Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
payload8.pdf

Overview

General Information

Sample name:payload8.pdf
Analysis ID:1568007
MD5:1d566de3bc778fbb70abbfa76fbf5446
SHA1:cc6e4d6500d41485cc3ced890722d56dff2f4264
SHA256:1041e86e6cba85038bf6b70a0954847db850877d998452616c4c11301738bbab
Tags:pdfuser-youngbeaman
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7056 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\payload8.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 3564 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 3192 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1568,i,17087500387765673023,14749519744134941856,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: payload8.pdfReversingLabs: Detection: 26%
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49729 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49729
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49740
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49740
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49740
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49740
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49740
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49740
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49740
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49740
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49740
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49740
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49740
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49740
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 192.168.2.6:49740 -> 52.6.155.20:443
Source: global trafficTCP traffic: 52.6.155.20:443 -> 192.168.2.6:49740
Source: Joe Sandbox ViewIP Address: 52.6.155.20 52.6.155.20
Source: global trafficHTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01x-adobe-uuid: 0b65fa77-f9dd-4c6e-a1b5-fa4d63973307x-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01x-adobe-uuid: 0b65fa77-f9dd-4c6e-a1b5-fa4d63973307x-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01x-adobe-uuid: 0b65fa77-f9dd-4c6e-a1b5-fa4d63973307x-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01x-adobe-uuid: 0b65fa77-f9dd-4c6e-a1b5-fa4d63973307x-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: classification engineClassification label: mal48.winPDF@14/52@1/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.5580Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-03 23-20-01-520.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: payload8.pdfReversingLabs: Detection: 26%
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\payload8.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1568,i,17087500387765673023,14749519744134941856,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1568,i,17087500387765673023,14749519744134941856,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: payload8.pdfInitial sample: PDF keyword /JS count = 0
Source: payload8.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: payload8.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1568007 Sample: payload8.pdf Startdate: 04/12/2024 Architecture: WINDOWS Score: 48 15 x1.i.lencr.org 2->15 17 bg.microsoft.map.fastly.net 2->17 21 Multi AV Scanner detection for submitted file 2->21 8 Acrobat.exe 20 79 2->8         started        signatures3 process4 process5 10 AcroCEF.exe 107 8->10         started        process6 12 AcroCEF.exe 4 10->12         started        dnsIp7 19 52.6.155.20, 443, 49729, 49740 AMAZON-AESUS United States 12->19

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
payload8.pdf26%ReversingLabsDocument-PDF.Trojan.Heuristic

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		high
    x1.i.lencr.org
    		unknown
    		unknownfalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
        		high

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        52.6.155.20
        		unknownUnited States
        		14618AMAZON-AESUSfalse

        General Information

        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1568007
        Start date and time:2024-12-04 05:19:06 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 4m 1s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowspdfcookbook.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:14
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:payload8.pdf
        Detection:MAL
        Classification:mal48.winPDF@14/52@1/1
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        Cookbook Comments:
        • Found application associated with file extension: .pdf
        • Found PDF document
        • Close Viewer

        Warnings

        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 2.20.60.204, 162.159.61.3, 172.64.41.3, 34.237.241.83, 54.224.241.105, 18.213.11.84, 50.16.47.176, 23.50.131.75, 23.50.131.87, 23.195.39.65, 2.20.40.170, 199.232.214.172, 23.32.238.226, 23.32.238.232, 23.32.238.211, 23.32.238.201
        • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, a767.dspw65.akamai.net, acroipm2.adobe.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, wu-b-net.trafficmanager.net, storeedgefd.dsx.mp.microsoft.com, crl.root-x1.letsencrypt.org.edgekey.net, client.wns.windows.com, fs.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ssl.adobe.com.edgekey.net, armmf.adobe.com, geo2.adobe.com
        • VT rate limit hit for: payload8.pdf

        Simulations

        Behavior and APIs

        TimeTypeDescription
        23:20:13API Interceptor2x Sleep call for process: AcroCEF.exe modified

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        52.6.155.20kingsmaker_4.ca.ps1Get hashmaliciousDucktailBrowse
          kingsmaker_6.ca.ps1Get hashmaliciousDucktailBrowse
            Demande de proposition du Accueil-Parrainage Outaouais.pdfGet hashmaliciousUnknownBrowse
              cgoaudit Files.pdfGet hashmaliciousUnknownBrowse
                method-statement-for-valve-installation_compress.pdfGet hashmaliciousUnknownBrowse
                  https://acrobat.adobe.com/id/urn:aaid:sc:EU:98ca4a25-984a-4511-9eb1-b7e6c5c56a12Get hashmaliciousHTMLPhisherBrowse
                    Fw INVOICE TEST-4 - INTUIT QUICKBOOKS - 399.00 USD.zipGet hashmaliciousUnknownBrowse
                      EXTERN Zahlungsbest#U00e4tigung.msgGet hashmaliciousCVE-2024-21412Browse
                        Please_Docusign_this_document_July 2024_2471.pdfGet hashmaliciousUnknownBrowse
                          PO.pdfGet hashmaliciousUnknownBrowse

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            bg.microsoft.map.fastly.netInvoice268277.pdfGet hashmaliciousUnknownBrowse
                            • 199.232.210.172
                            __Official Notice 2024_2025 Compensation Adjustments and Enrollment Timelines__ 03_12_24.emlGet hashmaliciousUnknownBrowse
                            • 199.232.210.172
                            QuarantineMessage (1).zipGet hashmaliciousHTMLPhisherBrowse
                            • 199.232.210.172
                            b1.exeGet hashmaliciousPureCrypter, MicroClipBrowse
                            • 199.232.210.172
                            17332726262370c8b68982b9597591584ea127a055d5729e2003a903c2f5999d6e4c10604b686.dat-decoded.exeGet hashmaliciousUnknownBrowse
                            • 199.232.210.172
                            17332726262370c8b68982b9597591584ea127a055d5729e2003a903c2f5999d6e4c10604b686.dat-decoded.exeGet hashmaliciousUnknownBrowse
                            • 199.232.214.172
                            file.exeGet hashmaliciousLummaC StealerBrowse
                            • 199.232.210.172
                            fiyati_teklif 65W20_ B#U00fcy#U00fck mokapto Sipari#U015fi _PDF_.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                            • 199.232.214.172
                            Employee_Important_Message.pdfGet hashmaliciousHTMLPhisherBrowse
                            • 199.232.214.172
                            fes.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                            • 199.232.210.172

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            AMAZON-AESUSx86.elfGet hashmaliciousMiraiBrowse
                            • 67.202.62.51
                            https://www.bing.com/ck/a?!&&p=b3ddcc612c5f63024f18df0521265aa33742187d0b01744f07bf6348af8f753eJmltdHM9MTczMzE4NDAwMA&ptn=3&ver=2&hsh=4&fclid=26e9525e-8a77-6109-2437-46988be9608d&psq=superpitmachinery.com&u=a1aHR0cHM6Ly9zdXBlcnBpdG1hY2hpbmVyeS5jb20v&ntb/#fi-weixiang.ong@falconincorporation.comGet hashmaliciousUnknownBrowse
                            • 54.226.114.88
                            file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                            • 44.196.3.45
                            Invoice268277.pdfGet hashmaliciousUnknownBrowse
                            • 3.233.129.217
                            file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                            • 44.196.3.45
                            file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                            • 34.224.200.202
                            teste.arm5.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                            • 54.30.32.77
                            file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                            • 44.196.3.45
                            teste.x86.elfGet hashmaliciousMirai, Moobot, OkiruBrowse
                            • 54.27.63.201
                            arm7.elfGet hashmaliciousMiraiBrowse
                            • 52.22.221.222

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):295
                            Entropy (8bit):5.174877383568738
                            Encrypted:false
                            SSDEEP:6:ULvzAq2PN72nKuAl9OmbnIFUt8RLvdZZmw+RLvdzkwON72nKuAl9OmbjLJ:fvVaHAahFUt8XZ/+Xz5OaHAaSJ
                            MD5:CBBC21A465A3649E15D818537BE21511
                            SHA1:64E2BA5325805C77504B05F84D6CB0A93F4CF24E
                            SHA-256:BF19D65D9076C5024A4EAA3318CBF617A25506524F3899616EB9FC9D7C84D5BF
                            SHA-512:28BC0C435441DCCB4D3A11EC1E3FC86DEF3B127AA7D6422B518A221A4477C983D0488573AC18BE908AD568D906254038364D19A71260E004E57E9294E16B6EB7
                            Malicious:false
                            Reputation:low
                            Preview:2024/12/03-23:20:01.791 650 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/03-23:20:01.793 650 Recovering log #3.2024/12/03-23:20:01.793 650 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):295
                            Entropy (8bit):5.174877383568738
                            Encrypted:false
                            SSDEEP:6:ULvzAq2PN72nKuAl9OmbnIFUt8RLvdZZmw+RLvdzkwON72nKuAl9OmbjLJ:fvVaHAahFUt8XZ/+Xz5OaHAaSJ
                            MD5:CBBC21A465A3649E15D818537BE21511
                            SHA1:64E2BA5325805C77504B05F84D6CB0A93F4CF24E
                            SHA-256:BF19D65D9076C5024A4EAA3318CBF617A25506524F3899616EB9FC9D7C84D5BF
                            SHA-512:28BC0C435441DCCB4D3A11EC1E3FC86DEF3B127AA7D6422B518A221A4477C983D0488573AC18BE908AD568D906254038364D19A71260E004E57E9294E16B6EB7
                            Malicious:false
                            Reputation:low
                            Preview:2024/12/03-23:20:01.791 650 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/03-23:20:01.793 650 Recovering log #3.2024/12/03-23:20:01.793 650 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):339
                            Entropy (8bit):5.122845332927688
                            Encrypted:false
                            SSDEEP:6:UL1cq2PN72nKuAl9Ombzo2jMGIFUt8RLIZmw+RLQkwON72nKuAl9Ombzo2jMmLJ:AcvVaHAa8uFUt8y/++5OaHAa8RJ
                            MD5:7BA63A07CD68BB2829605843F3389442
                            SHA1:6290B6D8291B4D37262D1288560B48B0F864CEBB
                            SHA-256:256C18660DD97D463249214EE44F2855398D0C8D9BD1D7369DDA5A1653F0E97D
                            SHA-512:1D8F61CE3D62B4C716F4050FC8272AB467B56955CC8319923ADE90583CF84233ECBFCFA91D7AB90A6631AB1248B3FEB8E0E10092E0B3C3223FF3F148C913BEBE
                            Malicious:false
                            Reputation:low
                            Preview:2024/12/03-23:20:01.864 804 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/03-23:20:01.870 804 Recovering log #3.2024/12/03-23:20:01.870 804 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):339
                            Entropy (8bit):5.122845332927688
                            Encrypted:false
                            SSDEEP:6:UL1cq2PN72nKuAl9Ombzo2jMGIFUt8RLIZmw+RLQkwON72nKuAl9Ombzo2jMmLJ:AcvVaHAa8uFUt8y/++5OaHAa8RJ
                            MD5:7BA63A07CD68BB2829605843F3389442
                            SHA1:6290B6D8291B4D37262D1288560B48B0F864CEBB
                            SHA-256:256C18660DD97D463249214EE44F2855398D0C8D9BD1D7369DDA5A1653F0E97D
                            SHA-512:1D8F61CE3D62B4C716F4050FC8272AB467B56955CC8319923ADE90583CF84233ECBFCFA91D7AB90A6631AB1248B3FEB8E0E10092E0B3C3223FF3F148C913BEBE
                            Malicious:false
                            Reputation:low
                            Preview:2024/12/03-23:20:01.864 804 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/03-23:20:01.870 804 Recovering log #3.2024/12/03-23:20:01.870 804 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\5511dbda-23ff-4eb3-a61e-ba5dd3723a76.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):475
                            Entropy (8bit):4.971824627296864
                            Encrypted:false
                            SSDEEP:12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7
                            MD5:F326539D084B03D88254A74D6018F692
                            SHA1:395B367E0E3554C3E78A8211F2D4B9F0F427CA87
                            SHA-256:9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007
                            SHA-512:C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539
                            Malicious:false
                            Reputation:moderate, very likely benign file
                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341048370594526","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":151499},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\7a9542bf-ab62-44f4-b059-0726e98d60e2.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):475
                            Entropy (8bit):4.975824910517686
                            Encrypted:false
                            SSDEEP:12:YH/um3RA8sq2msBdOg2Hmcaq3QYiubcP7E4TX:Y2sRdsFrdMHZ3QYhbA7n7
                            MD5:895A50DAC558CAC447103E9402BC2B81
                            SHA1:0C6568EAD68E7B1CFB31B3B70FDCC007EB98E9AD
                            SHA-256:D70E9D29C0B3F43CF205F9E583F8A651C32CC3F28A108565C8094D85A222AA09
                            SHA-512:7C7DF0DC583B31EAE4A83ABEF97FFF221A67AA68B1FED4318069B18A0A1E669C628A081E4AD96BB855186B169C4ECAC999EDB30B05B80B8A3768DC1357232615
                            Malicious:false
                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13377846011208873","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":657985},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):475
                            Entropy (8bit):4.971824627296864
                            Encrypted:false
                            SSDEEP:12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7
                            MD5:F326539D084B03D88254A74D6018F692
                            SHA1:395B367E0E3554C3E78A8211F2D4B9F0F427CA87
                            SHA-256:9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007
                            SHA-512:C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539
                            Malicious:false
                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341048370594526","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":151499},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF52922f.TMP (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):475
                            Entropy (8bit):4.971824627296864
                            Encrypted:false
                            SSDEEP:12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7
                            MD5:F326539D084B03D88254A74D6018F692
                            SHA1:395B367E0E3554C3E78A8211F2D4B9F0F427CA87
                            SHA-256:9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007
                            SHA-512:C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539
                            Malicious:false
                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341048370594526","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":151499},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):5859
                            Entropy (8bit):5.246850789227002
                            Encrypted:false
                            SSDEEP:96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7nhl9l:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhr
                            MD5:1BF83AD40D406282E7E7FA9C2638CD0B
                            SHA1:C07DD9CBAD2690EE1C707E174D72D705BC88B884
                            SHA-256:D8607EA0144CB2595B6879E0FFD4EDB156EC2FFDA4BC01435F199FE46BDCFC23
                            SHA-512:5ABDC4FD5903970A1F985DF389A16D26DE1E88434206AF45ABFAB70E2E351866DDE8A5B466DFA0646A7EA23DD43C0FFACD6EA2623C8BB428411C88208F180D0D
                            Malicious:false
                            Preview:*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):327
                            Entropy (8bit):5.12693885948533
                            Encrypted:false
                            SSDEEP:6:EFIq2PN72nKuAl9OmbzNMxIFUt8yVRXZmw+vPkwON72nKuAl9OmbzNMFLJ:1vVaHAa8jFUt8yV9/+X5OaHAa84J
                            MD5:22DF43204EA8A39B6218F4AA0DCF0E03
                            SHA1:E9E12575B860F543EA58BE953361E6017CB12AE0
                            SHA-256:4FC628F26CE4FE40ACEA1DBB633D4AF54602DF48D1F194476CB295ACE7DA17B7
                            SHA-512:253646A12032CE6240796F2E9BB57145F527CCD1CBB1B661585F8EF1773B6E9756BEB1BA279E24AF18FC1913C2AC678BDF3AA57F6243AB6C08341279E0820965
                            Malicious:false
                            Preview:2024/12/03-23:20:02.711 804 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/03-23:20:02.752 804 Recovering log #3.2024/12/03-23:20:02.764 804 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):327
                            Entropy (8bit):5.12693885948533
                            Encrypted:false
                            SSDEEP:6:EFIq2PN72nKuAl9OmbzNMxIFUt8yVRXZmw+vPkwON72nKuAl9OmbzNMFLJ:1vVaHAa8jFUt8yV9/+X5OaHAa84J
                            MD5:22DF43204EA8A39B6218F4AA0DCF0E03
                            SHA1:E9E12575B860F543EA58BE953361E6017CB12AE0
                            SHA-256:4FC628F26CE4FE40ACEA1DBB633D4AF54602DF48D1F194476CB295ACE7DA17B7
                            SHA-512:253646A12032CE6240796F2E9BB57145F527CCD1CBB1B661585F8EF1773B6E9756BEB1BA279E24AF18FC1913C2AC678BDF3AA57F6243AB6C08341279E0820965
                            Malicious:false
                            Preview:2024/12/03-23:20:02.711 804 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/03-23:20:02.752 804 Recovering log #3.2024/12/03-23:20:02.764 804 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241204042005Z-221.bmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PC bitmap, Windows 3.x format, 152 x -152 x 32, cbSize 92470, bits offset 54
                            Category:dropped
                            Size (bytes):92470
                            Entropy (8bit):0.019973327508180493
                            Encrypted:false
                            SSDEEP:12:jljp/555v5555Z955555L75555ZT/555xjQ:P9U
                            MD5:4E67C21AF6EC9C825A3F616EAAFEE60F
                            SHA1:453FE5AB71009FB5908E5A627A4082C744B067DF
                            SHA-256:67822CA21D866B8390E7E923312AEE4C10500A1531A26C07DDB31A2252B9C93C
                            SHA-512:444F95E0A882BAD9224E77DA08CEC32ABB7F23DF0ECE4491A746E039A9A3D51FDB2F240146D0DA294A967733CDF2733894E97A33F10F9DED92FF548086D4CD12
                            Malicious:false
                            Preview:BM6i......6...(.......h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
                            Category:dropped
                            Size (bytes):86016
                            Entropy (8bit):4.444616198052183
                            Encrypted:false
                            SSDEEP:384:ye6ci5tdiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:m2s3OazzU89UTTgUL
                            MD5:EFBB2D3FFDCA523AC00E584FD2A5B85B
                            SHA1:DF5C087E5B883C4E5DE246BD7329D843023D0B5C
                            SHA-256:FC7D47AD6EF5B01883FDE5A54117CAE2533D064B0F75B9F4B14F77FCF66AB8DD
                            SHA-512:0236E699C474B74AC89113369B036B60070D1D302407A725E6A379BB1A47F093891A4CD8DF85D0F998B79D63A1145851F48501203DDF4C4CE852B6EA7FCDD4A7
                            Malicious:false
                            Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:SQLite Rollback Journal
                            Category:dropped
                            Size (bytes):8720
                            Entropy (8bit):3.766379256618026
                            Encrypted:false
                            SSDEEP:48:7M0JioyV+ioy8oy1C7oy16oy1EKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1Of:7XJu+cDXjBi7b9IVXEBodRBk3M
                            MD5:E639640C4672FB586D16992C43D8C329
                            SHA1:B3AB8F207EDD95049CD882FA16387F4C673CDE99
                            SHA-256:E7DDC36ACDD14C0C7BCAB1E6E39D72194040DF6B8459A21C5DC896CD8F37FB53
                            SHA-512:A909E6DA5EA8CF479B35BA58D6682FD9C597B61C5EE03B75B46DD99558C303C5FC7DAB4DAB75B94290CB26A44E75C1EDF4AAFFEBF85653D8352535DFADC9DF29
                            Malicious:false
                            Preview:.... .c......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:Certificate, Version=3
                            Category:dropped
                            Size (bytes):1391
                            Entropy (8bit):7.705940075877404
                            Encrypted:false
                            SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                            MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                            SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                            SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                            SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                            Malicious:false
                            Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                            Category:dropped
                            Size (bytes):71954
                            Entropy (8bit):7.996617769952133
                            Encrypted:true
                            SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                            MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                            SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                            SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                            SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                            Malicious:false
                            Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):192
                            Entropy (8bit):2.756901573172974
                            Encrypted:false
                            SSDEEP:3:kkFkl+4CRXfllXlE/HT8k3ll7/XNNX8RolJuRdxLlGB9lQRYwpDdt:kKn4CRIT88lJdNMa8RdWBwRd
                            MD5:89B23194942C03019C413481FE2A09FD
                            SHA1:E9488B282B3EB8B67EA8AF06D1F908EA86B8B2D2
                            SHA-256:FF410F0D0ADC8F68D2CBD8271AFE2AA1AC3D190D68FCD0EE5A604601A5E0973D
                            SHA-512:5834E965AEB2226BFC66679DCBF20B88C22FD61E4D4A223D715FA005DB2F623933DFCFE3C096BD7A08823651E2BBA41300904EE6C7210F10D219DF4963A35799
                            Malicious:false
                            Preview:p...... .........&...F..(....................................................... ..........W....-...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:data
                            Category:modified
                            Size (bytes):328
                            Entropy (8bit):3.247897867253902
                            Encrypted:false
                            SSDEEP:6:kK2R99UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:XDImsLNkPlE99SNxAhUe/3
                            MD5:E1DAAC06FFF51404DF3DB3C2ECA203D5
                            SHA1:0BB5BD6F2932CC60683A497CC783F0926D542FDC
                            SHA-256:1FDC6C42A553D75B5D24A64D1CF356A9B18C2278CA05A869DC161F6136EAA44D
                            SHA-512:7E0463E63FF7883A640494987AE157BB98EA6695BC328BA08970999FBD1282945D4010F00DD24E2AD26CAC3371FFB1ED28E1B0EBA3BD1F1289533D05699C4256
                            Malicious:false
                            Preview:p...... ..........x..F..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PostScript document text
                            Category:dropped
                            Size (bytes):1233
                            Entropy (8bit):5.233980037532449
                            Encrypted:false
                            SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                            MD5:8BA9D8BEBA42C23A5DB405994B54903F
                            SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                            SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                            SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                            Malicious:false
                            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5580

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PostScript document text
                            Category:dropped
                            Size (bytes):1233
                            Entropy (8bit):5.233980037532449
                            Encrypted:false
                            SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                            MD5:8BA9D8BEBA42C23A5DB405994B54903F
                            SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                            SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                            SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                            Malicious:false
                            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PostScript document text
                            Category:dropped
                            Size (bytes):1233
                            Entropy (8bit):5.233980037532449
                            Encrypted:false
                            SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                            MD5:8BA9D8BEBA42C23A5DB405994B54903F
                            SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                            SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                            SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                            Malicious:false
                            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PostScript document text
                            Category:dropped
                            Size (bytes):10880
                            Entropy (8bit):5.214360287289079
                            Encrypted:false
                            SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                            MD5:B60EE534029885BD6DECA42D1263BDC0
                            SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                            SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                            SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                            Malicious:false
                            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.5580

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PostScript document text
                            Category:dropped
                            Size (bytes):10880
                            Entropy (8bit):5.214360287289079
                            Encrypted:false
                            SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                            MD5:B60EE534029885BD6DECA42D1263BDC0
                            SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                            SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                            SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                            Malicious:false
                            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):295
                            Entropy (8bit):5.382640469821896
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HXtjX4O0nZiQ0YaWDoAvJM3g98kUwPeUkwRe9:YvXKXtjX10cV5GMbLUkee9
                            MD5:8C95107D95F4B97D4E51886BCCBD792A
                            SHA1:CCF4D4EC22259D02AD5E402F19DAABD749AC3A8B
                            SHA-256:7DD23E95321DB36D941C8E6A81C649B278DC0D91465DDD1A21D5022C882A6AA8
                            SHA-512:6D6DCAD9FD3EB6F8B4AE1FCADBECA4B75A8E0A4158B9B1B765D74950BE8AB0C708D5D52872B1EA4165F131D520C414B9AA7FC37783EC0217CA87F3320F9D0742
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"bdd4ac4a-d3b7-4905-8622-bc71d329fd2f","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1733461725566,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):294
                            Entropy (8bit):5.337072586381929
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HXtjX4O0nZiQ0YaWDoAvJfBoTfXpnrPeUkwRe9:YvXKXtjX10cV5GWTfXcUkee9
                            MD5:2AD82CABA711384DF9C567D037FA5E4B
                            SHA1:D714B205421285CC0617663AFC78D143274062A5
                            SHA-256:670C7B8F50B1B0C604CC891811775B628CBFE96D3FDDC0FB4141751D29DB028F
                            SHA-512:F7023906644F4BE8E247B323208154AE1F2CB569C765C8893A26DF84BB54BC7C7AD3E188DB89923E54EF930C2D6A2A9A065F53B03A70E9EE583C04BD4CF91638
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"bdd4ac4a-d3b7-4905-8622-bc71d329fd2f","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1733461725566,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):294
                            Entropy (8bit):5.3150251863812885
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HXtjX4O0nZiQ0YaWDoAvJfBD2G6UpnrPeUkwRe9:YvXKXtjX10cV5GR22cUkee9
                            MD5:2E9A436BD08DB51D10EF5166D946C76E
                            SHA1:CAAAE3FBD11DA1D6BFBDC488A7F576D6F421011F
                            SHA-256:F63CC70EF267B397F26BDA06379474EADE33830C04BBCA8AF12DCB2DD396C55C
                            SHA-512:5741751F81A6D29819D93E4463CA0FCF38EDAD2C9B6488FBCC54C4020B68445D02CE12F9C0F4600AE38DE808FA1546EE1B96CD3EC19B5EA2FA6B72285D930B06
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"bdd4ac4a-d3b7-4905-8622-bc71d329fd2f","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1733461725566,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):285
                            Entropy (8bit):5.363339434380736
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HXtjX4O0nZiQ0YaWDoAvJfPmwrPeUkwRe9:YvXKXtjX10cV5GH56Ukee9
                            MD5:E31A97B478DEECB1374407F0CE57B508
                            SHA1:A505D22A8BCBC08EF9164A26BBA4269E3B401DE0
                            SHA-256:D42AB156FA2EB622AD46D7290D82CBEC9CDC9E6FB57EB42712D287810C27EE2F
                            SHA-512:9BFF66E965C4108669AD7D01F44F3E1781AFF9CBD1763CAE08340134E60760F00B0E8DEF2A2C032DFEB5996AB081AC876FB95FEC4BD5544CFFC417190653603C
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"bdd4ac4a-d3b7-4905-8622-bc71d329fd2f","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1733461725566,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1123
                            Entropy (8bit):5.687698981527148
                            Encrypted:false
                            SSDEEP:24:Yv6X11ZVepLgE9cQx8LennAvzBvkn0RCmK8czOCCSG:YvIehgy6SAFv5Ah8cv/G
                            MD5:AFA60790AD3F6E6FE25AF90E668108B7
                            SHA1:DCAFFA56E4A157BB82CEDDA03FDFBBC6D52E0A1A
                            SHA-256:39C1A1DF221FEE534204E62FCAC2E93799C87D980BFAB0ADA9D7C52CDB397CF6
                            SHA-512:0C10B8458679C177008F4E751C99BD7FF843E36C33587F95B3C559A2420474DA4D16E88103C0E4603C035BEAB71EDF13BAC6FCF652F52E9A0D2190BFF54DE6CF
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"bdd4ac4a-d3b7-4905-8622-bc71d329fd2f","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1733461725566,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1122
                            Entropy (8bit):5.680025616283884
                            Encrypted:false
                            SSDEEP:24:Yv6X11ZVIVLgEwcp06ybnAvz7xHn0RCmK8czOCYHfl8zdBL:YvIIFgSNycJUAh8cvYHw
                            MD5:141B5F649EBAA111E6ED1045B8EA4F10
                            SHA1:E153426DD2C68DDED23556266774A6BD5CF33216
                            SHA-256:E44C0D8BFA80292BAFD8C16A2FA8A2069BE2A0E374D5378DB23F1EF4EAD8089F
                            SHA-512:C8CA81E5E145C89523C031A0DBA467B002B61A3C414A9982B20644A96705CFF47A5C7D365EE5EE1CBA4948A82E559A6BC1F92A4AA820E7752E87152F29ED6709
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"bdd4ac4a-d3b7-4905-8622-bc71d329fd2f","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1733461725566,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_0","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"1aad653c-ef44-43f7-be1c-3a2ba2cf2cfc","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuIFBERiBmb3JtcyAmIGFncmVlbWVudHMuIn0sInRjY

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):292
                            Entropy (8bit):5.314713300855336
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HXtjX4O0nZiQ0YaWDoAvJfQ1rPeUkwRe9:YvXKXtjX10cV5GY16Ukee9
                            MD5:E67E4CAF3586B8C03E28D7AFAA7A33CE
                            SHA1:D2BAD3526C79FD81732B0979D8B4282D31D6EC4B
                            SHA-256:4382D3BE3DC29093CEFEAD8EEC1E30A53613E98931BF894D9E89D0F93C9F69C1
                            SHA-512:6B49D010B98AB98636A29662680A0255A79CA7A146EDA266E24F6351E9115BA642E5FCDD37A761377A8632664E4B3ACEE1BC0B2D6A6FB4750745F1849B75E458
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"bdd4ac4a-d3b7-4905-8622-bc71d329fd2f","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1733461725566,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1102
                            Entropy (8bit):5.673508443567617
                            Encrypted:false
                            SSDEEP:24:Yv6X11ZVN2LgErcXWl7y0nAvzIBcSJCBViVL:YvINogH47yfkB5kVG
                            MD5:81CC25B1459EF6C19C75322E71961D83
                            SHA1:555B2114065273A08562759E37F458A1D18AAE7C
                            SHA-256:F013A13EA702551927221BA0EAF0DFDB109F8A20CC785C23F7A2F86DBC15C118
                            SHA-512:F6A3972274B808A22B404B1775FEFD8BF70FC07314B7B228DE7B3C8A6BAD6CF66B2B1CBC20821378DC3967B8475585F3947CD5B9B4B41E6D4C3CFD3FEA86E444
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"bdd4ac4a-d3b7-4905-8622-bc71d329fd2f","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1733461725566,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_1","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"533ab5eb-b236-4889-89a5-ac002261d71e","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkVkaXRQREZSZHJBcHBGdWxsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTRweCIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTJweCIsImZvbnRfc3R5bGUiOiItMSJ9LCJ0aXRsZSI6bnVsbCwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiJ9LCJ0Y2F0SWQiOm51bGx9","da

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1164
                            Entropy (8bit):5.699910178996568
                            Encrypted:false
                            SSDEEP:24:Yv6X11ZVlKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5L:YvIlEgqprtrS5OZjSlwTmAfSKF
                            MD5:832157BCC58C84E5F958CFEAA04146D4
                            SHA1:6724ABA4E4C72E77F3086E2C75E50ECF2340ADF9
                            SHA-256:98BEF603CE63064319215B1D4AD5B2A2B73624408A4A1D1FEF482077A40E14EE
                            SHA-512:686FE9FB13B24C313C346A1B4DFA5D34CCA9846F607AB5392BF2C912B41F945CC62A0757AB85B882CDA906C04A94A67C61C106A141CFE227B1D64151108FF7B1
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"bdd4ac4a-d3b7-4905-8622-bc71d329fd2f","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1733461725566,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):289
                            Entropy (8bit):5.319658385421789
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HXtjX4O0nZiQ0YaWDoAvJfYdPeUkwRe9:YvXKXtjX10cV5Gg8Ukee9
                            MD5:46F9A8A7326A2C0B32FDBC98310F2664
                            SHA1:DCD9275D761FBFAA8A4808EB67C58C610C30967C
                            SHA-256:761251B1FD4421321C75F4FF0BAED555F10B15BCC27F333246F5604A9346DC8C
                            SHA-512:9682B11589A47C0E31DD6B4CD7BA5A08C734EE146E0E4E0017B1C6A47526370099760C57417AC2F870B2E299AC44279EE8A4DA11AC4DDB53FFA35DB7A0FE956C
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"bdd4ac4a-d3b7-4905-8622-bc71d329fd2f","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1733461725566,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):284
                            Entropy (8bit):5.305737155046511
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HXtjX4O0nZiQ0YaWDoAvJf+dPeUkwRe9:YvXKXtjX10cV5G28Ukee9
                            MD5:BEFDCD331A18CE2AA205BB72B2743340
                            SHA1:DBCCF582131575DC43B58BD93E76A79A16168EB4
                            SHA-256:F2E229B1B25F733A1041A6E25EBA4B1AFF8F63A78FD6B0E2FB08BFBD275ADC29
                            SHA-512:D067D449F7B1B54E401479FD54230DAC1692D735B18569F41B64EC8EB7376D4B012DADA5ED2F3EE3B2E0D63F7A3519DD0A631AC34535455A55E9A030B33E1414
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"bdd4ac4a-d3b7-4905-8622-bc71d329fd2f","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1733461725566,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):291
                            Entropy (8bit):5.303070373917494
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HXtjX4O0nZiQ0YaWDoAvJfbPtdPeUkwRe9:YvXKXtjX10cV5GDV8Ukee9
                            MD5:F2B055D9D4F15F44EBB288A2EFCBDAE0
                            SHA1:690E0E2EDB02A78719254A9D60CD3A29DBA17960
                            SHA-256:921E94BE878B67469CB7849463E91F2BC65E822A33D7058CB52F7384F8470261
                            SHA-512:EBD0C5226690E849A34355D6BC7A6B4058893D9680988BC057D92FFB1A00DA966D0A0B79086F6E7AA7A22497F06A2A732E7C0AC19BCD652827A54CDF066BBCE7
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"bdd4ac4a-d3b7-4905-8622-bc71d329fd2f","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1733461725566,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):287
                            Entropy (8bit):5.306723795642132
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HXtjX4O0nZiQ0YaWDoAvJf21rPeUkwRe9:YvXKXtjX10cV5G+16Ukee9
                            MD5:25F894D86581DD7E13D20CC228568B54
                            SHA1:E3C0C6707B6CF506B5E189558574FAFB83684090
                            SHA-256:425B20F14F605664C05DA9B933B30DB23D2E69DF674232F90B72B9A9EC0446C0
                            SHA-512:533520F6785E6979A0390C77C9B7C54D95DBA8B4BC4AC9DDE7D8871CF38B45BA6DC17B28B9E01C3F5AB99745954A38DCFB29D62B53F553F8D4492BE4FDBEE91A
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"bdd4ac4a-d3b7-4905-8622-bc71d329fd2f","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1733461725566,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1090
                            Entropy (8bit):5.663104100453954
                            Encrypted:false
                            SSDEEP:24:Yv6X11ZVCamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSG:YvIcBgkDMUJUAh8cvMG
                            MD5:557D89CF5B93D22B52877F501B023862
                            SHA1:2E086AC13AEBCD9B02FA9D5073A6A87E87505277
                            SHA-256:7E5A05B818BB71097BE8E0D8B81A4633EDF55C093B347C8BFA21DD6CC9DFD0DF
                            SHA-512:D8BCE9E0E3D54726CA9681510BC0DE94CAA6A421AA4BBAA577A90DB85583025979B00DD6A71B6833F45975DF181903150DF13684F79DDF85B76158DF8E7F6D36
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"bdd4ac4a-d3b7-4905-8622-bc71d329fd2f","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1733461725566,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):286
                            Entropy (8bit):5.280892141902407
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HXtjX4O0nZiQ0YaWDoAvJfshHHrPeUkwRe9:YvXKXtjX10cV5GUUUkee9
                            MD5:0D726CD4AE9338578A570E4E60EDE894
                            SHA1:23A084BAA404C98663A49F792A56034072CB68D2
                            SHA-256:2CE2667D8CD3906D8BEF794043272823C94826CD1CC228DC5ACB5FB728E252D6
                            SHA-512:08E740F32791D71CED512DE0A76FB529DB2D497E342258B2DD1D37F1A2E9C6382BDB1B339C53A6C8E7D705742BE19718B65401904949559E6EAF5E70C7F1324E
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"bdd4ac4a-d3b7-4905-8622-bc71d329fd2f","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1733461725566,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):282
                            Entropy (8bit):5.2859729953893435
                            Encrypted:false
                            SSDEEP:6:YEQXJ2HXtjX4O0nZiQ0YaWDoAvJTqgFCrPeUkwRe9:YvXKXtjX10cV5GTq16Ukee9
                            MD5:B7904AD4AFC7B5C764C4912C129859B5
                            SHA1:A4BA990693EDEB62CB32459405C6097F51C4B5D7
                            SHA-256:524F1F2303FA679790F954D1BFF8F9BA079D8EEEC5BCF5C1855C55FE0B6465B9
                            SHA-512:71CFB0F98A28215F13841FF69610A50AE9284AC491330516C5E5B0927D60C8DE03F1FC91DC2FA1170459AE70FDE899EC05CF18436CDC295961B89232964BA4B4
                            Malicious:false
                            Preview:{"analyticsData":{"responseGUID":"bdd4ac4a-d3b7-4905-8622-bc71d329fd2f","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1733461725566,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):4
                            Entropy (8bit):0.8112781244591328
                            Encrypted:false
                            SSDEEP:3:e:e
                            MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                            SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                            SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                            SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                            Malicious:false
                            Preview:....

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):2817
                            Entropy (8bit):5.137865549049055
                            Encrypted:false
                            SSDEEP:24:Y/k+aIQ3ayan21x9vPjxmw477fjz+j0SJRBN2e2LSLC/X1cmdMMULa5rn9B3LuwF:Y/PQ5NPVqTcPDNkX1cm2MUOJn9B3vF
                            MD5:4D19A8CC84EDC512C6508281B95028A9
                            SHA1:5CD387CDD5607392B22CCBFCDD15883F6015F9DF
                            SHA-256:6928D2B23A433D11172E46C82FAF1DB1253861C0E7D3ED5157EA5749FEE92873
                            SHA-512:1D4FCC18A26255CAC6C748FA615D5E842FB2391178EF25099D48047FA8340E046DC7D0379A3EE52A6878A89CCB11B6EFA8CE86A342C7E5DEC8217DEB77BF6A8E
                            Malicious:false
                            Preview:{"all":[{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"6a06c73c29b5f68bfa12f30f022f6c1d","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1733286015000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"8acf3b646325727b1d4e7f7d201e4b85","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1733286015000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"744d3524eeb5f5d22bc297e361cc72c9","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1733286015000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"3e284763c9a8ed10a8058b8ed862a5ed","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1102,"ts":1733286015000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"2593fc1c857a733b77a9a78b6d71a15c","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1122,"ts":1733286015000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"f5a5b5eede5195146ac01c59ddc68ec4","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
                            Category:dropped
                            Size (bytes):12288
                            Entropy (8bit):1.1469067390546919
                            Encrypted:false
                            SSDEEP:24:TLhx/XYKQvGJF7urs0ybLLRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIU4:TFl2GL7msFLPXc+XcGNFlRYIX2v3keLh
                            MD5:A35FECF1BA4776D7A6C03A62CF03B82D
                            SHA1:4D8EA873827762430AFF93F79E5A4AB464D54E11
                            SHA-256:A917963ACA130C49D5408C8B4EA9FFF8D17613D149792226273606F89C433D25
                            SHA-512:3F336B5233011B7205103BAA39D4D21CC44D13292DC2C60F26477B13A8A3DDDC8E79FAE882B2015531E09ADEC461BD867D7AE763FAEF1EB108DCC41820A2E2F4
                            Malicious:false
                            Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:SQLite Rollback Journal
                            Category:dropped
                            Size (bytes):8720
                            Entropy (8bit):1.5487205654820937
                            Encrypted:false
                            SSDEEP:24:7+tgybLLUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxPqLxx/K:7MxL4Xc+XcGNFlRYIX2vWqVl2GL7msY
                            MD5:268D62C34FB321796CE6E4B5145929AA
                            SHA1:CA156C82A9570DCEF65568B144842E985A57DB70
                            SHA-256:CA8E71E2FD8B2E6D3128769A08ACC6A2F402483230B23956A062A4196889E778
                            SHA-512:06453210186AA439BCBD2C35703797EEF6A98788700AB2DD63009893224C23C65EC9C752E75C50DB6341A118F38A70C075E93E104990A77060270A6ED9306C27
                            Malicious:false
                            Preview:.... .c......cd...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b.b.b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):66726
                            Entropy (8bit):5.392739213842091
                            Encrypted:false
                            SSDEEP:768:RNOpblrU6TBH44ADKZEgZv1Yb3H8CKY+W5LvK1jl6bgYyu:6a6TZ44ADEZvCbsCKXMxgK
                            MD5:5430978EEFA340A5FF139C7E08AF0363
                            SHA1:722ADDAF03588EF1E0F750B86EF8264DE40117F9
                            SHA-256:AE355BDBC9310922DDF13E7F63386066C1D36449581EE195870A995F080C53A3
                            SHA-512:939446E9AE968FA9BE5E5C9F1CADAD2C60AEDE34404E392B8CD50AC90C2A8CF2FBED4402D49DD94A90E65B2857138D95B8AA1898EB2698D32C43E82F0763191A
                            Malicious:false
                            Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                            C:\Users\user\AppData\Local\Temp\MSI17c3a.LOG

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):246
                            Entropy (8bit):3.5004142083842487
                            Encrypted:false
                            SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K82hlAHll:Qw946cPbiOxDlbYnuRKXhlgll
                            MD5:0EB47C95BA8ACB58DE294FEDBF3A6F55
                            SHA1:0672DD05C6D91B2C21933F87B005D63B17D5EE2F
                            SHA-256:FB3BDC2E3FA51B99F9904C229F77EF5B1B59F9D7668329ABE88C85B1EB471938
                            SHA-512:777FCE4174D1433731DD9451D283AFD1DE8A8A6B919C2D390AAD76A1428FB76676DCC5D9753A66FE371B0703005C3FAE639A53BCFF212717503E60EEB8FC3DB0
                            Malicious:false
                            Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.3./.1.2./.2.0.2.4. . .2.3.:.2.0.:.0.7. .=.=.=.....

                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-03 23-20-01-520.log

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:ASCII text, with very long lines (393)
                            Category:dropped
                            Size (bytes):16525
                            Entropy (8bit):5.338264912747007
                            Encrypted:false
                            SSDEEP:384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
                            MD5:128A51060103D95314048C2F32A15C66
                            SHA1:EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
                            SHA-256:601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
                            SHA-512:55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
                            Malicious:false
                            Preview:SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:

                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:ASCII text, with very long lines (393), with CRLF line terminators
                            Category:dropped
                            Size (bytes):15111
                            Entropy (8bit):5.338614362483447
                            Encrypted:false
                            SSDEEP:384:mKUHsWFn65gqRTWYNdR9ni3rMBzH8OaETwsKo863JfjH94hCQBsegNgZsmMITYgZ:+Wo
                            MD5:FB487436A97FC3684F85E9177089D379
                            SHA1:CD518EDC9049B3702767F2A70EBB456C6C817787
                            SHA-256:4E1465B9AE0CA3C530E4AE7978E4DEF991F828BCB4369639412A10870C13C2A5
                            SHA-512:526B9C6C4F236291AF0BB7595ED55EB08CF4EB8A225E41CBDBDFE2F08C077265F8930CB5494F2671AB26656015403C24D0C64782372CC8E042D3A4DD02423115
                            Malicious:false
                            Preview:SessionID=bc3ae8b2-a9b8-4904-bf27-4700a5a06612.1733286001538 Timestamp=2024-12-03T23:20:01:538-0500 ThreadID=6536 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=bc3ae8b2-a9b8-4904-bf27-4700a5a06612.1733286001538 Timestamp=2024-12-03T23:20:01:539-0500 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=bc3ae8b2-a9b8-4904-bf27-4700a5a06612.1733286001538 Timestamp=2024-12-03T23:20:01:539-0500 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=bc3ae8b2-a9b8-4904-bf27-4700a5a06612.1733286001538 Timestamp=2024-12-03T23:20:01:539-0500 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=bc3ae8b2-a9b8-4904-bf27-4700a5a06612.1733286001538 Timestamp=2024-12-03T23:20:01:539-0500 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConf

                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):29752
                            Entropy (8bit):5.392408967936607
                            Encrypted:false
                            SSDEEP:192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbPyAAkVwX4L7uNyrgNyoeAo1zA9:V3fOCIdJDeDTVlWRV
                            MD5:D8288DACE4172695C8F0A332176735B5
                            SHA1:05F8128A88BF37041467E3A941049F69784EDAA4
                            SHA-256:CD0D66DBA4DEC00D81D141CF93D12D525636924C05C4DA49DF1253C5385CE581
                            SHA-512:EBC8964B5AD1E8FF5B00D411CC3A8093E834422259B8DF97FAB0853F3CC12AC9C2CB84E86B2D72FF98E570AA12A0BB245F0426B6FB2F9F12122A7168F208FF94
                            Malicious:false
                            Preview:05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-

                            C:\Users\user\AppData\Local\Temp\acrocef_low\2a88ef8c-aa2b-48d0-8101-746fe6c1be12.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                            Category:dropped
                            Size (bytes):1407294
                            Entropy (8bit):7.97605879016224
                            Encrypted:false
                            SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
                            MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
                            SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
                            SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
                            SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
                            Malicious:false
                            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                            C:\Users\user\AppData\Local\Temp\acrocef_low\2d3a312a-b9fc-4869-9bc6-fa424ebcaddc.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1111944
                            Category:dropped
                            Size (bytes):758601
                            Entropy (8bit):7.98639316555857
                            Encrypted:false
                            SSDEEP:12288:ONh3P65+Tegs6121D1ybxrr/IxkB1mabFhOXZ/fEa+fDERXTJJJJv+9UZwY0SWB4:O3Pjegf121DMNB1DofjEiJJJJm94GS84
                            MD5:FA6978A9EA472E8ACFF72AFE8CC7CC81
                            SHA1:D58155446B67ACF4DA331A977B8EC7BA105C2C4F
                            SHA-256:3D0DF2B14FC632520705424D2DA394922D3EDD8C977950656B736352CD5A37E2
                            SHA-512:6B16382E6A4B9EECB8E8FB82189C2741511E8CF99C83B3FA52B062165B3B366EE0C11A7F60CE4B08D881B2418234097FA13CCAA9C90B1D7D37BD4D9A56EBA96C
                            Malicious:false
                            Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                            C:\Users\user\AppData\Local\Temp\acrocef_low\5449e4a7-21b9-47ce-8c8f-96290fdf1fe9.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57837
                            Category:dropped
                            Size (bytes):1419751
                            Entropy (8bit):7.976496077007677
                            Encrypted:false
                            SSDEEP:24576:/xA7owWLaGZDwYIGNPJxdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07c:JVwWLaGZDwZGV3mlind9i4ufFXpAXkrj
                            MD5:96E2EE6506759519A5E3E5E550F28388
                            SHA1:477522A699526F3EC2270AD0B3D3B8D6609F8BBB
                            SHA-256:D135FEF8231B87D1F758B3D31FC5467BC933321F7E8EACB316F933DBA36474D5
                            SHA-512:C84E93CB72ABC0742C44BF13608472EDD30BE64358C0DA350D9D54C0A88EC45931D48CE1DA823FC527E5134E7277B16AFE0521F2716C067A519FDD390DB315CC
                            Malicious:false
                            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                            C:\Users\user\AppData\Local\Temp\acrocef_low\a5a9a8a1-4944-4897-bde7-ac92654757f8.tmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                            Category:dropped
                            Size (bytes):386528
                            Entropy (8bit):7.9736851559892425
                            Encrypted:false
                            SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                            MD5:5C48B0AD2FEF800949466AE872E1F1E2
                            SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                            SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                            SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                            Malicious:false
                            Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                            Static File Info

                            General

                            File type:PDF document, version 1.7, 1 pages
                            Entropy (8bit):7.9740334379265745
                            TrID:
                            • Adobe Portable Document Format (5005/1) 100.00%
                            File name:payload8.pdf
                            File size:20'540 bytes
                            MD5:1d566de3bc778fbb70abbfa76fbf5446
                            SHA1:cc6e4d6500d41485cc3ced890722d56dff2f4264
                            SHA256:1041e86e6cba85038bf6b70a0954847db850877d998452616c4c11301738bbab
                            SHA512:58cdf45a3dd33722687d400a4c250d08ebfcabf5fad4370aa37baf22b92a923de607e1e276824d5901599385195c1d3f93d36d9a2d7076fe17d5ce2d1b8287d6
                            SSDEEP:384:aI91uEyuleCrS0HEBb2ch+oL7wOdDdFdjv60GVlkj1uVjTRbi:BD9eUS0kUoL7VZbjv60GDjdm
                            TLSH:AD92D0C865EE1BDDDD83D605F4A77F6BAA16F3C0A3C450C4A0DC654E4031AE2AA23657
                            File Content Preview:%PDF-1.7.%.....1 0 obj.<< /Pages 2 0 R /Type /Catalog >>.endobj.2 0 obj.<< /Count 1 /Kids [ 3 0 R ] /MediaBox [ 0 0 100 100 ] /Type /Pages >>.endobj.3 0 obj.<< /Contents 4 0 R /Parent 2 0 R /Resources << /Font << /F1 5 0 R >> >> /Type /Page >>.endobj.4 0

                            File Icon

                            Icon Hash:62cc8caeb29e8ae0

                            Static PDF Info

                            General

                            Header:%PDF-1.7
                            Total Entropy:7.974033
                            Total Bytes:20540
                            Stream Entropy:7.986184
                            Stream Bytes:19759
                            Entropy outside Streams:5.265072
                            Bytes outside Streams:781
                            Number of EOF found:1
                            Bytes after EOF:

                            Keywords Statistics

                            NameCount
                            obj7
                            endobj7
                            stream2
                            endstream1
                            xref1
                            trailer1
                            startxref1
                            /Page1
                            /Encrypt0
                            /ObjStm0
                            /URI0
                            /JS0
                            /JavaScript0
                            /AA0
                            /OpenAction0
                            /AcroForm0
                            /JBIG2Decode0
                            /RichMedia0
                            /Launch0
                            /EmbeddedFile0

                            Network Behavior

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Dec 4, 2024 05:20:11.575107098 CET49729443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:11.575130939 CET4434972952.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:11.575196981 CET49729443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:11.575407982 CET49729443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:11.575416088 CET4434972952.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:12.985591888 CET4434972952.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:12.985816002 CET49729443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:12.985837936 CET4434972952.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:12.986867905 CET4434972952.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:12.986928940 CET49729443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:12.986934900 CET4434972952.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:12.987011909 CET49729443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:12.987339020 CET49729443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:12.987392902 CET4434972952.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:12.987641096 CET49729443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:12.987647057 CET4434972952.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:13.041050911 CET49729443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:13.041059017 CET4434972952.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:13.087939024 CET49729443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:13.500555992 CET4434972952.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:13.500576973 CET4434972952.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:13.500583887 CET4434972952.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:13.500643969 CET4434972952.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:13.500673056 CET49729443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:13.500719070 CET49729443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:13.502509117 CET49729443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:13.502520084 CET4434972952.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:13.765224934 CET49740443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:13.765254021 CET4434974052.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:13.765355110 CET49740443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:13.765537024 CET49740443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:13.765547037 CET4434974052.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:15.231656075 CET4434974052.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:15.232625008 CET49740443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:15.232633114 CET4434974052.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:15.233725071 CET4434974052.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:15.233792067 CET49740443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:15.233797073 CET4434974052.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:15.233849049 CET49740443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:15.234338999 CET49740443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:15.234396935 CET4434974052.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:15.234675884 CET49740443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:15.234687090 CET4434974052.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:15.275873899 CET49740443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:15.778692007 CET4434974052.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:15.778712034 CET4434974052.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:15.779272079 CET49740443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:15.779283047 CET4434974052.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:15.780270100 CET4434974052.6.155.20192.168.2.6
                            Dec 4, 2024 05:20:15.780544996 CET49740443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:15.781573057 CET49740443192.168.2.652.6.155.20
                            Dec 4, 2024 05:20:15.781583071 CET4434974052.6.155.20192.168.2.6

                            UDP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Dec 4, 2024 05:20:11.979528904 CET5143353192.168.2.61.1.1.1

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Dec 4, 2024 05:20:11.979528904 CET192.168.2.61.1.1.10x1c53Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Dec 4, 2024 05:20:12.217504025 CET1.1.1.1192.168.2.60x1c53No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                            Dec 4, 2024 05:20:14.017205954 CET1.1.1.1192.168.2.60xdce8No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                            Dec 4, 2024 05:20:14.017205954 CET1.1.1.1192.168.2.60xdce8No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                            Dec 4, 2024 05:20:27.397588968 CET1.1.1.1192.168.2.60x3590No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                            Dec 4, 2024 05:20:27.397588968 CET1.1.1.1192.168.2.60x3590No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                            Dec 4, 2024 05:20:47.817955971 CET1.1.1.1192.168.2.60x86d3No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                            Dec 4, 2024 05:20:47.817955971 CET1.1.1.1192.168.2.60x86d3No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

                            HTTP Request Dependency Graph

                            • https:
                              • p13n.adobe.io

                            HTTPS Proxied Packets

                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.64972952.6.155.204433192C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            TimestampBytes transferredDirectionData
                            2024-12-04 04:20:12 UTC1473OUTGET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1
                            Host: p13n.adobe.io
                            Connection: keep-alive
                            sec-ch-ua: "Chromium";v="105"
                            sec-ch-ua-mobile: ?0
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                            Accept: application/json, text/javascript, */*; q=0.01
                            x-adobe-uuid: 0b65fa77-f9dd-4c6e-a1b5-fa4d63973307
                            x-adobe-uuid-type: visitorId
                            x-api-key: AdobeReader9
                            sec-ch-ua-platform: "Windows"
                            Origin: https://rna-resource.acrobat.com
                            Accept-Language: en-US,en;q=0.9
                            Sec-Fetch-Site: cross-site
                            Sec-Fetch-Mode: cors
                            Sec-Fetch-Dest: empty
                            Referer: https://rna-resource.acrobat.com/
                            Accept-Encoding: gzip, deflate, br
                            2024-12-04 04:20:13 UTC608INHTTP/1.1 200
                            Server: openresty
                            Date: Wed, 04 Dec 2024 04:20:13 GMT
                            Content-Type: application/json;charset=UTF-8
                            Content-Length: 4762
                            Connection: close
                            x-request-id: Mz790JVvgEv1fpWp6cQe4o0lUzPXZLpR
                            vary: accept-encoding
                            Access-Control-Allow-Origin: *
                            Access-Control-Allow-Methods: GET, OPTIONS
                            Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id
                            Access-Control-Allow-Credentials: true
                            Access-Control-Expose-Headers: x-request-id
                            Strict-Transport-Security: max-age=15552000; includeSubDomains
                            2024-12-04 04:20:13 UTC4762INData Raw: 7b 22 73 75 72 66 61 63 65 73 22 3a 7b 22 44 43 5f 52 65 61 64 65 72 5f 48 6f 6d 65 5f 4c 48 50 5f 54 72 69 61 6c 5f 42 61 6e 6e 65 72 22 3a 7b 22 63 6f 6e 74 61 69 6e 65 72 73 22 3a 5b 7b 22 63 6f 6e 74 61 69 6e 65 72 49 64 22 3a 31 2c 22 63 6f 6e 74 61 69 6e 65 72 4c 61 62 65 6c 22 3a 22 4a 53 4f 4e 20 66 6f 72 20 44 43 5f 52 65 61 64 65 72 5f 48 6f 6d 65 5f 4c 48 50 5f 54 72 69 61 6c 5f 42 61 6e 6e 65 72 22 2c 22 64 61 74 61 54 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 2c 22 64 61 74 61 22 3a 22 65 79 4a 6a 64 47 45 69 4f 6e 73 69 64 47 56 34 64 43 49 36 49 6c 52 79 65 53 42 42 59 33 4a 76 59 6d 46 30 49 46 42 79 62 79 4a 39 4c 43 4a 31 61 53 49 36 65 79 4a 30 61 58 52 73 5a 56 39 7a 64 48 6c 73 61 57 35 6e 49 6a 70 37 49 6d
                            Data Ascii: {"surfaces":{"DC_Reader_Home_LHP_Trial_Banner":{"containers":[{"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","dataType":"application/json","data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7Im


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            1192.168.2.64974052.6.155.204433192C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            TimestampBytes transferredDirectionData
                            2024-12-04 04:20:15 UTC1473OUTGET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1
                            Host: p13n.adobe.io
                            Connection: keep-alive
                            sec-ch-ua: "Chromium";v="105"
                            sec-ch-ua-mobile: ?0
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                            Accept: application/json, text/javascript, */*; q=0.01
                            x-adobe-uuid: 0b65fa77-f9dd-4c6e-a1b5-fa4d63973307
                            x-adobe-uuid-type: visitorId
                            x-api-key: AdobeReader9
                            sec-ch-ua-platform: "Windows"
                            Origin: https://rna-resource.acrobat.com
                            Accept-Language: en-US,en;q=0.9
                            Sec-Fetch-Site: cross-site
                            Sec-Fetch-Mode: cors
                            Sec-Fetch-Dest: empty
                            Referer: https://rna-resource.acrobat.com/
                            Accept-Encoding: gzip, deflate, br
                            2024-12-04 04:20:15 UTC608INHTTP/1.1 200
                            Server: openresty
                            Date: Wed, 04 Dec 2024 04:20:15 GMT
                            Content-Type: application/json;charset=UTF-8
                            Content-Length: 4762
                            Connection: close
                            x-request-id: 8eQKe7Eicw1MS6NOzo1s0QCsXwdiG1sN
                            vary: accept-encoding
                            Access-Control-Allow-Origin: *
                            Access-Control-Allow-Methods: GET, OPTIONS
                            Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id
                            Access-Control-Allow-Credentials: true
                            Access-Control-Expose-Headers: x-request-id
                            Strict-Transport-Security: max-age=15552000; includeSubDomains
                            2024-12-04 04:20:15 UTC4762INData Raw: 7b 22 73 75 72 66 61 63 65 73 22 3a 7b 22 44 43 5f 52 65 61 64 65 72 5f 48 6f 6d 65 5f 4c 48 50 5f 54 72 69 61 6c 5f 42 61 6e 6e 65 72 22 3a 7b 22 63 6f 6e 74 61 69 6e 65 72 73 22 3a 5b 7b 22 63 6f 6e 74 61 69 6e 65 72 49 64 22 3a 31 2c 22 63 6f 6e 74 61 69 6e 65 72 4c 61 62 65 6c 22 3a 22 4a 53 4f 4e 20 66 6f 72 20 44 43 5f 52 65 61 64 65 72 5f 48 6f 6d 65 5f 4c 48 50 5f 54 72 69 61 6c 5f 42 61 6e 6e 65 72 22 2c 22 64 61 74 61 54 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 2c 22 64 61 74 61 22 3a 22 65 79 4a 6a 64 47 45 69 4f 6e 73 69 64 47 56 34 64 43 49 36 49 6c 52 79 65 53 42 42 59 33 4a 76 59 6d 46 30 49 46 42 79 62 79 4a 39 4c 43 4a 31 61 53 49 36 65 79 4a 30 61 58 52 73 5a 56 39 7a 64 48 6c 73 61 57 35 6e 49 6a 70 37 49 6d
                            Data Ascii: {"surfaces":{"DC_Reader_Home_LHP_Trial_Banner":{"containers":[{"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","dataType":"application/json","data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7Im


                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:23:19:58
                            Start date:03/12/2024
                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\payload8.pdf"
                            Imagebase:0x7ff651090000
                            File size:5'641'176 bytes
                            MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:2
                            Start time:23:20:01
                            Start date:03/12/2024
                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                            Imagebase:0x7ff70df30000
                            File size:3'581'912 bytes
                            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:4
                            Start time:23:20:01
                            Start date:03/12/2024
                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1568,i,17087500387765673023,14749519744134941856,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                            Imagebase:0x7ff70df30000
                            File size:3'581'912 bytes
                            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            Disassembly

                            No disassembly