Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
End of Year Accounting for The Estate of Janet Delesanti-2.pdf

Overview

General Information

Sample name:End of Year Accounting for The Estate of Janet Delesanti-2.pdf
Analysis ID:1580454
MD5:c37012ba15a5dd1c1ae109d07c4e6417
SHA1:752014043e65f3bc49704cdae2a9e26a0a6fa82a
SHA256:7a4fc14999cc545e5fc14502b74ee87e3d50b33c531eef64c6c531952f6f8394
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Contains long sleeps (>= 3 min)
Potential document exploit detected (performs DNS queries)

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6688 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\End of Year Accounting for The Estate of Janet Delesanti-2.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AdobeCollabSync.exe (PID: 2084 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 5004 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2084 MD5: 8A41FC5F946230805512B943C45AC9D8)
        • FullTrustNotifier.exe (PID: 7268 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri MD5: 92366A2F482926C3D0DD02D6F952F742)
    • AdobeCollabSync.exe (PID: 7240 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 7280 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7240 MD5: 8A41FC5F946230805512B943C45AC9D8)
    • AdobeCollabSync.exe (PID: 7340 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 7380 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7340 MD5: 8A41FC5F946230805512B943C45AC9D8)
    • AdobeCollabSync.exe (PID: 7440 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 7480 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7440 MD5: 8A41FC5F946230805512B943C45AC9D8)
    • AdobeCollabSync.exe (PID: 7540 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 7580 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7540 MD5: 8A41FC5F946230805512B943C45AC9D8)
    • AdobeCollabSync.exe (PID: 7652 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 7692 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7652 MD5: 8A41FC5F946230805512B943C45AC9D8)
    • AcroCEF.exe (PID: 7800 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 8024 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1564,i,18128779800940889394,7499666708693846813,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 2D85F72862B55C4EADD9E66E06947F3D0.13.drString found in binary or memory: http://x1.i.lencr.org/
Source: FullTrustNotifier.exe, 00000011.00000002.1839809985.000000000070E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppt
Source: FullTrustNotifier.exe, 00000011.00000002.1839809985.000000000070E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
Source: FullTrustNotifier.exe, 00000011.00000002.1839809985.000000000070E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSh
Source: AdobeCollabSync.exe, 00000002.00000003.2384351002.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2406758876.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2364072344.000001FA64E21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.
Source: AdobeCollabSync.exe, 00000002.00000003.2425120581.000001FA64E1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.i6g
Source: AdobeCollabSync.exe, 00000002.00000002.2984436746.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2548719898.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2659686406.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2638977118.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2468253149.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2488188232.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io
Source: AdobeCollabSync.exe, 00000002.00000003.2384351002.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2406758876.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2364072344.000001FA64E21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/bulk_entity_v1.json
Source: AdobeCollabSync.exe, 00000002.00000003.2384351002.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2425120581.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2406758876.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2364072344.000001FA64E21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/entit
Source: AdobeCollabSync.exe, 00000002.00000003.2844732001.000001FA64E26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/entity_v1.json
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64BAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemasJ
Source: AdobeCollabSync.exe, 00000002.00000003.2844732001.000001FA64E26000.00000004.00000020.00020000.00000000.sdmp, EntitySync-2024-12-24.log.2.drString found in binary or memory: https://comments.adobe.io/sync/
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/-
Source: AdobeCollabSync.exe, 00000002.00000003.2425120581.000001FA64E1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/0g
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/409:
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/424:
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/:
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/D
Source: AdobeCollabSync.exe, 00000002.00000003.2888896569.000001FA64E21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/I
Source: AdobeCollabSync.exe, 00000002.00000003.2743286864.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2949929125.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2814364832.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2732982031.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2384351002.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2844751837.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2763829396.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2332149796.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2488134486.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2342363280.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2425120581.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2498768510.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2680032184.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2312161200.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2659643421.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2939674743.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2322174010.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2824571433.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2618343066.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000002.2985777670.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2406758876.000001FA64E21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/J
Source: AdobeCollabSync.exe, 00000002.00000003.2425120581.000001FA64E1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/Mg
Source: AdobeCollabSync.exe, 00000002.00000003.2425120581.000001FA64E1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/Xg
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/l
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/r
Source: AdobeCollabSync.exe, 00000002.00000003.2548719898.000001FA62EF1000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2468253149.000001FA62EF1000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2638977118.000001FA62EF1000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2659686406.000001FA62EF1000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2488188232.000001FA62EF1000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000002.2984436746.000001FA62EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/resp
Source: AdobeCollabSync.exe, 00000002.00000003.2425120581.000001FA64E1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/rg
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/y
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/~
Source: AdobeCollabSync.exe, 00000002.00000003.2425120581.000001FA64E1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/~g
Source: AdobeCollabSync.exe, 00000002.00000002.2984436746.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2548719898.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2659686406.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2638977118.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2468253149.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2488188232.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io54f9b82af8
Source: AdobeCollabSync.exe, 00000002.00000002.2984436746.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2548719898.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2659686406.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2638977118.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2468253149.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2488188232.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.ioL0
Source: AdobeCollabSync.exe, 00000002.00000002.2984436746.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2548719898.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2659686406.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2638977118.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2468253149.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2488188232.000001FA62E9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.ioureka
Source: AdobeCollabSync.exe, 00000002.00000003.2384351002.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2406758876.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2364072344.000001FA64E21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.r
Source: AdobeCollabSync.exe, 00000002.00000003.2384351002.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2364072344.000001FA64E21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.hZ
Source: AdobeCollabSync.exe, 00000001.00000002.2983671169.00000146ED49F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reviews.adobe.io
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reviews.adobe.io100928.409:
Source: FullTrustNotifier.exe, 00000011.00000002.1839809985.000000000070E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/1
Source: classification engineClassification label: clean1.winPDF@40/60@2/0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-24 10-09-00-538.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B1A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS resource_revisions ( revision_id TEXT PRIMARY KEY NOT NULL, rel_to_content_item TEXT NOT NULL, resource_type TEXT NOT NULL, media_type TEXT NOT NULL, locator TEXT NOT NULL, committed INTEGER NOT NULL, hashType TEXT DEFAULT NULL, hash TEXT DEFAULT NULL, storageSize INTEGER DEFAULT 0, width INTEGER DEFAULT 0, height INTEGER DEFAULT 0);nu
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B1A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS content_item_revisions( content_item_revision_id TEXT PRIMARY KEY NOT NULL, cloud_etag TEXT DEFAULT NULL, cloud_version_id TEXT DEFAULT NULL, updated TIMESTAMP DEFAULT NULL, acl TEXT DEFAULT NULL, local_etag TEXT DEFAULT NULL, local_version_id TEXT DEFAULT NULL, request_id TEXT DEFAULT NULL, content_name TEXT DEFAULT NULL);_XG
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B1A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS resource_revisions ( revision_id TEXT PRIMARY KEY NOT NULL, rel_to_content_item TEXT NOT NULL, resource_type TEXT NOT NULL, media_type TEXT NOT NULL, locator TEXT NOT NULL, committed INTEGER NOT NULL, hashType TEXT DEFAULT NULL, hash TEXT DEFAULT NULL, storageSize INTEGER DEFAULT 0, width INTEGER DEFAULT 0, height INTEGER DEFAULT 0);
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64B1A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS content_item_revisions( content_item_revision_id TEXT PRIMARY KEY NOT NULL, cloud_etag TEXT DEFAULT NULL, cloud_version_id TEXT DEFAULT NULL, updated TIMESTAMP DEFAULT NULL, acl TEXT DEFAULT NULL, local_etag TEXT DEFAULT NULL, local_version_id TEXT DEFAULT NULL, request_id TEXT DEFAULT NULL, content_name TEXT DEFAULT NULL);
Source: AdobeCollabSync.exe, 00000002.00000002.2985082654.000001FA64BC5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT pending_request_id, request_type, content_item_id, context, pending_request_created, request_status, message, status_code, device_mapping_id FROM pending_requests;
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\End of Year Accounting for The Estate of Janet Delesanti-2.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2084
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7240
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7340
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7440
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7540
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7652
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1564,i,18128779800940889394,7499666708693846813,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2084Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUriJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7240Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7340Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7440
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7540
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7652
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1564,i,18128779800940889394,7499666708693846813,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: apphelp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: vccorlib140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: msvcp140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: vcruntime140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: vcruntime140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: msvcp140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: appcontracts.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: wintypes.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: cdprt.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: cdp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: windows.storage.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: wldp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: umpdc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: propsys.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: dsreg.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: cryptsp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdfStatic file information: File size 13329417 > 6291456
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdfInitial sample: PDF keyword /JS count = 0
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdfInitial sample: PDF keyword /Page count = 114
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdfInitial sample: PDF keyword stream count = 1846
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdfInitial sample: PDF keyword /ObjStm count = 12
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdfInitial sample: PDF keyword endobj count = 1963
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdfInitial sample: PDF keyword endstream count = 1846
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdfInitial sample: PDF keyword obj count = 1963
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeThread delayed: delay time: 86400000Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeThread delayed: delay time: 30000Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeThread delayed: delay time: 86400000Jump to behavior
Source: AdobeCollabSync.exe, 00000005.00000002.1751624433.000001A36F497000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll\\'
Source: AdobeCollabSync.exe, 00000004.00000002.1730628920.0000015A7BD08000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllJJ!^P
Source: AdobeCollabSync.exe, 0000000A.00000002.1790691388.000001E647398000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll.I
Source: End of Year Accounting for The Estate of Janet Delesanti-2.pdfBinary or memory string: qc4wqEmu
Source: AdobeCollabSync.exe, 00000001.00000002.2983671169.00000146ED3BC000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000002.2984436746.000001FA62E29000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000003.1731449741.000001BE74BAA000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.1731834384.000001BE74BAB000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000002.1772480927.000002B606E07000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000008.00000002.1771192321.000002DACA688000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000009.00000002.1791746607.000001B429477000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000C.00000002.1811031723.00000274C0F49000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: AdobeCollabSync.exe, 00000006.00000002.1750621125.0000021F98F38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll{{
Source: AdobeCollabSync.exe, 0000000B.00000002.1812150926.000001A1F2218000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllbb
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Exploitation for Client Execution		1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		11
Virtualization/Sandbox Evasion		LSASS Memory11
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager2
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1580454 Sample: End of Year Accounting for ... Startdate: 24/12/2024 Architecture: WINDOWS Score: 1 34 x1.i.lencr.org 2->34 8 Acrobat.exe 20 82 2->8         started        process3 process4 10 AdobeCollabSync.exe 1 13 8->10         started        12 AdobeCollabSync.exe 1 8->12         started        14 AdobeCollabSync.exe 1 8->14         started        16 4 other processes 8->16 process5 18 AdobeCollabSync.exe 2 22 10->18         started        20 AdobeCollabSync.exe 12->20         started        22 AdobeCollabSync.exe 14->22         started        24 AdobeCollabSync.exe 16->24         started        26 AdobeCollabSync.exe 16->26         started        28 AdobeCollabSync.exe 16->28         started        30 AcroCEF.exe 16->30         started        process6 32 FullTrustNotifier.exe 18->32         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://comments.hZ0%Avira URL Cloudsafe
https://comments.adobe.r0%Avira URL Cloudsafe
https://comments.adobe.0%Avira URL Cloudsafe
https://comments.adobe.i6g0%Avira URL Cloudsafe
https://android.notify.windows.com/iOSh0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    		high

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.13.drfalse
      		high
      https://comments.adobe.AdobeCollabSync.exe, 00000002.00000003.2384351002.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2406758876.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2364072344.000001FA64E21000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://comments.adobe.rAdobeCollabSync.exe, 00000002.00000003.2384351002.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2406758876.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2364072344.000001FA64E21000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://wns.windows.com/1FullTrustNotifier.exe, 00000011.00000002.1839809985.000000000070E000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        https://android.notify.windows.com/iOShFullTrustNotifier.exe, 00000011.00000002.1839809985.000000000070E000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://comments.adobe.i6gAdobeCollabSync.exe, 00000002.00000003.2425120581.000001FA64E1E000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://android.notify.windows.com/iOSFullTrustNotifier.exe, 00000011.00000002.1839809985.000000000070E000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://comments.hZAdobeCollabSync.exe, 00000002.00000003.2384351002.000001FA64E21000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000002.00000003.2364072344.000001FA64E21000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://activity.windows.com/UserActivity.ReadWrite.CreatedByApptFullTrustNotifier.exe, 00000011.00000002.1839809985.000000000070E000.00000004.00000020.00020000.00000000.sdmpfalse
            		high

            World Map of Contacted IPs

            No contacted IP infos

            General Information

            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1580454
            Start date and time:2024-12-24 16:07:51 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 5m 40s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowspdfcookbook.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:23
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:End of Year Accounting for The Estate of Janet Delesanti-2.pdf
            Detection:CLEAN
            Classification:clean1.winPDF@40/60@2/0
            Cookbook Comments:
            • Found application associated with file extension: .pdf
            • Found PDF document
            • Close Viewer

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 184.30.20.134, 23.218.208.137, 2.16.168.107, 2.16.168.105, 18.213.11.84, 54.224.241.105, 34.237.241.83, 50.16.47.176, 162.159.61.3, 172.64.41.3, 23.195.39.65, 172.202.163.200, 23.218.208.109, 23.217.172.185, 13.107.246.63
            • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
            • Not all processes where analyzed, report is missing behavior information
            • Report size exceeded maximum capacity and may have missing behavior information.
            • Report size getting too big, too many NtCreateFile calls found.
            • Report size getting too big, too many NtCreateKey calls found.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • VT rate limit hit for: End of Year Accounting for The Estate of Janet Delesanti-2.pdf

            Simulations

            Behavior and APIs

            TimeTypeDescription
            10:08:46API Interceptor368325x Sleep call for process: AdobeCollabSync.exe modified
            10:09:12API Interceptor1x Sleep call for process: AcroCEF.exe modified

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):292
            Entropy (8bit):5.190838691849817
            Encrypted:false
            SSDEEP:6:Y4sCi+q2Pwkn2nKuAl9OmbnIFUt8f4pPZmw+f4pPVkwOwkn2nKuAl9OmbjLJ:YvCi+vYfHAahFUt8fi/+f+V5JfHAaSJ
            MD5:DAFCD85CB76CBB4E9C307BC2D4A02429
            SHA1:ED6E932293C3C5E77FE98A969B3723FF2240071A
            SHA-256:0B5DF09BAA1D6ECDB6AD4A78D400075A2963AC713C7E6490EBC0591BB1668F3A
            SHA-512:CDFF56F25E66C02567B6A82A4ACEEE4FA19290A9D8DBBEADBF6FA6C126C0FB757D7E67FE5E44E7EBD460410A11DB14170408E96ADCC935F9B5089524BD589E01
            Malicious:false
            Preview:2024/12/24-10:08:58.278 1e9c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/24-10:08:58.280 1e9c Recovering log #3.2024/12/24-10:08:58.280 1e9c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):292
            Entropy (8bit):5.190838691849817
            Encrypted:false
            SSDEEP:6:Y4sCi+q2Pwkn2nKuAl9OmbnIFUt8f4pPZmw+f4pPVkwOwkn2nKuAl9OmbjLJ:YvCi+vYfHAahFUt8fi/+f+V5JfHAaSJ
            MD5:DAFCD85CB76CBB4E9C307BC2D4A02429
            SHA1:ED6E932293C3C5E77FE98A969B3723FF2240071A
            SHA-256:0B5DF09BAA1D6ECDB6AD4A78D400075A2963AC713C7E6490EBC0591BB1668F3A
            SHA-512:CDFF56F25E66C02567B6A82A4ACEEE4FA19290A9D8DBBEADBF6FA6C126C0FB757D7E67FE5E44E7EBD460410A11DB14170408E96ADCC935F9B5089524BD589E01
            Malicious:false
            Preview:2024/12/24-10:08:58.278 1e9c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/24-10:08:58.280 1e9c Recovering log #3.2024/12/24-10:08:58.280 1e9c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):336
            Entropy (8bit):5.181105949212034
            Encrypted:false
            SSDEEP:6:Y4qPVq2Pwkn2nKuAl9Ombzo2jMGIFUt8f41ggZmw+f4rIkwOwkn2nKuAl9Ombzos:Y5PVvYfHAa8uFUt8fegg/+feI5JfHAaU
            MD5:7E2939CD87B14FA650FB277592D42DEF
            SHA1:4F4350655CC968538C1EF289C78B62FB4D83CE7D
            SHA-256:91E9BDB22328B44063D223AEB5C02D810B399D7964A0462F20DC396D522A4CC8
            SHA-512:AC35A95E0F877DC60031890C714A9E8C3246948949F1FDD5B882E5882657249A03005C8F8BBF7FC1EFD224B1FDCD623D6159C571117CDB5DEABD1136701D4305
            Malicious:false
            Preview:2024/12/24-10:08:58.349 1fa0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/24-10:08:58.350 1fa0 Recovering log #3.2024/12/24-10:08:58.351 1fa0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):336
            Entropy (8bit):5.181105949212034
            Encrypted:false
            SSDEEP:6:Y4qPVq2Pwkn2nKuAl9Ombzo2jMGIFUt8f41ggZmw+f4rIkwOwkn2nKuAl9Ombzos:Y5PVvYfHAa8uFUt8fegg/+feI5JfHAaU
            MD5:7E2939CD87B14FA650FB277592D42DEF
            SHA1:4F4350655CC968538C1EF289C78B62FB4D83CE7D
            SHA-256:91E9BDB22328B44063D223AEB5C02D810B399D7964A0462F20DC396D522A4CC8
            SHA-512:AC35A95E0F877DC60031890C714A9E8C3246948949F1FDD5B882E5882657249A03005C8F8BBF7FC1EFD224B1FDCD623D6159C571117CDB5DEABD1136701D4305
            Malicious:false
            Preview:2024/12/24-10:08:58.349 1fa0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/24-10:08:58.350 1fa0 Recovering log #3.2024/12/24-10:08:58.351 1fa0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):475
            Entropy (8bit):4.967403857886107
            Encrypted:false
            SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
            MD5:B7761633048D74E3C02F61AD04E00147
            SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
            SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
            SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
            Malicious:false
            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF6b4127.TMP (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):475
            Entropy (8bit):4.967403857886107
            Encrypted:false
            SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
            MD5:B7761633048D74E3C02F61AD04E00147
            SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
            SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
            SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
            Malicious:false
            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a1dbb0a3-3c1f-4f51-b02f-517ea9075ddc.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):475
            Entropy (8bit):4.967403857886107
            Encrypted:false
            SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
            MD5:B7761633048D74E3C02F61AD04E00147
            SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
            SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
            SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
            Malicious:false
            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a492d5f3-9319-408c-9a52-3f2f2fb2ea2c.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:JSON data
            Category:modified
            Size (bytes):475
            Entropy (8bit):4.976856963140155
            Encrypted:false
            SSDEEP:12:YH/um3RA8sqL6sBdOg2Hecaq3QYiubInP7E4TX:Y2sRds6dMHh3QYhbG7n7
            MD5:30910931572FC31B8DF65B60394547CB
            SHA1:E21DDD1F154FB46B6E287F7D94CB6E6945759235
            SHA-256:64C55CFD18B897728FF9BBD6DBFF05FE207E8D70066C4951EA9B06A0FE4D19CC
            SHA-512:038A9CE9819F7A3A7BD3D896BF38448D5BCFA4B253E904CD25C473D81C1C6C69B32BC32CE7DFF1A450D488DD750EE01B5DF8B39F8FD85FB196E6936B883FC690
            Malicious:false
            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379612950720762","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":626053},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:dropped
            Size (bytes):4730
            Entropy (8bit):5.261187272376564
            Encrypted:false
            SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7BNht6DwNhZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goT
            MD5:BE17FC2E099FF0305D74C0E36F0A1CB8
            SHA1:E526DC1417BD279FDD9D70D157225FA349E761A3
            SHA-256:543B0863BB6EF6D8C7B01E0C033DE2F936D2BCEB6F00EEDB734AE3630FB302F3
            SHA-512:9D3F77195B238B08B874BB3D50D7079E65F9E0D3220F471BFD0E0C524B485EB79CEF175D35AEC8CD6477363CCB273F3146E7CE7E37D0AA0E883EFED342A289A8
            Malicious:false
            Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):324
            Entropy (8bit):5.185062068705628
            Encrypted:false
            SSDEEP:6:Y4WEYVq2Pwkn2nKuAl9OmbzNMxIFUt8f4oPYgZmw+f4aIkwOwkn2nKuAl9OmbzNq:YlPVvYfHAa8jFUt8fzgg/+fjI5JfHAab
            MD5:4F297275D690EB1ACEF820DEFB0525CE
            SHA1:C8591786C1EEF7DBBFD0FB73EAF14804004770B2
            SHA-256:84143225F971719FBB8283A18295CFC69B627F2A380B825B0A5135CEABC4B9A6
            SHA-512:CCCA981BA14CBB3E2BDBED8CCA0264D18B281ED15932039C0B172DA19B1099CE9A7BF41C7655691BA3421611D593B3767A67462CEDA72F1AB569CA434BBA63E6
            Malicious:false
            Preview:2024/12/24-10:08:58.486 1fa0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/24-10:08:58.487 1fa0 Recovering log #3.2024/12/24-10:08:58.488 1fa0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):324
            Entropy (8bit):5.185062068705628
            Encrypted:false
            SSDEEP:6:Y4WEYVq2Pwkn2nKuAl9OmbzNMxIFUt8f4oPYgZmw+f4aIkwOwkn2nKuAl9OmbzNq:YlPVvYfHAa8jFUt8fzgg/+fjI5JfHAab
            MD5:4F297275D690EB1ACEF820DEFB0525CE
            SHA1:C8591786C1EEF7DBBFD0FB73EAF14804004770B2
            SHA-256:84143225F971719FBB8283A18295CFC69B627F2A380B825B0A5135CEABC4B9A6
            SHA-512:CCCA981BA14CBB3E2BDBED8CCA0264D18B281ED15932039C0B172DA19B1099CE9A7BF41C7655691BA3421611D593B3767A67462CEDA72F1AB569CA434BBA63E6
            Malicious:false
            Preview:2024/12/24-10:08:58.486 1fa0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/24-10:08:58.487 1fa0 Recovering log #3.2024/12/24-10:08:58.488 1fa0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
            File Type:SQLite 3.x database, last written using SQLite version 3040000, writer version 2, read version 2, file counter 1, database pages 1, cookie 0, schema 0, unknown 0 encoding, version-valid-for 1
            Category:dropped
            Size (bytes):4096
            Entropy (8bit):0.08728080750134917
            Encrypted:false
            SSDEEP:3:lSWFN3sl+ltlFlo1Xll:l9Fys1fo
            MD5:863BB379B267B2404CB64A3BC9B4A650
            SHA1:139EDCE2C64569B81175543D1DE743EF474F4432
            SHA-256:F7C1BC02F430EBD015E45159D9FD9E18643C4CDCCBB7E7733A248C8393CAA88C
            SHA-512:6AFF907DDAFC78AF2186F58D7102A88527BCE5473D72C03607EFC49C56ABAA157191D391A1ED9350CC058E9BB37040C29DBA9E3A668F640DE0100A639F1D2F51
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-journal

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
            File Type:SQLite Rollback Journal
            Category:dropped
            Size (bytes):512
            Entropy (8bit):0.28499812076190567
            Encrypted:false
            SSDEEP:3:7FEG2l/Vol/t/lFll:7+/l/Vo
            MD5:3D4A30F0A881956A6F94F2A37AE74B66
            SHA1:C1F6B49CD4157826A013857F1B14DF34453735FE
            SHA-256:FE8AF06BB14D0125F0C231FAF04BCF21FA90F20F2C937A31258197F07A227B90
            SHA-512:B01275189B9A85F79DCEE76A397A34129B2998FC3460AB106D1C2CC6946035205FE09CD4BD04153E23305C8515CF0D91F56894FD339B44BD33284FC7EC0EF452
            Malicious:false
            Preview:.... .c.....0.w.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-shm

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
            File Type:data
            Category:dropped
            Size (bytes):32768
            Entropy (8bit):0.06183098952555117
            Encrypted:false
            SSDEEP:6:GzAXNcB2AXNcLllluL9X8vl/UFl/Ojl/gZl/KgufS8f8/8il:5Nc9NcL0Ccl/8cl/xufd8T
            MD5:76F31C527C5E9A16BE2727E63E433A8B
            SHA1:A10605A9908BAE3346389191B1F0FBCDB252A47C
            SHA-256:A8299F1B834F1C6F4FEAB8F341B2AAC4D0BC226CF8BFD524736C3DCA4AA42AAA
            SHA-512:92AE5E26547516882EBECEEC7ECD2FDE13634F457B4B08AA1DEDCB100E68467B7E2DBCF0F420F9B10E90DC5CE100A368AA930E7E4A32FD8CEFA6CB6A07D54BB0
            Malicious:false
            Preview:..-.....................%<T.&..g...re4.N;.h.....-.....................%<T.&..g...re4.N;.h...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-wal

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
            File Type:SQLite Write-Ahead Log, version 3007000
            Category:dropped
            Size (bytes):119512
            Entropy (8bit):0.9636212113386727
            Encrypted:false
            SSDEEP:192:+S4TaQ3SiQZLwcG4N7aQ3SiBt4mH4q4WiIaQ3:54BAZLwX4NZxKU4K
            MD5:B5418C2AA503648BBF315BEDD3F78195
            SHA1:57A813DCEFF6BCB90F486831ED50142C1A0B1550
            SHA-256:E79B710F42E143970EB8B52AFE967C96118179D57B0EBCDC2F5BE3DF7918EF34
            SHA-512:FD5B92EBCA0DAD2641296FC878C217249E6A1C64BC27883432A2C78EB671EB663166B848E2DBFED4B6C6D099FE2E1FA7CDF4EA20E3EF7B29B540196FB5E8F50D
            Malicious:false
            Preview:7....-.............re4..................re4..V..$`.SQLite format 3......@ ..........................................................................c....................A...}...~...............D....................................................?...S-..indexsqlite_autoindex_pending_requests_1pending_requests..<...++../tabledevice_mappingsdevice_mappings.CREATE TABLE device_mappings ( .device_mapping_id TEXT PRIMARY KEY NOT NULL, .content_item_id TEXT NOT NULL, .content_item_type TEXT NOT NULL, .include_rel_types TEXT DEFAULT NULL, .include_depth INTEGER DEFAULT 0 NOT NULL, .branch TEXT DEFAULT NULL, .device_mapping_created TIMESTAMP DEFAULT (strftime('%s', 'now')) NOT NULL, .collection_id TEXT DEFAULT NULL, .TTL INTEGER DEFAULT 0 NOT NULL, .Priority INTEGER DEFAULT 0 NOT NULL, .app_info TEXT NOT NULL, .unPinned INTEGER DEFAULT 0 NOT NULL, .UNIQUE (content_item_id, branch))=...Q+..indexsqlite_autoindex_device_mappings_2device_mappings.=...Q+..indexsqlite_autoindex_device_mappings

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-12-24.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):2420
            Entropy (8bit):5.133273790559492
            Encrypted:false
            SSDEEP:48:q1nWltRMe0RMe0RRtawJwiywSE+otJ9zE+oLTn+50q0t3oti9z3oX:q1OXCC/+mh+oq+ofn+0Xpo+oX
            MD5:9247F9EA28C5ACE6828F87F573C4B5C6
            SHA1:B4BAC8ECBD6F937C2033DB62C0641699DF6DDF43
            SHA-256:ED8B8DC559EB4ACC6CA5B9A7FA3F48D1362D86D09D563883DD22C00A7043711E
            SHA-512:1646C13A4E0DD285411270C3E059545914684F13F6C34F64A3CBB10B25024BA671B17A590FF722A80AC0C3FE3A1B85A6005902FF1943B05418BD2407E6D5E99E
            Malicious:false
            Preview:20241224-100928.409: t=1c50: Info: app: Begin Starting up (AppController.cpp.musync::AppControllerImpl::startHandler.305)..20241224-100928.409: t=1c50: Info: app: End Starting up (AppController.cpp.musync::AppControllerImpl::startHandler.305)..20241224-100928.409: t=18d4: Info: AppShell: End start (AppShell.cpp.musync::AppShell::startup.173)..20241224-100928.409: t=18d4: Info: Cosylib: getContext. baseUrl: https://comments.adobe.io/sync/ (CosyLibImpl.h.cosylib::CosyLibImpl::getContext.181)..20241224-100928.409: t=18d4: Info: Cosylib: getContext. baseUrl: https://comments.adobe.io/sync/ (CosyLibImpl.h.cosylib::CosyLibImpl::getContext.181)..20241224-100928.409: t=18d4: Info: Cosylib: getEntityClient (CosyLibImpl.h.cosylib::CosyLibImpl::getEntityClient.166)..20241224-100928.409: t=18d4: Info: ES::cosylib: EntityClientImpl::getRegisteredLoginInfo : (EntityClientImpl.cpp.cosylib::EntityClientImpl::getRegisteredLoginInfo.944)..20241224-100928.424: t=18d4: Info: ES::cosylib: RequestHandle :

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 8, cookie 0x3, schema 4, UTF-8, version-valid-for 1
            Category:dropped
            Size (bytes):32768
            Entropy (8bit):0.36835287347338636
            Encrypted:false
            SSDEEP:24:TLi7egbVH5hCAZIlE/F7iMXBxIV24bMo1Jllew:To1ZhCW0QfxHQd1
            MD5:F391306DD8BAA3198B26D3C80A906E19
            SHA1:6CD1B24D186F1CC68BF9097177DA5676C4A56422
            SHA-256:62604481C477AF3F8813122011B9CEC6DDEE9A3992F3FAFE236E3E92FC62E680
            SHA-512:5AD524078462D761F0F01933EBFC3714B44C93296BD4EDAB34B59CB833D1D9334CE830E196D2BD2BDA82837914E91B2B53E848EDC9BD04B7EDCC31D7DFD9DD53
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................c.......2........h...2................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230-journal

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
            File Type:SQLite Rollback Journal
            Category:dropped
            Size (bytes):512
            Entropy (8bit):0.28499812076190567
            Encrypted:false
            SSDEEP:3:7FEG2l/JZQldlFll:7+/l/J6
            MD5:13D034AD958B81773C4F6A7CF0976A79
            SHA1:98BBD99B85A11E936047F8674B732CBFBEC8883E
            SHA-256:011BC1454585C730676E2E77D31325D19A4C5B143C681C4E31463F33B58805CB
            SHA-512:1610A2DD5D2C35BC5B9EB49B063C20E2C41231FD0C0A3E0BB7DD208056CB83CBB271AEDA80A8705EECABD3FADA0D372CC32325FE3D0ED5BDB22C0DD822D9B6B8
            Malicious:false
            Preview:.... .c.......Ru................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241224150903Z-555.bmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
            Category:dropped
            Size (bytes):71190
            Entropy (8bit):1.2144840063009765
            Encrypted:false
            SSDEEP:192:/EbhKbe69rISaM5msPg5EJGmpYBJPi1J9Hi4H:/EbEe69rISaM5msPg5EJGmpY/q35H
            MD5:9C04696C6A6B44949F27D94D383A0E93
            SHA1:93C767BAE59E2F194403BEE55ECAF3169F0B2113
            SHA-256:D17EAB518EB992E1146EC161E9BE1A9CEC7591B335DB9DB09C38CB4391E0B172
            SHA-512:EF18C1CCDAB3DA7051C24EE1CF4149B2C5D7B2EC24FE675200CFA169D7C4518F93DEEC66608ED36656247F079C631FBB70566958A80B16216439F7F898AB80A4
            Malicious:false
            Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
            Category:dropped
            Size (bytes):86016
            Entropy (8bit):4.444754144383133
            Encrypted:false
            SSDEEP:384:yezci5tWiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rZs3OazzU89UTTgUL
            MD5:4E82216489395997F6AE0865CFFA56A7
            SHA1:2906FA84105B4812E261CD629E0CB7C128FB950F
            SHA-256:91E28A456CA81D31550CE6FF12997FD41C7B78D7F90E70EC366CC99E80A6287F
            SHA-512:585D2A0031F6D19027FF47BABB0F20CF5D4D5394B7D54ABECFE159F0754D6E599B0A8BA9BB36F563FC869726587654100BA0CAC1C3C5C9CB069F5AEB6B018710
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite Rollback Journal
            Category:dropped
            Size (bytes):8720
            Entropy (8bit):3.7739158927053493
            Encrypted:false
            SSDEEP:48:7Mep/E2ioyVieioy9oWoy1Cwoy1DNKOioy1noy1AYoy1Wioy1hioybioyt/oy1nR:7BpjuieFU/XKQetob9IVXEBodRBkS
            MD5:BECCA20878BDD7769732924B5F25E760
            SHA1:1ACA09C23EB396594D2384807F96C5BD6DC297D5
            SHA-256:DE1B5247EB7015869C57C7EEF14E26AD97DE6BC00F884454C80EC75994481669
            SHA-512:932B248DE9278A857CB7153105F1578F116A3609D441EC8909F79F8E374FB19C3B948906FD1009F2BEE043C96017B0D2C2D1C6A0ADDD9CE0ADFB0D7D62A941CC
            Malicious:false
            Preview:.... .c......x.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 23, cookie 0x11, schema 4, UTF-8, version-valid-for 1
            Category:dropped
            Size (bytes):94208
            Entropy (8bit):0.9951370817377893
            Encrypted:false
            SSDEEP:192:hxoGsTzoU2uCTaUxmaAxNoGsTzoU2uCTaUxoALZWLGjZ5Pj5vHAxNoGsT:hZgCeNgCaN
            MD5:DCD066A1C8CA38D94ACA4E5DF6CA20BF
            SHA1:0C670E7CB31FE1CFD952082C3629AD8861BFD799
            SHA-256:E484D26709945669E18A3D0A7F95E3EA943D4170736EDD8FEDFE3F69A7B8D25E
            SHA-512:C07D385DB9B836F106E1951FDCD911D7FFF44AAE6EE7406CA665B211236E8ABE3395789E10200644343779983E9AD7B5E484B3B1567CA6EAB890A88E4FF9500B
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................c......................7...4.....d...k.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Z...-%.qindexdependencies_diddependencies.CREATE INDEX dependencies_did o

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer-journal

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
            File Type:SQLite Rollback Journal
            Category:dropped
            Size (bytes):512
            Entropy (8bit):0.28499812076190567
            Encrypted:false
            SSDEEP:3:7FEG2l/z1MPlFll:7+/l/zi
            MD5:3A72593B5A966199067CAEABADB43857
            SHA1:62B42F82FC43F2F9EEAF7FD65C067412235C1563
            SHA-256:AAAB73FA76CEA62FBD9EB07AF7AD905ABF36E9486992D247ED7A69A31A8FEAC2
            SHA-512:C93A2DB22B86E45408FFF4B19B09880FD84947E06F26ED7087979F76DBD01E7D95C50DA270724061DD93F26C2DE7BB04DEAA5A902DD642C50FAFAE9D51B02D6B
            Malicious:false
            Preview:.... .c......P..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:Certificate, Version=3
            Category:dropped
            Size (bytes):1391
            Entropy (8bit):7.705940075877404
            Encrypted:false
            SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
            MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
            SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
            SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
            SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
            Malicious:false
            Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:dropped
            Size (bytes):192
            Entropy (8bit):2.7790941963225158
            Encrypted:false
            SSDEEP:3:kkFkl0dxtfllXlE/HT8k9ah1NNX8RolJuRdxLlGB9lQRYwpDdt:kKtdxeT80Q7NMa8RdWBwRd
            MD5:9A03CEF2EFE6026127D83825057C5170
            SHA1:994AD0F58DCC48381F4DD8B551C4366F17462C14
            SHA-256:5AB41BCEA86B91BA19DC2AB6D509E69839B44C58DFE7DAB2D00E525533FF1E47
            SHA-512:358EF98FC443D52B96804DB0DD07B7094504A5D23E3297F148B6B15A71A5798CBB8F27FD80821FA53009CFB8B3AB3621A62FC631BC7D3F85C1E9A4A5678BFB21
            Malicious:false
            Preview:p...... ........Gxs..V..(....................................................... ..........W.....@..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PostScript document text
            Category:dropped
            Size (bytes):1233
            Entropy (8bit):5.233980037532449
            Encrypted:false
            SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
            MD5:8BA9D8BEBA42C23A5DB405994B54903F
            SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
            SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
            SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
            Malicious:false
            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5744

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PostScript document text
            Category:dropped
            Size (bytes):1233
            Entropy (8bit):5.233980037532449
            Encrypted:false
            SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
            MD5:8BA9D8BEBA42C23A5DB405994B54903F
            SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
            SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
            SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
            Malicious:false
            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PostScript document text
            Category:dropped
            Size (bytes):1233
            Entropy (8bit):5.233980037532449
            Encrypted:false
            SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
            MD5:8BA9D8BEBA42C23A5DB405994B54903F
            SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
            SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
            SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
            Malicious:false
            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PostScript document text
            Category:dropped
            Size (bytes):10880
            Entropy (8bit):5.214360287289079
            Encrypted:false
            SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
            MD5:B60EE534029885BD6DECA42D1263BDC0
            SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
            SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
            SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
            Malicious:false
            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.5744

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PostScript document text
            Category:dropped
            Size (bytes):10880
            Entropy (8bit):5.214360287289079
            Encrypted:false
            SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
            MD5:B60EE534029885BD6DECA42D1263BDC0
            SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
            SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
            SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
            Malicious:false
            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):295
            Entropy (8bit):5.360728432535827
            Encrypted:false
            SSDEEP:6:YEQXJ2HXDv8GaK9X2VoZcg1vRcR0Y8WUoAvJM3g98kUwPeUkwRe9:YvXKXLX51PZc0vmGMbLUkee9
            MD5:304521DEFB65E54DF9ADAF63386DF897
            SHA1:13142D19D9A3B44B200B12B68CC22F1BD3D6D758
            SHA-256:19A3E7B0ECE3D5A9ECBB62895C53CF4F7268610635E3681A6DF4BD2B6FA03197
            SHA-512:C2817BF780528BF6DAF2226AE0B29192D90EF8BA039B8A2AA33F684A9F4B4637FD2970D910D9D1339BA964734F6DDD01A042F4630B161FBA8B7F1C312D7C5AF5
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"406a3554-5811-48c4-9cd9-15443242a6d0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735228537912,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):294
            Entropy (8bit):5.314264334954798
            Encrypted:false
            SSDEEP:6:YEQXJ2HXDv8GaK9X2VoZcg1vRcR0Y8WUoAvJfBoTfXpnrPeUkwRe9:YvXKXLX51PZc0vmGWTfXcUkee9
            MD5:432773997EC3227726FBEC05FAF4F5B4
            SHA1:0D473AE486AF19D34BFEEF660610489CF1338BE9
            SHA-256:048B9056410624DE4738BDEA7331778ADFEB1803EE922C642161FBEEDD79C804
            SHA-512:BC5DB5D6D98E0D6636A35A1290F0DB76BB975A74D31F25FD49038EF640A834FFF4FE6FBEA5DD2746583E59327BAEB3FA8B63AB69A5F26285C5B75D3624A979F3
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"406a3554-5811-48c4-9cd9-15443242a6d0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735228537912,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):294
            Entropy (8bit):5.2922169349541575
            Encrypted:false
            SSDEEP:6:YEQXJ2HXDv8GaK9X2VoZcg1vRcR0Y8WUoAvJfBD2G6UpnrPeUkwRe9:YvXKXLX51PZc0vmGR22cUkee9
            MD5:BD6D3229B50E7B2A146CB687B4D099EB
            SHA1:7D84BEDFFFAE611D0B013340C4C4F654DDAA6451
            SHA-256:1203D47BACE073F66E8FBB85F3B29009E5CB00415FD5401D315C944DCA31D9AF
            SHA-512:D3006E0275796E05DBF2BA72A423DAFCE095CD798EDDC7730D08E8D385A075AB959D18AD985930E4F923EC09F8652F43188F4F0FD888D648FB388326FFCAB301
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"406a3554-5811-48c4-9cd9-15443242a6d0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735228537912,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):285
            Entropy (8bit):5.347646484212342
            Encrypted:false
            SSDEEP:6:YEQXJ2HXDv8GaK9X2VoZcg1vRcR0Y8WUoAvJfPmwrPeUkwRe9:YvXKXLX51PZc0vmGH56Ukee9
            MD5:1309A02692E49A7637DE7D38639D7B04
            SHA1:9DE39BBE6753C4A91BEAD7F2F3C452F9A5BA63FF
            SHA-256:3AD69E6B6AD3D759CA55DBE9DE62F23CBF8987192784ABD1B5E3DC72F37E9CD7
            SHA-512:E0D6C21749E7D197BBA399C9D1790F536850809BFFEFD5D02D5391E9A7BC6CF261EB692E342308527EA2309FDA42E18FEC732B1EA7515F1410A0A69801C72460
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"406a3554-5811-48c4-9cd9-15443242a6d0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735228537912,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1123
            Entropy (8bit):5.688685919204503
            Encrypted:false
            SSDEEP:24:Yv6XN1PzvzpLgE9cQx8LennAvzBvkn0RCmK8czOCCS8:Yvc177hgy6SAFv5Ah8cv/8
            MD5:7D1133E5031F70BCBB869D1BFB705C72
            SHA1:4CFF4E7C5930B21957140320631C904894B238DE
            SHA-256:46F64B6B98940A709CE5C95B6C1382F9F2D37C424883C742E5B5B32DC95F660C
            SHA-512:DE0BB20DD3F732787F50C554CABC6392B20E450D4679C5E9935BEF1C4EF4EA82DA7C676F3414E7EB355D4EF9B43AB34B3B38B4ED3BA70C90ED3C0CBD1A1C6B04
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"406a3554-5811-48c4-9cd9-15443242a6d0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735228537912,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):289
            Entropy (8bit):5.295508045323337
            Encrypted:false
            SSDEEP:6:YEQXJ2HXDv8GaK9X2VoZcg1vRcR0Y8WUoAvJf8dPeUkwRe9:YvXKXLX51PZc0vmGU8Ukee9
            MD5:D1F60DA1BCD9D565168CA7FD49181494
            SHA1:AFB1DD7E30BDC1534DAC61EE0117B5FAAF2445C1
            SHA-256:1996026EDCA171BA10FBC7F7A688CED8AC2692AA6F72D615937A1F5E4FE22503
            SHA-512:D9BAE30D5BC9EB9B75106E4BAF6DAB247A623FBB5EC1DC88575B5EB845ECA6359C75A732C9D87CEAA0B8B9C58366D52306950A68C38A3FD368AC5E97222A0055
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"406a3554-5811-48c4-9cd9-15443242a6d0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735228537912,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):292
            Entropy (8bit):5.300054627943782
            Encrypted:false
            SSDEEP:6:YEQXJ2HXDv8GaK9X2VoZcg1vRcR0Y8WUoAvJfQ1rPeUkwRe9:YvXKXLX51PZc0vmGY16Ukee9
            MD5:C3ADE936FB1A340139E1B3AF9F0F96EE
            SHA1:A4E26EF0124D1D48F1D439B459ED5FBD3F694381
            SHA-256:87E8AF5C0FD385A7A1445F06E6F5B9C9372D3806994CAC42041EF7F233598D6C
            SHA-512:CD7CEE3391A3493608F7F945C6C798071E14F51A9E2A68F97EDA4C8605C47EA11A5D498E1EA7C0709D7FCE4E23B1DB6061DE0C19FF2C0259F94D677559FEF7F4
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"406a3554-5811-48c4-9cd9-15443242a6d0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735228537912,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):289
            Entropy (8bit):5.304811129380748
            Encrypted:false
            SSDEEP:6:YEQXJ2HXDv8GaK9X2VoZcg1vRcR0Y8WUoAvJfFldPeUkwRe9:YvXKXLX51PZc0vmGz8Ukee9
            MD5:506C6088BF99E780A66F2BA9FE790AE4
            SHA1:BE73AEAB879A80D81CC1751516A393AC106D94F6
            SHA-256:CDE657C047CFF885EE425B4CDD8CD254C3DE5381EA997A710328E3924C3D8AC3
            SHA-512:F37AC270156F4008111EBEF3278E462E7AFA7F06CBE4E41B5C9A64D5B700BC5E5AF360B018ACDCEF4679F0C31898526925AECB710F13C8A9F591CB5348B79827
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"406a3554-5811-48c4-9cd9-15443242a6d0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735228537912,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):295
            Entropy (8bit):5.321712246080482
            Encrypted:false
            SSDEEP:6:YEQXJ2HXDv8GaK9X2VoZcg1vRcR0Y8WUoAvJfzdPeUkwRe9:YvXKXLX51PZc0vmGb8Ukee9
            MD5:A13B5FF22CC5A876ED2C18F66C29E7C7
            SHA1:8B807B21E5D9B008A699F34842DEB5EFECC33823
            SHA-256:C0D2771BFE37FA664C90140CFBD64EB34CA24744D220F3B608A75AFC23ADC094
            SHA-512:6C3932345D155600B3A0B9353FE3F63BE96958069B167894252C3BFC1A70BA263F18AB10AFF9B9EFECC2858139ECD2BCC2602044CCF5AED720DD52844EC9D763
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"406a3554-5811-48c4-9cd9-15443242a6d0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735228537912,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):289
            Entropy (8bit):5.302404749238153
            Encrypted:false
            SSDEEP:6:YEQXJ2HXDv8GaK9X2VoZcg1vRcR0Y8WUoAvJfYdPeUkwRe9:YvXKXLX51PZc0vmGg8Ukee9
            MD5:52C1C5B6CE9D560A4F32F0D0DF6A7E25
            SHA1:8DD8C437F2320A1E5C4D87B98768CCEB62CC77A8
            SHA-256:A7F76DCFC461D06B827D62F6AD35CB7339E7ED2301A7CBD2EDEF4E7E9FB0BF0E
            SHA-512:049AF0511044D2319F4A52D02DB988A456C2A8F5B7011A96C5F74F56E5C0DCD7E0489F4557D09B432634C39EBB5793A07F2B1779940FC9060157196A6DDB7C53
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"406a3554-5811-48c4-9cd9-15443242a6d0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735228537912,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):284
            Entropy (8bit):5.288179757662461
            Encrypted:false
            SSDEEP:6:YEQXJ2HXDv8GaK9X2VoZcg1vRcR0Y8WUoAvJf+dPeUkwRe9:YvXKXLX51PZc0vmG28Ukee9
            MD5:01CD0FED3F2ACA2E15AD9C17FD1EEE45
            SHA1:8BF8D3E80EB5BD898590B48DBB71B6B6D9D0C9E5
            SHA-256:AC9363E2A6653EAC0EE4AB12BC032D096B5506580CAC4C3D242A13439202B85C
            SHA-512:DDA662A29A88C81E445D7BADBDB5C9BDFB0B169DD88FCB613F1C0F2CD00E081B7287BCFF2CA01881687275A56B71853717DA21CA2674CDA74E814D0733EDE732
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"406a3554-5811-48c4-9cd9-15443242a6d0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735228537912,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):291
            Entropy (8bit):5.285935319425843
            Encrypted:false
            SSDEEP:6:YEQXJ2HXDv8GaK9X2VoZcg1vRcR0Y8WUoAvJfbPtdPeUkwRe9:YvXKXLX51PZc0vmGDV8Ukee9
            MD5:AD95CD383771ADDD5C0E425A030D6611
            SHA1:8A37CC254E8563E59E2C28E86BB99A52AFDC5B8A
            SHA-256:DEA25368DF926F2748456AE7BA151084E39127E6B35315F5F11847638DE4BDAE
            SHA-512:5D6D9AFF60C04D78589C883B6A07DE06BDC963F97130D51F45D803E1CA00D2D148F0E2D79C034CF4C8C4CA4C46607967C5EE113CDFFE1BB98D6450FBD2B95D5E
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"406a3554-5811-48c4-9cd9-15443242a6d0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735228537912,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):287
            Entropy (8bit):5.290620057382654
            Encrypted:false
            SSDEEP:6:YEQXJ2HXDv8GaK9X2VoZcg1vRcR0Y8WUoAvJf21rPeUkwRe9:YvXKXLX51PZc0vmG+16Ukee9
            MD5:E9EDB2B287EB4A58064A385A35EAF14C
            SHA1:CA5DA69C6AAD386B12D79DD90C2CB70DC3B93583
            SHA-256:8FBD6D72C4FC1D2E7AC50C5FF84EF6536D0B2D49047ED22D01F6E3C34A834B83
            SHA-512:A0DAFDA5F375AA62142B7DCB9881B9EED6D12336B4BAA20755C79F296C6DC908E958A7B3FADD0D91748D1AA559F1A040D25A4D7C0158336D9349C68E927CBE12
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"406a3554-5811-48c4-9cd9-15443242a6d0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735228537912,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1090
            Entropy (8bit):5.665193974527117
            Encrypted:false
            SSDEEP:24:Yv6XN1PzvDamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BS8:Yvc17LBgkDMUJUAh8cvM8
            MD5:31BFB0B509FC854CDD7D9CAE56883B68
            SHA1:D2353550A4AEEA5C5AF67F3EDAC857749A831567
            SHA-256:F7E01692402123705F6FE2A1B5B18F39A83BB167D42D2C889F83F220AD47F7B7
            SHA-512:54EB661FC146CC46B224DA512D7A4BA5145796DFC97ACE125594C2AC8CC48BD10D27A0A831C5F2B0BF1C1EB89C63008F30620F6F7FE0AF535C9EC7C745157C2E
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"406a3554-5811-48c4-9cd9-15443242a6d0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735228537912,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):286
            Entropy (8bit):5.265657490245134
            Encrypted:false
            SSDEEP:6:YEQXJ2HXDv8GaK9X2VoZcg1vRcR0Y8WUoAvJfshHHrPeUkwRe9:YvXKXLX51PZc0vmGUUUkee9
            MD5:BD489E33DEEE2709BBB32FC2F72E69CC
            SHA1:71FF739190CFFF3443BECE91E1487CA1CE57D058
            SHA-256:CF738A8486A40639086BBCF1EB9A9F7931B6EF0DE089D1CDF587959950EE0F4A
            SHA-512:9BFE63D7CEB1BF294D1AF0443CB24CB6D77463D7A8320DDAB4647D6FDE232BB9AE183667126E1DB9E4941D810350936BB2B66B252D909233F9D23D6F1DE28AE4
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"406a3554-5811-48c4-9cd9-15443242a6d0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735228537912,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):282
            Entropy (8bit):5.270895842983129
            Encrypted:false
            SSDEEP:6:YEQXJ2HXDv8GaK9X2VoZcg1vRcR0Y8WUoAvJTqgFCrPeUkwRe9:YvXKXLX51PZc0vmGTq16Ukee9
            MD5:C8F8142641298C2CF08A47CDCC41EA17
            SHA1:373AD612B05C610A75A4D28FCDEA26EF4816FC77
            SHA-256:ECAF618059324E2ABCEF864514F2F495F92A994F82947F6632AC413127F38B54
            SHA-512:EBD6596F7F0B6C9EB2A624797AE97D259DFD9AFC8B0DA07CF9B7E96B647BEFE67C89D9B0DAC3594E6F1F77EAE18DAC3E5DCDAC68B65873CDE5DA2A1AED371B3F
            Malicious:false
            Preview:{"analyticsData":{"responseGUID":"406a3554-5811-48c4-9cd9-15443242a6d0","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735228537912,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:data
            Category:dropped
            Size (bytes):4
            Entropy (8bit):0.8112781244591328
            Encrypted:false
            SSDEEP:3:e:e
            MD5:DC84B0D741E5BEAE8070013ADDCC8C28
            SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
            SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
            SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
            Malicious:false
            Preview:....

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):2814
            Entropy (8bit):5.125917054327408
            Encrypted:false
            SSDEEP:24:YHMaGCay8jSB4aTYPQB3mEIaWMAjpHcj0SciA2HzS82XP2LSuCocbFkH5YW9rkWC:Yi12DTYPQJdYpHuYahaPkpcbFE19rkd
            MD5:CE34D4AFFB65EB9AEF5F577BDA8BD078
            SHA1:3D851029054550100785CF36D0751099E143196D
            SHA-256:10B58C11361E945ACD0DD2A5D2473247F17CCE9057A0E3341476D002633B41F9
            SHA-512:7B007C4E3786B0BFA8294DC6FF72280293717C9D0BA615DE559B543DFCB5BC4B61E42F111D68965FE1E2C6034CCE065DCB55D2A82010741556CFCA78DE01EFE1
            Malicious:false
            Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"f8ee36cdbe2b8f0147f9288bf1afa24f","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1735052947000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"c0bef2582b3d53c0626e0cf0530e7b69","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1735052947000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"644f154a95529907bb6e868f93c321ed","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1735052947000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"74245e6ac21d9900eeea21b411703f27","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1735052947000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"5bf75e92691300f3f9111bf999b5c742","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1735052947000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"2e46a96f8fe0b4c33ebda0d3020472e5","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 29, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 29
            Category:dropped
            Size (bytes):12288
            Entropy (8bit):1.190333497736505
            Encrypted:false
            SSDEEP:24:TLRx/XYKQvGJF7ursEdh7ddR97dfRT97dfZ6i3FU/PinjXIAWvovUGPwtIQ:T1l2GL7msEdhvR9H9vxFGiDIAWwsQgIQ
            MD5:E92BA233CA5CB9C70D62B2C2D780E963
            SHA1:928162A3C413403328A613D0EE88DBE86DE04A53
            SHA-256:92AC55E6A1B217C221C7DA0E32F0E06FC0B432CD9D102B1232741E0EFC1EC1A1
            SHA-512:26B15547BC64DD1517284259814C595D601EA53ECF1BD8CFACC2E77DCC77EB839643F7A8B620FFA83001D77FD2DD1A537F218EA55BB5A8EC7991174A0DEA67FB
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite Rollback Journal
            Category:dropped
            Size (bytes):8720
            Entropy (8bit):1.613938127932875
            Encrypted:false
            SSDEEP:48:7M1JGvR9H9vxFGiDIAEkUsQgI+qFl2GL7msq:7sgFGSIt7EKVmsq
            MD5:F1D2AF870813C6801D3B862D51D573B2
            SHA1:913B89C81A9AEC5FFE12A93ED5A636F1FA3EE249
            SHA-256:12706CA85DE1179805B9EADBDC9F6EE0061606A235063859E8E3C255C3F0FEE4
            SHA-512:2F7B612C4D922F376969726EE358972A6F40E314EF8ADB811F83FB3E8302A323B3DA3FC668CB99C11A1AF809EE59F7053C19A757867F102BBAB8EB7B2898268F
            Malicious:false
            Preview:.... .c.....0..*......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f...)..).....8...).).).).).).).).)................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:data
            Category:dropped
            Size (bytes):66726
            Entropy (8bit):5.392739213842091
            Encrypted:false
            SSDEEP:768:RNOpblrU6TBH44ADKZEgACDWzmoiLFg0BpEWe3ZwKi3Yyu:6a6TZ44ADEACDwmoiLFvR3K
            MD5:A8544451BBDC80416AB1FC9DA67392C3
            SHA1:F4CD1C0CBCF0BF825BD08576033CEDF47C99BAF0
            SHA-256:B45258C1B396B247264836345F29EFCA94BA93E7A9C4433245A9672CBFB9A410
            SHA-512:75AA3632F332A4649B23FDFBBD629650E34405A073F416C29E2C9CDFC3B5F4797C7B34449FBCF4AE7225E9AB27F82CF4754C172A10ECB267391C26FEFB33EA20
            Malicious:false
            Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

            C:\Users\user\AppData\Local\Temp\MSIabe99.LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
            Category:dropped
            Size (bytes):246
            Entropy (8bit):3.511206980872271
            Encrypted:false
            SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8cZadNklkle:Qw946cPbiOxDlbYnuRKHL
            MD5:BAD9250AF9FC8784035D17072AE13FD8
            SHA1:020C0D610F4375BEB740DF978F4444824F314284
            SHA-256:EE146E06F28A6B4DFBA3945718878DFBFFFD4FF59F05703305B8124E90B1EFDB
            SHA-512:7157AAC05C36BF9EF0E8E7CEAA4E5403488FA2B5B3A26D0418FCD17031B14184CDB139F6308C46817E165C4A34EDC8EF18587B25DA2FE9A8D546B4F6AC3F4B6C
            Malicious:false
            Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.1.2./.2.0.2.4. . .1.0.:.0.9.:.0.6. .=.=.=.....

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-24 10-09-00-538.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with very long lines (393)
            Category:dropped
            Size (bytes):16525
            Entropy (8bit):5.345946398610936
            Encrypted:false
            SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
            MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
            SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
            SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
            SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
            Malicious:false
            Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with very long lines (393), with CRLF line terminators
            Category:dropped
            Size (bytes):15114
            Entropy (8bit):5.326122589048827
            Encrypted:false
            SSDEEP:384:pUGROQf/MX3lOsevioMXkUiCWREr4hNsPgzvh9glfYpNr+7oqz+Gy3ynKQSXxo4O:1OT
            MD5:B0ACB553841B9C5788BD5F4874E66955
            SHA1:2FD682446F38EF5D15DE6B2AEABF62ECE7D4ACC7
            SHA-256:1D8CD267F3846304BB883DCE43C8114D23E40E4A52878B167E29867CC4C42016
            SHA-512:DEADBAAB8E0A7A5361D8FA55DAB3A913337A363B4076721E54494688C138CAE1190E4D54A9B35F2269603C379B00F6BA06114492650550D4A5786AB0994A846A
            Malicious:false
            Preview:SessionID=90d519eb-c740-4ac7-a7ef-c1c061d606f9.1735052940550 Timestamp=2024-12-24T10:09:00:550-0500 ThreadID=7588 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=90d519eb-c740-4ac7-a7ef-c1c061d606f9.1735052940550 Timestamp=2024-12-24T10:09:00:550-0500 ThreadID=7588 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=90d519eb-c740-4ac7-a7ef-c1c061d606f9.1735052940550 Timestamp=2024-12-24T10:09:00:550-0500 ThreadID=7588 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=90d519eb-c740-4ac7-a7ef-c1c061d606f9.1735052940550 Timestamp=2024-12-24T10:09:00:550-0500 ThreadID=7588 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=90d519eb-c740-4ac7-a7ef-c1c061d606f9.1735052940550 Timestamp=2024-12-24T10:09:00:550-0500 ThreadID=7588 Component=ngl-lib_NglAppLib Description="SetConf

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):29752
            Entropy (8bit):5.382192095428153
            Encrypted:false
            SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rA:k
            MD5:ACE26341E3CAB4FC883A0B7666F688AC
            SHA1:A5D23070A20CF54BA488AD398767050CB85FA702
            SHA-256:A4FE29CFEFE41412524B224BA4F534DDBDE8A6A384DF86C104931C9323C5E81D
            SHA-512:7930EE1D5EE7F868295B564EC7F28BB778F17B1D498BC8C9AF7032094A122FE8400D0CE6D3B911EBF41741AA728EC7FFCEBF5BBE51534EA21DE1AD13B1F38281
            Malicious:false
            Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

            C:\Users\user\AppData\Local\Temp\acrocef_low\40a3e4bb-0299-4d18-a1ca-dda1d161d51c.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
            Category:dropped
            Size (bytes):758601
            Entropy (8bit):7.98639316555857
            Encrypted:false
            SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
            MD5:3A49135134665364308390AC398006F1
            SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
            SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
            SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
            Malicious:false
            Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

            C:\Users\user\AppData\Local\Temp\acrocef_low\c989032e-e035-4212-8d55-689592bdd81e.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
            Category:dropped
            Size (bytes):1419751
            Entropy (8bit):7.976496077007677
            Encrypted:false
            SSDEEP:24576:/M7ouWLYZwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLYZwZGuGZn3mlind9i4ufFXpAXkru
            MD5:EC8D4FAB55F24C0E344D263724846C4A
            SHA1:5444D90F86D68A23AF7FB5434DEAE740D57D0312
            SHA-256:E489C11D38BFF8F1F51351BAEBEE9F723A5C036DA0B0CB9C82306251017054EE
            SHA-512:21018FD299944987654C202779C8E0185815868DE7179B814F145573EE8D45ACC33CA7E008CB23774C473DD7939E9D7D7C2E5A14E31D5EC62F7BFFDBBAB41F9A
            Malicious:false
            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

            C:\Users\user\AppData\Local\Temp\acrocef_low\e7fa39ca-df79-4df8-8d51-50dea4d63ed8.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
            Category:dropped
            Size (bytes):386528
            Entropy (8bit):7.9736851559892425
            Encrypted:false
            SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
            MD5:5C48B0AD2FEF800949466AE872E1F1E2
            SHA1:337D617AE142815EDDACB48484628C1F16692A2F
            SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
            SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
            Malicious:false
            Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

            C:\Users\user\AppData\Local\Temp\acrocef_low\eec36a48-6e70-4061-8678-51a61da4cb5d.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
            Category:dropped
            Size (bytes):1407294
            Entropy (8bit):7.97605879016224
            Encrypted:false
            SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
            MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
            SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
            SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
            SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
            Malicious:false
            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):24
            Entropy (8bit):3.66829583405449
            Encrypted:false
            SSDEEP:3:So6FwHn:So6FwHn
            MD5:DD4A3BD8B9FF61628346391EA9987E1D
            SHA1:474076C122CACAAF112469FC62976BB69187AA2B
            SHA-256:7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
            SHA-512:FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
            Malicious:false
            Preview:<</Settings [/c <<>>].>>

            Static File Info

            General

            File type:PDF document, version 1.7 (zip deflate encoded)
            Entropy (8bit):7.930321142439076
            TrID:
            • Adobe Portable Document Format (5005/1) 100.00%
            File name:End of Year Accounting for The Estate of Janet Delesanti-2.pdf
            File size:13'329'417 bytes
            MD5:c37012ba15a5dd1c1ae109d07c4e6417
            SHA1:752014043e65f3bc49704cdae2a9e26a0a6fa82a
            SHA256:7a4fc14999cc545e5fc14502b74ee87e3d50b33c531eef64c6c531952f6f8394
            SHA512:57b15a43591bbfc39f6779654781102452d88e5643a4787844b29ebc31799d53f6163f39912e9a5cfc234618d40f3e7083f67f95891771226aca96e90900c833
            SSDEEP:393216:LN3YK9FiaRd5nm2g4evcfBlKIHAoxA8ihUCF:LN3YK3iaRd59gXvcfBMIAoUhNF
            TLSH:8ED6AF4B8E858656902D43F4BE074FAC5F5A2BAEA44136FF14174ECF3E20A135E9E06D
            File Content Preview:%PDF-1.7.%......1 0 obj.<</AcroForm 3150 0 R/Lang(en-US)/MarkInfo<</Marked true>>/Pages 3015 0 R/StructTreeRoot 33 0 R/Type/Catalog>>.endobj.3 0 obj.<</Contents 4 0 R/Group<</CS/DeviceRGB/S/Transparency/Type/Group>>/MediaBox[0 0 612 792]/Parent 2 0 R/Reso

            File Icon

            Icon Hash:62cc8caeb29e8ae0

            Static PDF Info

            General

            Header:%PDF-1.7
            Total Entropy:7.930321
            Total Bytes:13329417
            Stream Entropy:7.929497
            Stream Bytes:13138521
            Entropy outside Streams:5.128772
            Bytes outside Streams:190896
            Number of EOF found:1
            Bytes after EOF:

            Keywords Statistics

            NameCount
            obj1963
            endobj1963
            stream1846
            endstream1846
            xref0
            trailer0
            startxref1
            /Page114
            /Encrypt0
            /ObjStm12
            /URI0
            /JS0
            /JavaScript0
            /AA1
            /OpenAction0
            /AcroForm1
            /JBIG2Decode0
            /RichMedia0
            /Launch0
            /EmbeddedFile0

            Image Streams

            IDDHASHMD5Preview
            19000000000000000005cedba5db2bfcf40b91ddb4929069d92
            192000000000000000060da8e331f243aac93b3a7f478b780e0
            21069677f61656773631ddaf8fa0ba4fb13ef2fed17e989fb70
            213008a8a517055a3004199c7b9bb5554b8dab49998e40ae826
            2170c4d2c270f4c40888825bb0e1a8b6f2137739f13d661a47a

            Network Behavior

            Network Port Distribution

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Dec 24, 2024 16:09:12.055908918 CET6542153192.168.2.41.1.1.1
            Dec 24, 2024 16:09:27.739983082 CET5349553192.168.2.41.1.1.1

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Dec 24, 2024 16:09:12.055908918 CET192.168.2.41.1.1.10xab97Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
            Dec 24, 2024 16:09:27.739983082 CET192.168.2.41.1.1.10xba6eStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Dec 24, 2024 16:09:12.193279982 CET1.1.1.1192.168.2.40xab97No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
            Dec 24, 2024 16:09:27.878221989 CET1.1.1.1192.168.2.40xba6eNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:10:08:45
            Start date:24/12/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\End of Year Accounting for The Estate of Janet Delesanti-2.pdf"
            Imagebase:0x7ff6bc1b0000
            File size:5'641'176 bytes
            MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:1
            Start time:10:08:45
            Start date:24/12/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
            Imagebase:0x7ff728bc0000
            File size:11'469'784 bytes
            MD5 hash:8A41FC5F946230805512B943C45AC9D8
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:moderate
            Has exited:false

            General

            Target ID:2
            Start time:10:08:46
            Start date:24/12/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2084
            Imagebase:0x7ff728bc0000
            File size:11'469'784 bytes
            MD5 hash:8A41FC5F946230805512B943C45AC9D8
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:moderate
            Has exited:false

            General

            Target ID:3
            Start time:10:08:47
            Start date:24/12/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
            Imagebase:0x7ff728bc0000
            File size:11'469'784 bytes
            MD5 hash:8A41FC5F946230805512B943C45AC9D8
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:moderate
            Has exited:true

            General

            Target ID:4
            Start time:10:08:48
            Start date:24/12/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7240
            Imagebase:0x7ff728bc0000
            File size:11'469'784 bytes
            MD5 hash:8A41FC5F946230805512B943C45AC9D8
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:moderate
            Has exited:true

            General

            Target ID:5
            Start time:10:08:49
            Start date:24/12/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
            Imagebase:0x7ff728bc0000
            File size:11'469'784 bytes
            MD5 hash:8A41FC5F946230805512B943C45AC9D8
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:moderate
            Has exited:true

            General

            Target ID:6
            Start time:10:08:50
            Start date:24/12/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7340
            Imagebase:0x7ff728bc0000
            File size:11'469'784 bytes
            MD5 hash:8A41FC5F946230805512B943C45AC9D8
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:moderate
            Has exited:true

            General

            Target ID:7
            Start time:10:08:51
            Start date:24/12/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
            Imagebase:0x7ff728bc0000
            File size:11'469'784 bytes
            MD5 hash:8A41FC5F946230805512B943C45AC9D8
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:moderate
            Has exited:true

            General

            Target ID:8
            Start time:10:08:52
            Start date:24/12/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7440
            Imagebase:0x7ff728bc0000
            File size:11'469'784 bytes
            MD5 hash:8A41FC5F946230805512B943C45AC9D8
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:moderate
            Has exited:true

            General

            Target ID:9
            Start time:10:08:53
            Start date:24/12/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
            Imagebase:0x7ff728bc0000
            File size:11'469'784 bytes
            MD5 hash:8A41FC5F946230805512B943C45AC9D8
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:moderate
            Has exited:true

            General

            Target ID:10
            Start time:10:08:54
            Start date:24/12/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7540
            Imagebase:0x7ff728bc0000
            File size:11'469'784 bytes
            MD5 hash:8A41FC5F946230805512B943C45AC9D8
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:11
            Start time:10:08:55
            Start date:24/12/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
            Imagebase:0x7ff728bc0000
            File size:11'469'784 bytes
            MD5 hash:8A41FC5F946230805512B943C45AC9D8
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:12
            Start time:10:08:56
            Start date:24/12/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7652
            Imagebase:0x7ff728bc0000
            File size:11'469'784 bytes
            MD5 hash:8A41FC5F946230805512B943C45AC9D8
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:13
            Start time:10:08:58
            Start date:24/12/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
            Imagebase:0x7ff74bb60000
            File size:3'581'912 bytes
            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:16
            Start time:10:08:58
            Start date:24/12/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1564,i,18128779800940889394,7499666708693846813,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
            Imagebase:0x7ff74bb60000
            File size:3'581'912 bytes
            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            General

            Target ID:17
            Start time:10:08:58
            Start date:24/12/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
            Wow64 process (32bit):true
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
            Imagebase:0x580000
            File size:218'280 bytes
            MD5 hash:92366A2F482926C3D0DD02D6F952F742
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Has exited:true

            Disassembly

            No disassembly