a54-915a1db7f8e0.1701768665670 Timestamp=2023-12-05T10:31:05:670+0100 ThreadID=8136 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=0d382b8f-5be9-4fb3-9a54-915a1db7f8e0.1701768665670 Timestamp=2023-12-05T10:31:05:671+0100 ThreadID=8136 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=0d382b8f-5be9-4fb3-9a54-915a1db7f8e0.1701768665670 Timestamp=2023-12-05T10:31:05:671+0100 ThreadID=8136 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=0d382b8f-5be9-4fb3-9a54-915a1db7f8e0.1701768665670 Timestamp=2023-12-05T10:31:05:671+0100 ThreadID=8136 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=0d382b8f-5be9-4fb3-9a54-915a1db7f8e0.1701768665670 Timestamp=2023-12-05T10:31:05:672+0100 ThreadID=8136 Component=ngl-lib_NglAppLib Description="SetConf

          C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):29845
          Entropy (8bit):5.393765940568845
          Encrypted:false
          SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbG:a
          MD5:3D9C92DEDF9600257EE09EFA1C6CD636
          SHA1:69C579BA0AFF267990860112DCE0664FCA01BBFC
          SHA-256:6FEC9761CE2BDD99758D8192196A97C3B312B6BA55B9287DD4509352AF55B02F
          SHA-512:3C748D3535B4D359AE4054ABA492344039FFA4144675A3285422B52414AB03D25881E705C30F2EB703E8D0426EEAB5635BD03967E1D568D0BF0C66D0AC9C8523
          Malicious:false
          Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

          C:\Users\user\AppData\Local\Temp\acrocef_low\39873300-57dd-4c3d-86f1-96087485b4ba.tmp

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
          Category:dropped
          Size (bytes):758601
          Entropy (8bit):7.98639316555857
          Encrypted:false
          SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
          MD5:3A49135134665364308390AC398006F1
          SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
          SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
          SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
          Malicious:false
          Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

          C:\Users\user\AppData\Local\Temp\acrocef_low\4c6fcbd2-8469-4ca8-ab3c-e0d700c7d2cf.tmp

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
          Category:dropped
          Size (bytes):386528
          Entropy (8bit):7.9736851559892425
          Encrypted:false
          SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
          MD5:5C48B0AD2FEF800949466AE872E1F1E2
          SHA1:337D617AE142815EDDACB48484628C1F16692A2F
          SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
          SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
          Malicious:false
          Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

          C:\Users\user\AppData\Local\Temp\acrocef_low\50f0ccee-175f-46f8-b05a-04abf69de889.tmp

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
          Category:dropped
          Size (bytes):1419751
          Entropy (8bit):7.976496077007677
          Encrypted:false
          SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
          MD5:18E3D04537AF72FDBEB3760B2D10C80E
          SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
          SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
          SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
          Malicious:false
          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

          C:\Users\user\AppData\Local\Temp\acrocef_low\a4ed5a60-3324-4215-8239-84475c6ed97f.tmp

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
          Category:dropped
          Size (bytes):1407294
          Entropy (8bit):7.97605879016224
          Encrypted:false
          SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
          MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
          SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
          SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
          SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
          Malicious:false
          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

          Static File Info

          General

          File type:PDF document, version 1.3, 1 pages
          Entropy (8bit):7.819394591970365
          TrID:
          • Adobe Portable Document Format (5005/1) 100.00%
          File name:Sommatiebrief.pdf
          File size:962'628 bytes
          MD5:ab19b8aa82b1c8503395e381a0c345e9
          SHA1:33fafd1e7ef7b93f59a04ab67fa2da32d0bb3bd1
          SHA256:49c602e685f23245ea9d5482fa3a1c9521a13d5eaf478bdccc55f41e3c7290a8
          SHA512:290a15e3950ec2fb9a324ac37036fb57c41bf2c287a154cafc5460dde232bcd10ca09963f56a3378048ef4e6a9cb7dd4b8772bd8a312056158117d0b844100d6
          SSDEEP:24576:EA+kP9lF+c6l9zhZPqYN9NygKf1cLIDEQv8vEtqgZ:bllF+rqeytCLIAQIAP
          TLSH:02252347F4979661690A3E5FAEAE3D09CD40B6FB54B8C878322D5CC2E3D15CB3B25062
          File Content Preview:%PDF-1.3 .1 0 obj.<<./Pages 2 0 R./Type /Catalog.>>.endobj.2 0 obj.<<./Type /Pages./Kids [ 3 0 R ]./Count 1.>>.endobj.3 0 obj.<<./Type /Page./Parent 2 0 R./Resources <<./XObject << /Im1 8 0 R >>./ProcSet 6 0 R >>./MediaBox [0 0 595.44 842.16]./CropBox [0

          File Icon

          Icon Hash:62cc8caeb29e8ae0

          Static PDF Info

          General

          Header:%PDF-1.3
          Total Entropy:7.819395
          Total Bytes:962628
          Stream Entropy:7.818656
          Stream Bytes:960591
          Entropy outside Streams:4.726869
          Bytes outside Streams:2037
          Number of EOF found:1
          Bytes after EOF:
          NameCount
          obj17
          endobj17
          stream3
          endstream3
          xref1
          trailer1
          startxref1
          /Page1
          /Encrypt0
          /ObjStm0
          /URI0
          /JS0
          /JavaScript0
          /AA0
          /OpenAction0
          /AcroForm0
          /JBIG2Decode0
          /RichMedia0
          /Launch0
          /EmbeddedFile0
          IDDHASHMD5Preview
          8c4763f631b56a30ba8d8e401605cfedbff58b4dc2c3f6197

          Network Behavior

          Download Network PCAP: filteredfull

          TimestampSource PortDest PortSource IPDest IP
          Dec 5, 2023 10:31:16.321209908 CET49715443192.168.2.523.202.152.182
          Dec 5, 2023 10:31:16.321238995 CET4434971523.202.152.182192.168.2.5
          Dec 5, 2023 10:31:16.321336985 CET49715443192.168.2.523.202.152.182
          Dec 5, 2023 10:31:16.321496964 CET49715443192.168.2.523.202.152.182
          Dec 5, 2023 10:31:16.321508884 CET4434971523.202.152.182192.168.2.5
          Dec 5, 2023 10:31:16.619256020 CET4434971523.202.152.182192.168.2.5
          Dec 5, 2023 10:31:16.619748116 CET49715443192.168.2.523.202.152.182
          Dec 5, 2023 10:31:16.619771004 CET4434971523.202.152.182192.168.2.5
          Dec 5, 2023 10:31:16.620754957 CET4434971523.202.152.182192.168.2.5
          Dec 5, 2023 10:31:16.620858908 CET49715443192.168.2.523.202.152.182
          Dec 5, 2023 10:31:16.622958899 CET49715443192.168.2.523.202.152.182
          Dec 5, 2023 10:31:16.623096943 CET4434971523.202.152.182192.168.2.5
          Dec 5, 2023 10:31:16.623495102 CET49715443192.168.2.523.202.152.182
          Dec 5, 2023 10:31:16.623503923 CET4434971523.202.152.182192.168.2.5
          Dec 5, 2023 10:31:16.676429033 CET49715443192.168.2.523.202.152.182
          Dec 5, 2023 10:31:16.726485968 CET4434971523.202.152.182192.168.2.5
          Dec 5, 2023 10:31:16.726691008 CET4434971523.202.152.182192.168.2.5
          Dec 5, 2023 10:31:16.726763010 CET49715443192.168.2.523.202.152.182
          Dec 5, 2023 10:31:16.727217913 CET49715443192.168.2.523.202.152.182
          Dec 5, 2023 10:31:16.727230072 CET4434971523.202.152.182192.168.2.5
          Dec 5, 2023 10:31:16.727247000 CET49715443192.168.2.523.202.152.182
          Dec 5, 2023 10:31:16.727288961 CET49715443192.168.2.523.202.152.182

          HTTP Request Dependency Graph

          • armmf.adobe.com

          HTTPS Proxied Packets

          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
          0192.168.2.54971523.202.152.1824437588C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          TimestampBytes transferredDirectionData
          2023-12-05 09:31:16 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
          Host: armmf.adobe.com
          Connection: keep-alive
          Accept-Language: en-US,en;q=0.9
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
          Sec-Fetch-Site: same-origin
          Sec-Fetch-Mode: no-cors
          Sec-Fetch-Dest: empty
          Accept-Encoding: gzip, deflate, br
          If-None-Match: "78-5faa31cce96da"
          If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
          2023-12-05 09:31:16 UTC198INData Raw: 48 54 54 50 2f 31 2e 31 20 33 30 34 20 4e 6f 74 20 4d 6f 64 69 66 69 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4d 61 79 20 32 30 32 33 20 31 35 3a 30 32 3a 33 33 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 37 38 2d 35 66 61 61 33 31 63 63 65 39 36 64 61 22 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 30 35 20 44 65 63 20 32 30 32 33 20 30 39 3a 33 31 3a 31 36 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a
          Data Ascii: HTTP/1.1 304 Not ModifiedContent-Type: text/plain; charset=UTF-8Last-Modified: Mon, 01 May 2023 15:02:33 GMTETag: "78-5faa31cce96da"Date: Tue, 05 Dec 2023 09:31:16 GMTConnection: close


          Statistics

          CPU Usage

          050100s020406080100

          Click to jump to process

          Memory Usage

          050100s0.00204060MB

          Click to jump to process

          High Level Behavior Distribution

          • File
          • Registry

          Click to dive into process behavior distribution

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:10:31:02
          Start date:05/12/2023
          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          Wow64 process (32bit):false
          Commandline:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Sommatiebrief.pdf
          Imagebase:0x7ff686a00000
          File size:5'641'176 bytes
          MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:moderate
          Has exited:true
          Show Windows behavior

          File Activities

          Show Windows behavior

          Section Activities

          Show Windows behavior

          Registry Activities

          Show Windows behavior

          COM Activities

          Show Windows behavior

          Mutex Activities

          Show Windows behavior

          Process Activities

          Show Windows behavior

          Thread Activities

          Show Windows behavior

          Memory Activities

          Show Windows behavior

          System Activities

          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          Show Windows behavior

          Windows UI Activities

          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

          General

          Target ID:2
          Start time:10:31:03
          Start date:05/12/2023
          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
          Imagebase:0x7ff6413e0000
          File size:3'581'912 bytes
          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:moderate
          Has exited:true
          Show Windows behavior

          File Activities

          Show Windows behavior

          Section Activities

          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          Show Windows behavior

          Mutex Activities

          Show Windows behavior

          Process Activities

          Show Windows behavior

          Thread Activities

          Show Windows behavior

          Memory Activities

          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          Show Windows behavior

          Process Token Activities

          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

          General

          Target ID:4
          Start time:10:31:03
          Start date:05/12/2023
          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          Wow64 process (32bit):false
          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1636,i,10912911403685677101,208638167770011629,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
          Imagebase:0x7ff6413e0000
          File size:3'581'912 bytes
          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:moderate
          Has exited:true
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          Show Windows behavior

          Section Activities

          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          Show Windows behavior

          Process Activities

          Show Windows behavior

          Thread Activities

          Show Windows behavior

          Memory Activities

          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

          Disassembly

          No disassembly