Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
campaign_logo.pdf

Overview

General Information

Sample name:campaign_logo.pdf
Analysis ID:1372386
MD5:24d156b71e1add8bc779807a45bd1047
SHA1:3af7218d6e57fbb6e6ce5579673b53eea6cb647f
SHA256:e417bdc6c13b96da8f6e8ed5a89657c6b6d22b00f8dcb1d286f8ae7a0d20cef7
Infos:

Detection

Metasploit, PDF Dropper
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Metasploit Payload
Yara detected PDF Dropper
Machine Learning detection for dropped file
Machine Learning detection for sample
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
PDF has an OpenAction (likely to launch a dropper script)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7488 cmdline: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\campaign_logo.pdf MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 1460 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 5932 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1624,i,6554754954404385274,11329708453254728665,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
campaign_logo.pdfJoeSecurity_PDFDropperYara detected PDF DropperJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\Downloads\template.pdfJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
      C:\Users\user\Downloads\template.pdfJoeSecurity_MetasploitPayloadYara detected Metasploit PayloadJoe Security
        C:\Users\user\Downloads\template.pdfWindows_Trojan_Metasploit_a6e956c9Identifies the API address lookup function leverage by metasploit shellcodeunknown
        • 0x9ada:$a1: 60 89 E5 31 C0 64 8B 50 30 8B 52 0C 8B 52 14 8B 72 28 0F B7 4A 26 31 FF AC 3C 61 7C 02 2C 20
        C:\Users\user\Downloads\template.pdfWindows_Trojan_Metasploit_4a1c4da8Identifies Metasploit 64 bit reverse tcp shellcode.unknown
        • 0x9b9f:$a: 6A 10 56 57 68 99 A5 74 61 FF D5 85 C0 74 0A FF 4E 08
        C:\Users\user\Downloads\template.pdfMsfpayloads_msf_10Metasploit Payloads - file msf.exeFlorian Roth
        • 0x9ae5:$s1: 0C 8B 52 14 8B 72 28 0F B7 4A 26 31 FF AC 3C 61
        • 0x9b27:$s2: 01 C7 38 E0 75 F6 03 7D F8 3B 7D 24 75 E4 58 8B
        • 0x9b47:$s3: 01 D0 89 44 24 24 5B 5B 61 59 5A 51 FF E0 5F 5F

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: campaign_logo.pdfAvira: detected
        Antivirus detection for dropped file
        Source: C:\Users\user\Downloads\template.pdfAvira: detection malicious, Label: TR/Patched.Gen2
        Multi AV Scanner detection for dropped file
        Source: C:\Users\user\Downloads\template.pdfReversingLabs: Detection: 96%
        Source: C:\Users\user\Downloads\template.pdfVirustotal: Detection: 82%Perma Link
        Multi AV Scanner detection for submitted file
        Source: campaign_logo.pdfReversingLabs: Detection: 76%
        Source: campaign_logo.pdfVirustotal: Detection: 73%Perma Link
        Machine Learning detection for dropped file
        Source: C:\Users\user\Downloads\template.pdfJoe Sandbox ML: detected
        Machine Learning detection for sample
        Source: campaign_logo.pdfJoe Sandbox ML: detected
        Source: Binary string: C:\local0\asf\release\build-2.2.14\support\Release\ab.pdb source: template.pdf.3.dr
        Source: template.pdf.3.drString found in binary or memory: http://www.apache.org/
        Source: template.pdf.3.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
        Source: template.pdf.3.drString found in binary or memory: http://www.zeustech.net/
        Source: ReaderMessages.3.drString found in binary or memory: https://www.adobe.co

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: C:\Users\user\Downloads\template.pdf, type: DROPPEDMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
        Source: C:\Users\user\Downloads\template.pdf, type: DROPPEDMatched rule: Identifies Metasploit 64 bit reverse tcp shellcode. Author: unknown
        Source: C:\Users\user\Downloads\template.pdf, type: DROPPEDMatched rule: Metasploit Payloads - file msf.exe Author: Florian Roth
        Source: C:\Users\user\Downloads\template.pdf, type: DROPPEDMatched rule: Windows_Trojan_Metasploit_a6e956c9 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 21855599bc51ec2f71d694d4e0f866f815efe54a42842dfe5f8857811530a686, id = a6e956c9-799e-49f9-b5c5-ac68aaa2dc21, last_modified = 2021-08-23
        Source: C:\Users\user\Downloads\template.pdf, type: DROPPEDMatched rule: Windows_Trojan_Metasploit_4a1c4da8 reference_sample = 9582d37ed9de522472abe615dedef69282a40cfd58185813c1215249c24bbf22, os = windows, severity = x86, description = Identifies Metasploit 64 bit reverse tcp shellcode., creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 7a31ce858215f0a8732ce6314bfdbc3975f1321e3f87d7f4dc5a525f15766987, id = 4a1c4da8-837d-4ad1-a672-ddb8ba074936, last_modified = 2021-08-23
        Source: C:\Users\user\Downloads\template.pdf, type: DROPPEDMatched rule: Msfpayloads_msf_10 date = 2017-02-09, hash1 = 3cd74fa28323c0d64f45507675ac08fb09bae4dd6b7e11f2832a4fbc70bb7082, author = Florian Roth, description = Metasploit Payloads - file msf.exe, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: template.pdf.3.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: classification engineClassification label: mal100.troj.winPDF@14/47@0/0
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7624Jump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-01-10 15-31-48-229.logJump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
        Source: campaign_logo.pdfReversingLabs: Detection: 76%
        Source: campaign_logo.pdfVirustotal: Detection: 73%
        Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\campaign_logo.pdf
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1624,i,6554754954404385274,11329708453254728665,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1624,i,6554754954404385274,11329708453254728665,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: C:\Windows\SYSTEM32\MsftEdit.dllJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeWindow detected: Number of UI elements: 14
        Source: Binary string: C:\local0\asf\release\build-2.2.14\support\Release\ab.pdb source: template.pdf.3.dr
        Source: campaign_logo.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
        Source: campaign_logo.pdfInitial sample: PDF keyword /OpenAction
        Source: initial sampleStatic PE information: section name: .text entropy: 7.013561537390786
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\Downloads\template.pdfJump to dropped file
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\Downloads\template.pdfJump to dropped file
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeDropped PE file which has not been started: C:\Users\user\Downloads\template.pdfJump to dropped file

        Stealing of Sensitive Information

        barindex
        Yara detected PDF Dropper
        Source: Yara matchFile source: campaign_logo.pdf, type: SAMPLE

        Remote Access Functionality

        barindex
        Yara detected Metasploit Payload
        Source: Yara matchFile source: C:\Users\user\Downloads\template.pdf, type: DROPPED
        Yara detected PDF Dropper
        Source: Yara matchFile source: campaign_logo.pdf, type: SAMPLE

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
        Valid AccountsWindows Management InstrumentationPath Interception1
        Process Injection        		11
        Masquerading        		OS Credential Dumping1
        Security Software Discovery        		Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
        Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
        Software Packing        		LSASS Memory1
        File and Directory Discovery        		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataSIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
        Domain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        Process Injection        		Security Account Manager1
        System Information Discovery        		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyData Encrypted for ImpactDNS ServerEmail Addresses
        Local AccountsCronLogin HookLogin Hook1
        Obfuscated Files or Information        		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureTraffic DuplicationProtocol ImpersonationData DestructionVirtual Private ServerEmployee Names

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 1372386 Sample: campaign_logo.pdf Startdate: 10/01/2024 Architecture: WINDOWS Score: 100 16 Malicious sample detected (through community Yara rule) 2->16 18 Antivirus detection for dropped file 2->18 20 Antivirus / Scanner detection for submitted sample 2->20 22 6 other signatures 2->22 7 Acrobat.exe 76 95 2->7         started        process3 file4 14 C:\Users\user\Downloads\template.pdf, PE32 7->14 dropped 10 AcroCEF.exe 72 7->10         started        process5 process6 12 AcroCEF.exe 4 10->12         started       

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        campaign_logo.pdf76%ReversingLabsWin32.Trojan.Swrort
        campaign_logo.pdf74%VirustotalBrowse
        campaign_logo.pdf100%AviraTR/Patched.Gen2
        campaign_logo.pdf100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\Downloads\template.pdf100%AviraTR/Patched.Gen2
        C:\Users\user\Downloads\template.pdf100%Joe Sandbox ML
        C:\Users\user\Downloads\template.pdf97%ReversingLabsWin32.Trojan.Swrort
        C:\Users\user\Downloads\template.pdf83%VirustotalBrowse

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://www.adobe.co0%URL Reputationsafe
        http://www.zeustech.net/0%Avira URL Cloudsafe
        http://www.zeustech.net/1%VirustotalBrowse

        Domains and IPs

        Contacted Domains

        No contacted domains info

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://www.apache.org/licenses/LICENSE-2.0template.pdf.3.drfalse
          		high
          https://www.adobe.coReaderMessages.3.drfalse
          • URL Reputation: safe
          		unknown
          http://www.apache.org/template.pdf.3.drfalse
            		high
            http://www.zeustech.net/template.pdf.3.drfalse
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            No contacted IP infos

            General Information

            Joe Sandbox version:38.0.0 Ammolite
            Analysis ID:1372386
            Start date and time:2024-01-10 13:39:41 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 4m 14s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowspdfcookbook.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:20
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:campaign_logo.pdf
            Detection:MAL
            Classification:mal100.troj.winPDF@14/47@0/0
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 0
            • Number of non-executed functions: 0
            Cookbook Comments:
            • Found application associated with file extension: .pdf
            • Found PDF document
            • Close Viewer

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, MoUsoCoreWorker.exe, backgroundTaskHost.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 23.56.12.145, 23.50.124.134, 23.222.5.150, 23.222.5.153, 23.222.5.133, 23.222.5.139, 23.222.5.149, 23.222.5.134, 23.222.5.132, 23.222.5.137, 23.222.5.152, 52.22.41.97, 3.233.129.217, 52.6.155.20, 3.219.243.226, 172.64.41.3, 162.159.61.3, 23.40.62.83, 23.40.62.64, 23.205.104.19, 23.205.104.34
            • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, time.windows.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
            • Not all processes where analyzed, report is missing behavior information

            Simulations

            Behavior and APIs

            TimeTypeDescription
            15:31:39API Interceptor68x Sleep call for process: Acrobat.exe modified

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):300
            Entropy (8bit):5.196934511669856
            Encrypted:false
            SSDEEP:6:Ht0f+q2PcNwi2nKuAl9OmbnIFUt8+qEWZmw++dU2VkwOcNwi2nKuAl9OmbjLJ:Ht4+vLZHAahFUt8+qEW/++dU2V54ZHAR
            MD5:4B005859A173FE51D7D1B738500AB501
            SHA1:DAB643068A2C827182F334699C0EFBB8C1EFB0CD
            SHA-256:2890E594CB207BCCAF6FBDB418317E6A424FEFA2B39574D7EC06D4D33AA9C719
            SHA-512:27857A2CF898DE0A275C56E9F3F216AC7D86EFC5403DB3BFD4AF2C8C3D1933A39604723A125CC8553E2BA32ED99D2EEB7B0EF02100F6EE03F961A199E6C9C905
            Malicious:false
            Reputation:low
            Preview:2024/01/10-15:31:47.739 17ec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/01/10-15:31:47.740 17ec Recovering log #3.2024/01/10-15:31:47.741 17ec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):300
            Entropy (8bit):5.196934511669856
            Encrypted:false
            SSDEEP:6:Ht0f+q2PcNwi2nKuAl9OmbnIFUt8+qEWZmw++dU2VkwOcNwi2nKuAl9OmbjLJ:Ht4+vLZHAahFUt8+qEW/++dU2V54ZHAR
            MD5:4B005859A173FE51D7D1B738500AB501
            SHA1:DAB643068A2C827182F334699C0EFBB8C1EFB0CD
            SHA-256:2890E594CB207BCCAF6FBDB418317E6A424FEFA2B39574D7EC06D4D33AA9C719
            SHA-512:27857A2CF898DE0A275C56E9F3F216AC7D86EFC5403DB3BFD4AF2C8C3D1933A39604723A125CC8553E2BA32ED99D2EEB7B0EF02100F6EE03F961A199E6C9C905
            Malicious:false
            Reputation:low
            Preview:2024/01/10-15:31:47.739 17ec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/01/10-15:31:47.740 17ec Recovering log #3.2024/01/10-15:31:47.741 17ec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):344
            Entropy (8bit):5.226236245363127
            Encrypted:false
            SSDEEP:6:HrOVq2PcNwi2nKuAl9Ombzo2jMGIFUt8+MgZmw++6nIkwOcNwi2nKuAl9Ombzo23:HrOVvLZHAa8uFUt8+Mg/++CI54ZHAa8z
            MD5:431F10BCBC1D2A6BCC0D2791B5F2039E
            SHA1:7E8C4930509333BCD8159ECBB74FFF5AF27E85C2
            SHA-256:4597633DAEF8A46968E1AACBA1C1769D648F72F57E8311DF1C068F482794FCC6
            SHA-512:7B430F71504D8722D0ED6D51BD85D856EB0FE84D4E0DFFCE33F6B2353CF6640A8E7C169D92A3FB23E7436C408536E60F06D1ED39221A7B310A75E0E9949BEC13
            Malicious:false
            Reputation:low
            Preview:2024/01/10-15:31:47.807 16d4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/01/10-15:31:47.809 16d4 Recovering log #3.2024/01/10-15:31:47.810 16d4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):344
            Entropy (8bit):5.226236245363127
            Encrypted:false
            SSDEEP:6:HrOVq2PcNwi2nKuAl9Ombzo2jMGIFUt8+MgZmw++6nIkwOcNwi2nKuAl9Ombzo23:HrOVvLZHAa8uFUt8+Mg/++CI54ZHAa8z
            MD5:431F10BCBC1D2A6BCC0D2791B5F2039E
            SHA1:7E8C4930509333BCD8159ECBB74FFF5AF27E85C2
            SHA-256:4597633DAEF8A46968E1AACBA1C1769D648F72F57E8311DF1C068F482794FCC6
            SHA-512:7B430F71504D8722D0ED6D51BD85D856EB0FE84D4E0DFFCE33F6B2353CF6640A8E7C169D92A3FB23E7436C408536E60F06D1ED39221A7B310A75E0E9949BEC13
            Malicious:false
            Reputation:low
            Preview:2024/01/10-15:31:47.807 16d4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/01/10-15:31:47.809 16d4 Recovering log #3.2024/01/10-15:31:47.810 16d4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):475
            Entropy (8bit):4.969814904260269
            Encrypted:false
            SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
            MD5:7BE9C8316EB1B7252CB363207744A145
            SHA1:57861355BE6541501AED40F896891579DCF473BF
            SHA-256:B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
            SHA-512:2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
            Malicious:false
            Reputation:low
            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\ee836c38-45ef-42d5-ba5c-63eb9fbd5955.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:JSON data
            Category:modified
            Size (bytes):475
            Entropy (8bit):4.969814904260269
            Encrypted:false
            SSDEEP:12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
            MD5:7BE9C8316EB1B7252CB363207744A145
            SHA1:57861355BE6541501AED40F896891579DCF473BF
            SHA-256:B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
            SHA-512:2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
            Malicious:false
            Reputation:low
            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:dropped
            Size (bytes):4099
            Entropy (8bit):5.240546600148309
            Encrypted:false
            SSDEEP:96:CwNwpDGHqPySfkcr2smSX8I2OQCDh28wDtPbtxF:CwNw1GHqPySfkcigoO3h28ytPbtxF
            MD5:BC176104B05C812302722614AB627F89
            SHA1:35A6D617BCB5392F417C3C9C2C3C33890CAE233A
            SHA-256:B977EF71EFABF17918CEBD00E945E3E260078A8154DADB2EC88A64D2C9DC8C8F
            SHA-512:32205318EAEB89E8C085B98C1537F17C253426677BF4144A1C871B2B6E1A2D25F86D9202C6CFFB84EBA788CCDBE61C47B2322F5B0748AA24FB0FA7A31B152238
            Malicious:false
            Preview:*...#................version.1..namespace-.aw.o................next-map-id.1.Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.0I.$.r................next-map-id.2.Snamespace-9a9aa6d6_c307_4dda_b6c0_dc91084c8e68-https://rna-v2-resource.acrobat.com/.1!...r................next-map-id.3.Snamespace-1fbd9dc5_70a3_4975_91b4_966e0915c27a-https://rna-v2-resource.acrobat.com/.2..N.o................next-map-id.4.Pnamespace-0e0aed8d_6d6f_4be0_b28f_8e02158bc792-https://rna-resource.acrobat.com/.3*.z.o................next-map-id.5.Pnamespace-52652c26_09c2_43f2_adf7_da56a1f00d32-https://rna-resource.acrobat.com/.4.{.^...............Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.C..r................next-map-id.6.Snamespace-3a89c6b0_72b9_411a_9e44_fa247f34ac91-https://rna-v2-resource.acrobat.com/.5.q._r................next-map-id.7.Snamespace-02b23955_9103_42e0_ba64_3f8683969652-https://rna-v2-resource.acrobat.com/.6..d.o..............

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):332
            Entropy (8bit):5.242667315277696
            Encrypted:false
            SSDEEP:6:HynVq2PcNwi2nKuAl9OmbzNMxIFUt8+ym0gZmw++yNB0IkwOcNwi2nKuAl9OmbzE:HoVvLZHAa8jFUt8+10g/++40I54ZHAab
            MD5:581719FA47009F883FAFC6D95FED41EC
            SHA1:E86F5A1DF4B0C3BD7B041DFCD5FAAFC8F525235D
            SHA-256:1D36379E54579DF33ADA73864B2AFDBBDE5F6EC414CFF51D0371F2124D5D8CF4
            SHA-512:7F2249BB32D33A2A16409C3373EE5E8EBA3430F3A33112D8E72573AA77E1D8095D1430D1B7129477A777DB047764274C92C993C171D241CC9AB62B11A004A676
            Malicious:false
            Preview:2024/01/10-15:31:48.176 16d4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/01/10-15:31:48.178 16d4 Recovering log #3.2024/01/10-15:31:48.179 16d4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):332
            Entropy (8bit):5.242667315277696
            Encrypted:false
            SSDEEP:6:HynVq2PcNwi2nKuAl9OmbzNMxIFUt8+ym0gZmw++yNB0IkwOcNwi2nKuAl9OmbzE:HoVvLZHAa8jFUt8+10g/++40I54ZHAab
            MD5:581719FA47009F883FAFC6D95FED41EC
            SHA1:E86F5A1DF4B0C3BD7B041DFCD5FAAFC8F525235D
            SHA-256:1D36379E54579DF33ADA73864B2AFDBBDE5F6EC414CFF51D0371F2124D5D8CF4
            SHA-512:7F2249BB32D33A2A16409C3373EE5E8EBA3430F3A33112D8E72573AA77E1D8095D1430D1B7129477A777DB047764274C92C993C171D241CC9AB62B11A004A676
            Malicious:false
            Preview:2024/01/10-15:31:48.176 16d4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/01/10-15:31:48.178 16d4 Recovering log #3.2024/01/10-15:31:48.179 16d4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240110143150Z-3184.bmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PC bitmap, Windows 3.x format, 143 x -152 x 32, cbSize 86998, bits offset 54
            Category:dropped
            Size (bytes):86998
            Entropy (8bit):0.007994691580567568
            Encrypted:false
            SSDEEP:3:5Eml/nasxRj:5Vl/Jj
            MD5:6FE0519CA02CF92B04AC967270CA27F8
            SHA1:1B25B8AA8D5B36CD7888FEDC2BA74F29F5BB3150
            SHA-256:601BAF7F82A563C87F5921968048CCDB9D87F8F0D163E7F1F7236B51E26C4CB6
            SHA-512:59C66A62F60853F4CEE44B5A1B3148B09A26785A6C256A40809C859C3CE5D993F81363EE8F2CC48545C441C92E4DF2D7C9A14AA742C9232AA5C171BA48BE6968
            Malicious:false
            Preview:BM.S......6...(.......h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
            Category:dropped
            Size (bytes):86016
            Entropy (8bit):4.438717881481503
            Encrypted:false
            SSDEEP:384:yeaci5G+iBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:1WurVgazUpUTTGt
            MD5:1AE2FEE964547934B92CF110888451A1
            SHA1:E90C3EE44F131237327355F81CDA1581B3408F43
            SHA-256:047E86B81DD9072652A4AD887A9AD1BFE16CC1E59C8E801772FF0864B5D39509
            SHA-512:EACDDD9C427857DF08F4A90BC70F9E2892CED0DD623BB174DC8A5F1B5AEF5D034273B3EDEBAAE2A0D6729AAAC494E6BBA0D4AA86B4F5EF2634397E809FB9D8CE
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite Rollback Journal
            Category:dropped
            Size (bytes):8720
            Entropy (8bit):3.775656341843852
            Encrypted:false
            SSDEEP:48:7Mfp/E2ioyVKioy3DoWoy1CABoy1mKOioy1noy1AYoy1Wioy1hioybioysoy1noC:78pjuK0iA6XKQFtb9IVXEBodRBkT
            MD5:B2A72FE4F800956B8164FDF1E7FE196D
            SHA1:0FD665C1B6F21963342DE60D35C4EAABF1DC233C
            SHA-256:50AEE5DF3D8D3961EC11E045DC0B96570C3CD8D3495C5871D97135D4D7B6AEF6
            SHA-512:76F5CAE58A0CF50EED793B8D1703A772173CF43E7AE3E7D0037C683EC1193946BA18172AEE5F6A86128737515084EB540955AF0756E64D2C0423D643B0004108
            Malicious:false
            Preview:.... .c........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PostScript document text
            Category:dropped
            Size (bytes):1233
            Entropy (8bit):5.233980037532449
            Encrypted:false
            SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
            MD5:8BA9D8BEBA42C23A5DB405994B54903F
            SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
            SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
            SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
            Malicious:false
            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7624

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PostScript document text
            Category:dropped
            Size (bytes):1233
            Entropy (8bit):5.233980037532449
            Encrypted:false
            SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
            MD5:8BA9D8BEBA42C23A5DB405994B54903F
            SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
            SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
            SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
            Malicious:false
            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PostScript document text
            Category:dropped
            Size (bytes):1233
            Entropy (8bit):5.233980037532449
            Encrypted:false
            SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
            MD5:8BA9D8BEBA42C23A5DB405994B54903F
            SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
            SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
            SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
            Malicious:false
            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PostScript document text
            Category:dropped
            Size (bytes):10880
            Entropy (8bit):5.214360287289079
            Encrypted:false
            SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
            MD5:B60EE534029885BD6DECA42D1263BDC0
            SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
            SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
            SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
            Malicious:false
            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7624

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PostScript document text
            Category:dropped
            Size (bytes):10880
            Entropy (8bit):5.214360287289079
            Encrypted:false
            SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
            MD5:B60EE534029885BD6DECA42D1263BDC0
            SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
            SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
            SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
            Malicious:false
            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):295
            Entropy (8bit):5.360864804688212
            Encrypted:false
            SSDEEP:6:YEQXJ2HX2YWGWsGiIPEeOF0YTQIqoAvJM3g98kUwPeUkwRe9:YvXKX6BsdTeOztGMbLUkee9
            MD5:17472CC50330C66459F93A25214A44E0
            SHA1:6A795A3E49E57DEF97DC08E20AAE5BF4E757C395
            SHA-256:B79163BA49875B5B0639C56D0C4D17EE55F5887AD000272EDD182562853D6DA4
            SHA-512:E54E0B7215868A76B419282E7C61F432F69CB610D0C5CDC6668D806764EEAFE7ED895913425820CDB5EC3E5FF741A47D12263DEED2A3095699A01F07A73BC003
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"3c92dd62-fdcc-482e-a32e-f06e47262952","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1705066929435,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):294
            Entropy (8bit):5.294463507043883
            Encrypted:false
            SSDEEP:6:YEQXJ2HX2YWGWsGiIPEeOF0YTQIqoAvJfBoTfXpnrPeUkwRe9:YvXKX6BsdTeOztGWTfXcUkee9
            MD5:AC3CB04A884B4D28DAF645ECCA5E3A39
            SHA1:D0A39318653A48A9E0F468915E91215D0BEDEE1D
            SHA-256:800A2F6CF1E4AD430921AE3F09012772FA130DDC05E1920FEBB6457C3AD5D465
            SHA-512:05A04FC90D5080CDA9FD6003830270BA48505A98AB4EA5D0FBF3B023145F23F9A3AAC09FD95D6D5D6899A47AD3DBDF80A4E00B3EC0D3D9095787875FAB285143
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"3c92dd62-fdcc-482e-a32e-f06e47262952","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1705066929435,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):294
            Entropy (8bit):5.272875180308744
            Encrypted:false
            SSDEEP:6:YEQXJ2HX2YWGWsGiIPEeOF0YTQIqoAvJfBD2G6UpnrPeUkwRe9:YvXKX6BsdTeOztGR22cUkee9
            MD5:0DB9BAA25B345C67E3A374DAB854058C
            SHA1:206955C16279EB14EF8339B6007B3C87DA46928A
            SHA-256:399C6EC3799CC11A9D709BAD47613AAA2897CAD0EBA500CF9B39EA4D3B463C98
            SHA-512:DE187971AD476648C2D95B1F8E2CCFD78A6D68F64D874BB3FA65A5761E85925BC07EC0D1C86A052DCC00FA71E1AB542B3C26D1DB5C49EE18518AC77703A3298F
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"3c92dd62-fdcc-482e-a32e-f06e47262952","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1705066929435,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):285
            Entropy (8bit):5.347655438312186
            Encrypted:false
            SSDEEP:6:YEQXJ2HX2YWGWsGiIPEeOF0YTQIqoAvJfPmwrPeUkwRe9:YvXKX6BsdTeOztGH56Ukee9
            MD5:37E545AA899BA56F1591D7E8969ED747
            SHA1:222DC968A9C594DAB03FEBA0A1F07D1025AFB7B9
            SHA-256:6E91AF9C3460757AFC93E72F9970FD279ADCF93DD1C37170FB534CC17ACA17A8
            SHA-512:8AC143437B739BA22F1CE80168A94FC17A88F8990D5C0F3E332CDBEFD1862B4C17FC48F50EFB8EC7D41F38F1743FCEEBF66451BEF493FB8B8B1A57C5C9DF2509
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"3c92dd62-fdcc-482e-a32e-f06e47262952","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1705066929435,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1255
            Entropy (8bit):5.694594287192929
            Encrypted:false
            SSDEEP:24:Yv6X6meOzSpLgEsv4ce3KnctSrymTBcu14wChluBks8ctq3HIy:YvAeFhgnvjRrNTB5OJhABks8c2Hb
            MD5:8AE6D6C635CF80228E7FD248B82CA5CF
            SHA1:49B8938EEE854B2349CA0F6DE4A093C60E66BA3C
            SHA-256:EA7003346E99BB53D1F94287716635E9BC75D163E26C9E4C7866EB9D89268544
            SHA-512:27E00C68193E2B15F3F9D6F0EECABB4B7518194B4A27C027EBD936F121CDDC6F36981C4E3414E0D7E76CB54E65F48098BF808A04081E6CFF4D2B9FF1973DF6B7
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"3c92dd62-fdcc-482e-a32e-f06e47262952","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1705066929435,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_0","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"f7fa0e9f-7d25-4321-b719-c501bbb8a162","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJDb252ZXJ0IGZpbGVzIHRvIGFuZCBmcm9tIFBERiBcbndpdGhvdXQgbGltaXRzLiIsImJhY2tncm91bmRfc3R5bGluZyI6eyJiYWNrZ3JvdW5k

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1250
            Entropy (8bit):5.70158385985028
            Encrypted:false
            SSDEEP:24:Yv6X6meOzUVLgEsy4c19ZrGmTBcu14wCh5rgos8ctq3HIy:YvAeJFgnyl9ZrBTB5OJhFgos8c2Hb
            MD5:006906BFC233789DAB8BA47EE98F78D9
            SHA1:C9A3CFC3CF18D3351A1FE42B5624A9E2F7F0476C
            SHA-256:01E6221F60E3DA904856F01C47CA533CD65425F41C86FC7D26043649F5418BFD
            SHA-512:CD3CC4F2E9DF410AFE770BFD682B5641147FB25EA5B97C224088D95AB8B985F4BF6A6C57D2163AAE7F16106671D9D749C7FBF2510C1512E8D03F31277689008D
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"3c92dd62-fdcc-482e-a32e-f06e47262952","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1705066929435,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_1","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"250f56c6-2d66-4fca-8033-eabbd2bc9951","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJDb252ZXJ0LCBlZGl0IGFuZCBlLXNpZ24gUERGXG4gZm9ybXMgJiBhZ3JlZW1lbnRzLiIsImJhY2tncm91bmRfc3R5bGluZyI6eyJiYWNrZ3JvdW5kX2Nvb

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):292
            Entropy (8bit):5.285011434797356
            Encrypted:false
            SSDEEP:6:YEQXJ2HX2YWGWsGiIPEeOF0YTQIqoAvJfQ1rPeUkwRe9:YvXKX6BsdTeOztGY16Ukee9
            MD5:A8A6E53626DF238AFA5568999AAB3289
            SHA1:6FA8118A73D312E3733C41C2DBA7EEA052530F22
            SHA-256:1AB313F0021EB2ED771FB3811474D69D32B8634F00242BAA21ACC2BCD93E57C5
            SHA-512:283B8990D2DADF8957A89C1B53C73DEF82245FBC3D35FDB73CFC04F19587C4E702A9AF4503FE396A64283904821ABA514A8F482E421344CE0EA2461BC4632515
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"3c92dd62-fdcc-482e-a32e-f06e47262952","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1705066929435,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1230
            Entropy (8bit):5.686299768721819
            Encrypted:false
            SSDEEP:24:Yv6X6meOz52LgEsk4ccVrhmTBcu14wChds8ctq3HIy:YvAe4ognkMVrYTB5OJhds8c2Hb
            MD5:228A7F6D35F2C89CC6FF4C709018DF30
            SHA1:2CDB2CD6100FDF8D9A7C04842FAB192F6967F36F
            SHA-256:764AC712FF2309076313D8EE4F13324B4F15B87EE6543F33003AD5C6A6E87CA4
            SHA-512:FE4CA138A1539162D8582AEA474C90044F90B51C3AEDF2C4463922451ACCFD89D77D533A822EE54E8C80046841001D62DD58AA051BFFBFCC03AC209636419074
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"3c92dd62-fdcc-482e-a32e-f06e47262952","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1705066929435,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_3","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"07caa165-20a7-4c5f-adf8-061ef3d98af3","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiIsImJhY2tncm91bmRfc3R5bGluZyI6eyJiYWNrZ3JvdW5kX2NvbG9yX2RhcmtfdGhlbWUiO

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1368
            Entropy (8bit):5.7477661171281245
            Encrypted:false
            SSDEEP:24:Yv6X6meOzJKLgEGcooZbq0jCaBrwJoZct5uWaHbX3HIy:YvAewEgNoNtlSJEc3uWaHbHHb
            MD5:CD9A6A8C2E4A2A61D22FDD384C4247D5
            SHA1:9C7CBB1C6FC4D3B28D4D949A8EDF318D750F76E3
            SHA-256:2752B816ABFA9D1C464629D6962B78F108769A62CAB79DF583C3B3C97B257741
            SHA-512:492C4AD49043AFAA58B8C5595A0B572DDE0EE65682171B37BD03AE591DB508304A45B548E99D6845F1260D2689D85A07226D4B15126EE980AA162CA7AE49D565
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"3c92dd62-fdcc-482e-a32e-f06e47262952","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1705066929435,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"70654_217714ActionBlock_0","campaignId":70654,"containerId":"1","controlGroupId":"","treatmentId":"692283b7-dc9d-4f79-9ee2-bccf324c2980","variationId":"217714"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNyIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTEiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBhbGwgUERGIGFuZCBlLXNpZ25pbmcgdG9vbHMuIiwiYmFja2d

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):289
            Entropy (8bit):5.288597689208805
            Encrypted:false
            SSDEEP:6:YEQXJ2HX2YWGWsGiIPEeOF0YTQIqoAvJfYdPeUkwRe9:YvXKX6BsdTeOztGg8Ukee9
            MD5:DA5C5FA0E08FE2A2DE2DC5B3E554761C
            SHA1:4FC0A850201146B3648D1119642CFF9D67024D32
            SHA-256:B5DB7F66A3902BF825984EB7F2AAD3C376F4F8F2E74FD9560672C7A7EC3F256E
            SHA-512:76D7BA73F50745B31458BA85781DC7A8B019D3957DA7C6A676FEC46FC5A470054F0263A5E5218A42A2DE918CE01DAEF29A69518EDE1BC48A10AD74857642B557
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"3c92dd62-fdcc-482e-a32e-f06e47262952","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1705066929435,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1395
            Entropy (8bit):5.773007382450446
            Encrypted:false
            SSDEEP:24:Yv6X6meOzkrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNHy:YvAe/HgDv3W2aYQfgB5OUupHrQ9FJg
            MD5:B5DC0D7503A00825A1B8740F3711BA37
            SHA1:08007E6976B6788B50752297395D614BD8C713A9
            SHA-256:78D942440BF8E421C729A26F7180CAE05A7279C4C4377EFF62B7C1560080E0B4
            SHA-512:7C973E0F70D647F6E27C9AED365CC4E3C1B9E052393E900A37D15CFBC5E39707D07FFE84915FEC2D31306798178E7D91859D1A684A6C0CA508CBA9A4B03F510C
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"3c92dd62-fdcc-482e-a32e-f06e47262952","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1705066929435,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):291
            Entropy (8bit):5.272223153279859
            Encrypted:false
            SSDEEP:6:YEQXJ2HX2YWGWsGiIPEeOF0YTQIqoAvJfbPtdPeUkwRe9:YvXKX6BsdTeOztGDV8Ukee9
            MD5:EE8C04C7D469940CA9232201CAA3A391
            SHA1:2EBF08197134EE71CE8D7C1EAAC530001158C9D4
            SHA-256:11329DBF6FFEB648EBAC10DA32FA12CFCA8365132A01BB4303AC777129AE56F7
            SHA-512:B86372620E094BA7533251741431DF4C7AD7FA054059510AB53451FC7F35EA985280B1D13CC9278C8F7768CD1785DC4B25877E9B5505BB3F3E98D47877A180DA
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"3c92dd62-fdcc-482e-a32e-f06e47262952","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1705066929435,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):287
            Entropy (8bit):5.276402400296016
            Encrypted:false
            SSDEEP:6:YEQXJ2HX2YWGWsGiIPEeOF0YTQIqoAvJf21rPeUkwRe9:YvXKX6BsdTeOztG+16Ukee9
            MD5:AFE6CDB04268AF04D8851784E060FFFF
            SHA1:A1189DBE6B9A719FE9C39B7C4F58AF2EF0BB6892
            SHA-256:D9B49E30F74066CC813D0D3D8741638C52CB39FFB284D239CED9B8439918B482
            SHA-512:4278308A52E25F75921CC32DDFB0B240CD4CE4E0F5F8029C396DDA30145A4C75BCCAAE6B8D8C0847B40DE38EE75AB6C615552B3C9CCE26BF68D8DA128CC39437
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"3c92dd62-fdcc-482e-a32e-f06e47262952","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1705066929435,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1250
            Entropy (8bit):5.715357232546676
            Encrypted:false
            SSDEEP:24:Yv6X6meOzOamXayLgEs54c3drNaHmTBcu14wChqx+plVCV9FJN3HIy:YvAexBgn5drpTB5OJhr9Q9FJ9Hb
            MD5:58E61FFE1D2BE519E7B81336DD4AF842
            SHA1:5E6F61D41FB411975305FFA541C5BBA702A965D1
            SHA-256:00BE84B25120A358A78183C4FEE4E9189455604960C6CBFE3797B0C21A30C2DB
            SHA-512:86E40DE86D4E555C301824FC9BFBD000AD753CD8605D68E402456FE0BC3C6F7A2470FD4FEE59A2BBBBF108E99B106064D10CD68AA8DEDE9F3C6F2DCFCDF2A830
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"3c92dd62-fdcc-482e-a32e-f06e47262952","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1705066929435,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_2","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"8deb148d-1a64-4e57-9648-e8bf939c598e","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJTZW5kIGRvY3VtZW50cyAmIGZvcm1zIFxuZm9yIGZhc3QgZS1zaWduaW5nIG9ubGluZS4iLCJiYWNrZ3JvdW5kX3N0eWxpbmciOnsiYmFja2dyb3VuZF9jb

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):4820
            Entropy (8bit):5.804744913847505
            Encrypted:false
            SSDEEP:48:YvAeTfgJ3zOepOskCBMHgEIGi6nOskSBMHoAVEIgbEIGg6OOLrBMHGOiwY6ao4Ek:GAEg9BxOTJrFhLwTrBr3wha0TzwZ
            MD5:43FECB7B2A5AA941D581CF5CF9B5F9C3
            SHA1:F50F7435B1D5981B08916F0779DFA7273FAA5F0C
            SHA-256:0C0610AD2F6927443CE7C31CFFB2748E86D430E2551177A935D6D75AC0C72ECA
            SHA-512:704C72ED35448DDD23A5D58ECBE1A24D8CE7381E20FB7E8FE73B63E422C7CA34FBE9066F580661470A1DBC1CE0D0E11DC022F11FDABE31255BBF831A936828AE
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"3c92dd62-fdcc-482e-a32e-f06e47262952","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1705066929435,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Upsell_Cards"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"72064_221944ActionBlock_0","campaignId":72064,"containerId":"1","controlGroupId":"","treatmentId":"83dddc30-630f-4453-88d4-0ad7df3c2714","variationId":"221944"},"containerId":1,"containerLabel":"JSON for DC Reader Upsell Cards","content":{"data":"eyJSZWRhY3RQREYiOnsiZGF0YVR5cGUiOiJ1cmwiLCJkYXRhIjp7ImxpZ2h0IjoiaHR0cHM6Ly9jdnMuYWRvYmUuY29tL2NvbnRlbnQvZGFtL2N2cy9hY3JvYmF0ZGVza3RvcC91cHNlbGxjYXJkcy9yZ3MwMjkyL3Y1L2luZGV4Lmh0bWw\/ZXhwZXJpZW5jZT1yZWRhY3R8ZW58MHxsaWdodCIsImRhcmsiOiJodHRwczovL2N2cy5hZG9iZS5jb20vY29udGVudC9kYW0vY3ZzL2Fjcm9iYXRkZXNrdG9wL3Vwc2VsbGNhcmRzL3JnczAyOTIvdjUvaW5kZXguaHRtbD9leHBlcmllbmNlPXJlZGFjdHxlbnwwfGRhcmsif

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):782
            Entropy (8bit):5.367360770886593
            Encrypted:false
            SSDEEP:12:YvXKX6BsdTeOztGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWry:Yv6X6meOzZ168CgEXX5kcIfANhIy
            MD5:E75720AC91A3E8B4FAA62AEFD3DA10CD
            SHA1:9812D4F0350FFA98A98F38B213070E9821EBC1D2
            SHA-256:FBFA8B36C225C14DCB0B7F3DE394779C4D98899220B39DB8445BD75C749364BB
            SHA-512:0046635573BD48EEC71B219BBA8920BF710D4D2DD6CF782F9984155BC1C89C0232396DA16F3CBF3FFEE590A40A7B26373B3CC9300DC5D53EB5CF29C897A14E88
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"3c92dd62-fdcc-482e-a32e-f06e47262952","sophiaUUID":"83ABFDB2-FC78-4BD3-A96C-A13541192F3B"},"encodingScheme":true,"expirationDTS":1705066929435,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1704890544465}}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:data
            Category:dropped
            Size (bytes):4
            Entropy (8bit):0.8112781244591328
            Encrypted:false
            SSDEEP:3:e:e
            MD5:DC84B0D741E5BEAE8070013ADDCC8C28
            SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
            SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
            SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
            Malicious:false
            Preview:....

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):2819
            Entropy (8bit):5.137717980198527
            Encrypted:false
            SSDEEP:48:YFc2BwDYXwICG7tXzi21GDmUlvEbpS2oEqYvIM6u+h9iw:V2uDYAI91Em88lScIMW/L
            MD5:DE6F928AC5BC323EA9E3CF0D66859B61
            SHA1:678A45E1654430F766CC7C42CD01A03E6F5931AC
            SHA-256:27E64A7161C706DCE58906A96498E456311A9327FFD2A9AC811F5DC9A0594FE7
            SHA-512:2F1354270742CBB6F326204BAB47192B4DF66A68CEE00F98EF6B09D54634EFDF552DDF92C2C5F9C4AD12925C2C78E534B3D46C935F52C39D7DF645E4B883DEFC
            Malicious:false
            Preview:{"all":[{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"943940bb9ca27e0c31151fe67eec9a96","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1368,"ts":1704897113000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"14ca618a16bb8789ce9d73ee825e13d6","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1704897113000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"b2a4738cf9ac28580cb63c73e87f06ad","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1704897113000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"0297627e55e79e3a7b5b3c95aba81aee","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1230,"ts":1704897113000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"888a0e861dae22f14211c0d1f75d1610","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1704897113000},{"id":"DC_Reader_Upsell_Cards","info":{"dg":"6e48c2971d0dd4c5c789cb42587f5d50","sid":"DC_Reader_Upsell_Cards"},"mimeType":"file","size":482

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
            Category:dropped
            Size (bytes):12288
            Entropy (8bit):1.451839830682454
            Encrypted:false
            SSDEEP:48:TGufl2GL7msCvrBd6dHtbGIbPe0K3+fDy2dsnlV:lNVmsw3SHtbDbPe0K3+fDZdU
            MD5:CBE2D15A08B4EEAA338BD2CDDACECEBB
            SHA1:D6C9F6AD18372C2D24411EA08B0CD7DB41C905D7
            SHA-256:A675B69ACC82E2608A7482A7AE5CE0100B468390C136961046FFE103E9CD73CF
            SHA-512:7AAA44E82760CCF42E638AB9DE5B76675E3EC6169A797C7A6337048EAD8EA41CFE58A6B7A081F6B9E722B93518365AE75077FB0EA083C430B278D6B0A5907416
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite Rollback Journal
            Category:dropped
            Size (bytes):8720
            Entropy (8bit):1.9561025430997596
            Encrypted:false
            SSDEEP:48:7MHYrvrBd6dHtbGIbPe0K3+fDy2ds+IqFl2GL7ms4:7p3SHtbDbPe0K3+fDZdUKVms4
            MD5:4C58899FEA097B2032AA6431191AE1DC
            SHA1:F4A6EA4014039F46A6B0470638D6F9755EBEA3C4
            SHA-256:6FC13BD2968251DB3A43A4973188328A33ABC92ABAD701AB72B898FED81DEF1D
            SHA-512:15EA81A02912C85E84DA772723BE45AA5230B5888DCC0BC4D3EF0564852E76D834A6376F86118ACF2B82121957889626320D6A4635D6042025279C5E3E8C8934
            Malicious:false
            Preview:.... .c.....{XC.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:data
            Category:dropped
            Size (bytes):66726
            Entropy (8bit):5.392739213842091
            Encrypted:false
            SSDEEP:768:RNOpblrU6TBH44ADKZEgF6MZwTB3j0KNxtpmFyCLDpj3RTlYyu:6a6TZ44ADEcMZwFj0KNjpAhTlK
            MD5:8246A8619842F0EBEE7B01090342B8C1
            SHA1:66812368AE074505E1E7D1A86C1B3B69292C1C5A
            SHA-256:DF04F12FDA7F6EB7EECB9D040A389014C8E56740DE4449CE37681BE8E5B3F149
            SHA-512:37F28F0273DA66F36E5EEB04F9B702EC39AD091A0969DAE93B6172D4723D7D3861D3ACFF1D047D772C71A788B51ED441EB28ABDF43B4645B52530F503499BC07
            Malicious:false
            Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

            C:\Users\user\AppData\Local\Temp\MSI7cc63.LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
            Category:dropped
            Size (bytes):246
            Entropy (8bit):3.5136057226030957
            Encrypted:false
            SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8EebaTyH:Qw946cPbiOxDlbYnuRK+bj
            MD5:4027790AB7AE02FD1BCDC19317224983
            SHA1:FA9DD9C62F09B8AAB61F11C511215C6DC69BBA19
            SHA-256:BA39B04CB957B16588511FE40718A4CFC56EFBD201197417296D6EA2DE283A90
            SHA-512:F6C64D9DCD6488B847CE4BC1F34EF8B32EF5CB1DACFA8AA80791854D062C15BA45E7411D4E17607CECF0C0AECA4119B210B1061CF177071DA9557D1A385E3E7D
            Malicious:false
            Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.0./.0.1./.2.0.2.4. . .1.5.:.3.1.:.5.3. .=.=.=.....

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-01-10 15-31-48-229.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with very long lines (393)
            Category:dropped
            Size (bytes):16525
            Entropy (8bit):5.386483451061953
            Encrypted:false
            SSDEEP:384:A2+jkjVj8jujXj+jPjghjKj0jLjmF/FRFO7t75NsXNsbNsgNssNsNNsaNsliNsTY:AXg5IqTS7Mh+oXChrYhFiQHXiz1W60ID
            MD5:F49CA270724D610D1589E217EA78D6D1
            SHA1:22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3
            SHA-256:D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D
            SHA-512:181B42465DE41E298329CBEB80181CBAB77CFD1701DBA31E61B2180B483BC35E2EFAFFA14C98F1ED0EDDE67F997EE4219C5318CE846BB0116A908FB2EAB61D29
            Malicious:false
            Preview:SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:808+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig:

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with very long lines (393), with CRLF line terminators
            Category:dropped
            Size (bytes):15114
            Entropy (8bit):5.339976850972239
            Encrypted:false
            SSDEEP:384:MLXOnnqbrWuRAAZbwbY+Yi2eBeM+7Ps2Voka2qKKUeuIzHemZVbr0ryfXVglvluH:RZ
            MD5:C029F767EF4FDCBFEAA39352C13C48DE
            SHA1:3D380498E6E5BAA7E3D936EAA316DD64CEBF7F02
            SHA-256:CB12458E4700B75470E93E862AD56D912F85CC751CFDDBEBD02ED738C8ED3C09
            SHA-512:CB39820C984355EB38188EE656B0EFEDD3717B871D6B91AF6F8C00278F9399E1925B07E2EC09D91897B1D48E34EF6A08473AF92C1EBB7EEF689ED44E86390C10
            Malicious:false
            Preview:SessionID=ae3a3ac1-4258-47ba-a040-593481ca3dfd.1704897108301 Timestamp=2024-01-10T15:31:48:301+0100 ThreadID=2816 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=ae3a3ac1-4258-47ba-a040-593481ca3dfd.1704897108301 Timestamp=2024-01-10T15:31:48:308+0100 ThreadID=2816 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=ae3a3ac1-4258-47ba-a040-593481ca3dfd.1704897108301 Timestamp=2024-01-10T15:31:48:308+0100 ThreadID=2816 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=ae3a3ac1-4258-47ba-a040-593481ca3dfd.1704897108301 Timestamp=2024-01-10T15:31:48:308+0100 ThreadID=2816 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=ae3a3ac1-4258-47ba-a040-593481ca3dfd.1704897108301 Timestamp=2024-01-10T15:31:48:308+0100 ThreadID=2816 Component=ngl-lib_NglAppLib Description="SetConf

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):35721
            Entropy (8bit):5.410305638452374
            Encrypted:false
            SSDEEP:768:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRldy0+AyxkHBDgRh9gRZM:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRs
            MD5:B2BBAC41F68A0A5C7A5B6822C6D896F2
            SHA1:067A1B9B14D1D686BDCE194D588E51EBC3D9980B
            SHA-256:04C2910EAE33D89C51B2F47C838C3ED7B36D1134ACB15EEDBB80B066BA64E157
            SHA-512:BB3E8A84B11F80771A927E219857C92DD384FCBF35F00551C13F5840FF62DBA5C72C32EE1090C504570004B52DAFFD7981C5EEFFBFB565BE366BD94067F7E266
            Malicious:false
            Preview:05-10-2023 08:41:17:.---2---..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:41:17:.Closing File..05-10-

            C:\Users\user\AppData\Local\Temp\acrocef_low\6aa1a4be-68a0-43bb-83a7-8bdcf1195323.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
            Category:dropped
            Size (bytes):386528
            Entropy (8bit):7.9736851559892425
            Encrypted:false
            SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
            MD5:5C48B0AD2FEF800949466AE872E1F1E2
            SHA1:337D617AE142815EDDACB48484628C1F16692A2F
            SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
            SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
            Malicious:false
            Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

            C:\Users\user\AppData\Local\Temp\acrocef_low\d590759d-16a0-4bbd-9b4f-7032b1050777.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
            Category:dropped
            Size (bytes):1407294
            Entropy (8bit):7.97605879016224
            Encrypted:false
            SSDEEP:24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje
            MD5:716C2C392DCD15C95BBD760EEBABFCD0
            SHA1:4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
            SHA-256:DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
            SHA-512:E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
            Malicious:false
            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

            C:\Users\user\AppData\Local\Temp\acrocef_low\d7747481-f05a-481c-8241-8ccaf3386b01.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
            Category:dropped
            Size (bytes):1419751
            Entropy (8bit):7.976496077007677
            Encrypted:false
            SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
            MD5:18E3D04537AF72FDBEB3760B2D10C80E
            SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
            SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
            SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
            Malicious:false
            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

            C:\Users\user\AppData\Local\Temp\acrocef_low\ed680d86-4de4-47a7-aed7-7b9b296899e8.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
            Category:dropped
            Size (bytes):758601
            Entropy (8bit):7.98639316555857
            Encrypted:false
            SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
            MD5:3A49135134665364308390AC398006F1
            SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
            SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
            SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
            Malicious:false
            Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

            C:\Users\user\Downloads\template.pdf

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):73802
            Entropy (8bit):6.322141460035005
            Encrypted:false
            SSDEEP:1536:IDsQiWilVz8nuCwidLQTl1Mb+KR0Nc8QsJq39:asQrinO/widLQTHe0Nc8QsC9
            MD5:77A401C0608A3409B67DE5751691122F
            SHA1:65551B076CBDDCCAA1BB72D4FA4AF391B06FA5E0
            SHA-256:9B68445CB5E3DFDC8A241BFFFADA33832DD7BA1C0E8E7F73C9EC616B97C0037F
            SHA-512:EAADA4928EC6A98058FCA87E5CE2997CDFD49FA93459C82244EA7A0F1446F808DB0F98DC4E76E4522F7B208BF8465AC9225D9843552F3456D582D66739A6378B
            Malicious:true
            Yara Hits:
            • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: C:\Users\user\Downloads\template.pdf, Author: Joe Security
            • Rule: JoeSecurity_MetasploitPayload, Description: Yara detected Metasploit Payload, Source: C:\Users\user\Downloads\template.pdf, Author: Joe Security
            • Rule: Windows_Trojan_Metasploit_a6e956c9, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: C:\Users\user\Downloads\template.pdf, Author: unknown
            • Rule: Windows_Trojan_Metasploit_4a1c4da8, Description: Identifies Metasploit 64 bit reverse tcp shellcode., Source: C:\Users\user\Downloads\template.pdf, Author: unknown
            • Rule: Msfpayloads_msf_10, Description: Metasploit Payloads - file msf.exe, Source: C:\Users\user\Downloads\template.pdf, Author: Florian Roth
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 97%
            • Antivirus: Virustotal, Detection: 83%, Browse
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8...Y...Y...Y...E...Y..TE...Y...F...Y...F...Y...Y...Y..TQ..Y...z...Y..._...Y..Rich.Y..................PE..L......J............................O<............@..........................`..............................................l...x....P...............................................................................................................text...f........................... ..`.rdata..............................@..@.data...\p.......@..................@....rsrc........P......................@..@........................................................................................................................................................................................................................................................................................................................................................................

            Static File Info

            General

            File type:PDF document, version 1.0, 1 pages
            Entropy (8bit):7.984516611405242
            TrID:
            • Adobe Portable Document Format (5005/1) 100.00%
            File name:campaign_logo.pdf
            File size:46'327 bytes
            MD5:24d156b71e1add8bc779807a45bd1047
            SHA1:3af7218d6e57fbb6e6ce5579673b53eea6cb647f
            SHA256:e417bdc6c13b96da8f6e8ed5a89657c6b6d22b00f8dcb1d286f8ae7a0d20cef7
            SHA512:256838db6abf45754fbea940026e26ba5bd0aa01164b1180b22b3e7c14172a42fad3fc4a8846fc1a697cb92b0336964dcb1571455f76b8d422382ee31f947b2c
            SSDEEP:768:c+Ape3wh0z4iofmdYmSK6+yCEphnhqpuv8oEWXHeh2naT8sotcJjONZ5hBl:cJR2zGfmd/SKzc8KdEmHehuDiiZ5Tl
            TLSH:3923F12AE25FDC0DE7624336B513D6AFEA0D706742EAB1C6123D8C259234638EF43576
            File Content Preview:%PDF-1.0..1 0 obj..<<.../Pages 2 0 R.../Type /Catalog..>>..endobj..2 0 obj..<<.../Count 1.../Kids [ 3 0 R ].../Type /Pages..>>..endobj..3 0 obj..<<.../Contents 4 0 R.../Parent 2 0 R.../Resources <<..../Font <<...../F1 <<....../Type /Font....../Subtype /Ty

            File Icon

            Icon Hash:62cc8caeb29e8ae0

            Static PDF Info

            General

            Header:%PDF-1.0
            Total Entropy:7.984517
            Total Bytes:46327
            Stream Entropy:7.994365
            Stream Bytes:44128
            Entropy outside Streams:5.346157
            Bytes outside Streams:2199
            Number of EOF found:2
            Bytes after EOF:

            Keywords Statistics

            NameCount
            obj12
            endobj12
            stream2
            endstream2
            xref2
            trailer2
            startxref2
            /Page2
            /Encrypt0
            /ObjStm0
            /URI0
            /JS1
            /JavaScript1
            /AA1
            /OpenAction1
            /AcroForm0
            /JBIG2Decode0
            /RichMedia0
            /Launch1
            /EmbeddedFile0

            Network Behavior

            No network behavior found

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:3
            Start time:13:40:39
            Start date:10/01/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            Wow64 process (32bit):false
            Commandline:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\campaign_logo.pdf
            Imagebase:0x7ff702560000
            File size:5'641'176 bytes
            MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:moderate
            Has exited:false

            General

            Target ID:13
            Start time:15:31:47
            Start date:10/01/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
            Imagebase:0x7ff6c3ff0000
            File size:3'581'912 bytes
            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:moderate
            Has exited:false

            General

            Target ID:15
            Start time:15:31:47
            Start date:10/01/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1624,i,6554754954404385274,11329708453254728665,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
            Imagebase:0x7ff6c3ff0000
            File size:3'581'912 bytes
            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:moderate
            Has exited:false

            Disassembly

            No disassembly