Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ea354192.pdf

Overview

General Information

Sample name:ea354192.pdf
renamed because original name is a hash value
Original sample name:Quantifying the Potential of Electric Vehicles to Provide Electric Grid Benefits in the MISO Area354192.pdf
Analysis ID:1591109
MD5:7fff1cb2b11866cf29a901cce8619a36
SHA1:936a3da2ad73eff778f0a9aff0cb385466f9e625
SHA256:ffafb3ba7d27a1a016efe5be737f65b5c2e835b92e29322ff4402da4c25effe4
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Potential document exploit detected (performs DNS queries)

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7344 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ea354192.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7516 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7712 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1352,i,5345100234334298223,13379776298111162246,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: ea354192.pdfVirustotal: Detection: 14%Perma Link
Source: global trafficDNS query: name: x1.i.lencr.org
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: ea354192.pdfString found in binary or memory: http://worldpopulationreview.com/states/)
Source: ea354192.pdfString found in binary or memory: http://www.caiso.com/informed/Pages/StakeholderProcesses/CompletedClosedStakeholderInitiatives/Deman
Source: ea354192.pdfString found in binary or memory: http://www.ncsl.org/research/energy/renewable-portfolio-standards.aspx)
Source: ea354192.pdfString found in binary or memory: http://www.ren21.net/wp-content/uploads/2018/06/17-8652_GSR2018_FullReport_web_-1.pdf)
Source: ea354192.pdfString found in binary or memory: http://www.veloz.org/wp-content/uploads/2019/04/3_mar_2019_Dashboard_PEV_Sales_veloz.pdf)
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: ea354192.pdfString found in binary or memory: https://about.bnef.com/blog/cumulative-global-ev-sales-hit-4-million/)
Source: ea354192.pdfString found in binary or memory: https://about.bnef.com/electric-vehicle-outlook/)
Source: ea354192.pdfString found in binary or memory: https://afdc.energy.gov/evi-pro-lite)
Source: ea354192.pdfString found in binary or memory: https://autoalliance.org/energy-environment/advanced-technology-vehicle-sales-dashboard/)
Source: ea354192.pdfString found in binary or memory: https://ccst.us/wp-content/uploads/Chapter-3-v2.pdf)
Source: ea354192.pdfString found in binary or memory: https://doi.org/10.1016/j.jpowsour.2016.09.116)
Source: ea354192.pdfString found in binary or memory: https://evadoption.com/ev-models/)
Source: ea354192.pdfString found in binary or memory: https://insideevs.com/january-plug-in-car-sales-china-tripled/)
Source: ea354192.pdfString found in binary or memory: https://newmotion.com/the-future-of-ev-charging-with-v2x-technology)
Source: ea354192.pdfString found in binary or memory: https://www.amazon.com/ChargePoint-Enabled-Electric-Vehicle-Charger/dp/B071YDGJYZ/ref=sr_1_3?ie=UTF8
Source: ea354192.pdfString found in binary or memory: https://www.amazon.com/JuiceBox-Pro-40-JuiceNet-WiFi-equipped/dp/B00UB9R4KO/ref=sr_1_4?ie=UTF8&qid=1
Source: ea354192.pdfString found in binary or memory: https://www.amazon.com/MUSTART-Portable-Charger-Electric-Charging/dp/B077D5C86M/ref=sr_1_6?ie=UTF8&q
Source: ea354192.pdfString found in binary or memory: https://www.amazon.com/Maxgreen-Electric-100-240Volt-Portable-ft-Cable/dp/B07DWVFLMW/ref=sr_1_fkmr1_
Source: ea354192.pdfString found in binary or memory: https://www.amazon.com/Morec-Upgraded-Portable-220V-240V-Compatible/dp/B07DHFH8LW/ref=sr_1_1_sspa?ie
Source: ea354192.pdfString found in binary or memory: https://www.amazon.com/OrionMotorTech-Portable-Electric-Recognized-Component/dp/B071DM35LT/ref=sr_1_
Source: ea354192.pdfString found in binary or memory: https://www.amazon.com/Siemens-US2-VersiCharge-Installation-Compatibility/dp/B00MFVI8UG/ref=sr_1_5?i
Source: ea354192.pdfString found in binary or memory: https://www.amazon.com/Zencar-Portable-Electric-Charging-Compatible/dp/B077N25YTG/ref=sr_1_3?ie=UTF8
Source: ea354192.pdfString found in binary or memory: https://www.amazon.com/dp/B019DKKR7S/ref=emc_b_5_t)
Source: ea354192.pdfString found in binary or memory: https://www.bloomberg.com/view/articles/2019-04-12/electric-vehicle-battery-shrinks-and-so-does-the-
Source: ea354192.pdfString found in binary or memory: https://www.businesswire.com/news/home/20181031005476/en/EDF-Energy-Nuvve-Corporation-Announce-Plans
Source: ea354192.pdfString found in binary or memory: https://www.eia.gov/outlooks/aeo/)
Source: ea354192.pdfString found in binary or memory: https://www.eia.gov/outlooks/aeo18/)
Source: ea354192.pdfString found in binary or memory: https://www.elaad.nl/projects/invade/)
Source: ea354192.pdfString found in binary or memory: https://www.energy.ca.gov/research/notices/2017-12-05_workshop/presentations/03_UCB_XBOS-V.pdf)
Source: ea354192.pdfString found in binary or memory: https://www.energy.gov/maps/renewable-energy-production-state)
Source: ea354192.pdfString found in binary or memory: https://www.fleeteurope.com/en/smart-mobility/netherlands/article/amsterdam-pilots-v2g-charging?a=FJ
Source: ea354192.pdfString found in binary or memory: https://www.greencarreports.com/news/1121693_colorado-to-launch-smart-charging-pilot-program-as-it-p
Source: ea354192.pdfString found in binary or memory: https://www.smart-energy.com/industry-sectors/electric-vehicles/the-uk-pilots-smart-ev-charging-hubs
Source: classification engineClassification label: mal48.winPDF@14/51@1/0
Source: ea354192.pdfInitial sample: https://about.bnef.com/blog/cumulative-global-ev-sales-hit-4-million/
Source: ea354192.pdfInitial sample: https://insideevs.com/january-plug-in-car-sales-china-tripled/
Source: ea354192.pdfInitial sample: http://www.ren21.net/wp-content/uploads/2018/06/17-8652_GSR2018_FullReport_web_-1.pdf
Source: ea354192.pdfInitial sample: https://www.amazon.com/Maxgreen-Electric-100-240Volt-Portable-ft-Cable/dp/B07DWVFLMW/ref=sr_1_fkmr1_3?ie=UTF8&qid=1540252550&sr=8-3-fkmr1&keywords=EV+L1+charger+schedule
Source: ea354192.pdfInitial sample: https://www.fleeteurope.com/en/smart-mobility/netherlands/article/amsterdam-pilots-v2g-charging?a=fja05&t%5b0%5d=newmotion&t%5b1%5d=alliander&t%5b2%5d=enervalis&t%5b3%5d=&curl=1
Source: ea354192.pdfInitial sample: https://www.amazon.com/morec-upgraded-portable-220v-240v-compatible/dp/b07dhfh8lw/ref=sr_1_1_sspa?ie=utf8&qid=1540249557&sr=8-1-spons&keywords=ev+charger+level+2&psc=1
Source: ea354192.pdfInitial sample: https://www.amazon.com/Siemens-US2-VersiCharge-Installation-Compatibility/dp/B00MFVI8UG/ref=sr_1_5?ie=UTF8&qid=1540250481&sr=8-5&keywords=ev+charger+level+2&dpID=31CKNfY5XzL&preST=_SY300_QL70_&dpSrc=srch
Source: ea354192.pdfInitial sample: https://en.wikipedia.org/wiki/Phase-out_of_fossil_fuel_vehicles
Source: ea354192.pdfInitial sample: http://www.veloz.org/wp-content/uploads/2019/04/3_mar_2019_dashboard_pev_sales_veloz.pdf
Source: ea354192.pdfInitial sample: https://ccst.us/wp-content/uploads/Chapter-3-v2.pdf
Source: ea354192.pdfInitial sample: http://www.ncsl.org/research/energy/renewable-portfolio-standards.aspx
Source: ea354192.pdfInitial sample: https://www.greencarreports.com/news/1121693_colorado-to-launch-smart-charging-pilot-program-as-it-prepares-for-evs
Source: ea354192.pdfInitial sample: https://www.amazon.com/dp/B019DKKR7S/ref=emc_b_5_t
Source: ea354192.pdfInitial sample: http://www.caiso.com/informed/pages/stakeholderprocesses/completedclosedstakeholderinitiatives/demandresponse-proxydemandresource.aspx
Source: ea354192.pdfInitial sample: https://www.smart-energy.com/industry-sectors/electric-vehicles/the-uk-pilots-smart-ev-charging-hubs-with-v2g-and-storage/
Source: ea354192.pdfInitial sample: https://newmotion.com/the-future-of-ev-charging-with-v2x-technology
Source: ea354192.pdfInitial sample: https://www.amazon.com/JuiceBox-Pro-40-JuiceNet-WiFi-equipped/dp/B00UB9R4KO/ref=sr_1_4?ie=UTF8&qid=1540249557&sr=8-4&keywords=ev+charger+level+2&dpID=51lfr6rFmnL&preST=_SY300_QL70_&dpSrc=srch
Source: ea354192.pdfInitial sample: https://www.businesswire.com/news/home/20181031005476/en/EDF-Energy-Nuvve-Corporation-Announce-Plans-Install
Source: ea354192.pdfInitial sample: https://ccst.us/wp-content/uploads/chapter-3-v2.pdf
Source: ea354192.pdfInitial sample: https://www.fleeteurope.com/en/smart-mobility/netherlands/article/amsterdam-pilots-v2g-charging?a=FJA05&t%5B0%5D=NewMotion&t%5B1%5D=Alliander&t%5B2%5D=Enervalis&t%5B3%5D=&curl=1
Source: ea354192.pdfInitial sample: https://www.amazon.com/OrionMotorTech-Portable-Electric-Recognized-Component/dp/B071DM35LT/ref=sr_1_1_sspa?ie=UTF8&qid=1540247654&sr=8-1-spons&keywords=ev+charger+level+1&psc=1
Source: ea354192.pdfInitial sample: https://www.eia.gov/outlooks/aeo/
Source: ea354192.pdfInitial sample: https://www.amazon.com/chargepoint-enabled-electric-vehicle-charger/dp/b071ydgjyz/ref=sr_1_3?ie=utf8&qid=1540249557&sr=8-3&keywords=ev+charger+level+2&dpid=51qbxnhllnl&prest=_sy300_ql70_&dpsrc=srch
Source: ea354192.pdfInitial sample: https://www.energy.ca.gov/research/notices/2017-12-05_workshop/presentations/03_UCB_XBOS-V.pdf
Source: ea354192.pdfInitial sample: https://www.amazon.com/ChargePoint-Enabled-Electric-Vehicle-Charger/dp/B071YDGJYZ/ref=sr_1_3?ie=UTF8&qid=1540249557&sr=8-3&keywords=ev+charger+level+2&dpID=51QbxnHlLnL&preST=_SY300_QL70_&dpSrc=srch
Source: ea354192.pdfInitial sample: https://afdc.energy.gov/evi-pro-lite
Source: ea354192.pdfInitial sample: https://doi.org/10.1016/j.jpowsour.2016.09.116
Source: ea354192.pdfInitial sample: https://www.amazon.com/maxgreen-electric-100-240volt-portable-ft-cable/dp/b07dwvflmw/ref=sr_1_fkmr1_3?ie=utf8&qid=1540252550&sr=8-3-fkmr1&keywords=ev+l1+charger+schedule
Source: ea354192.pdfInitial sample: https://www.amazon.com/MUSTART-Portable-Charger-Electric-Charging/dp/B077D5C86M/ref=sr_1_6?ie=UTF8&qid=1540249557&sr=8-6&keywords=ev+charger+level+2&dpID=419EGkiOb2L&preST=_SY300_QL70_&dpSrc=srch
Source: ea354192.pdfInitial sample: http://www.veloz.org/wp-content/uploads/2019/04/3_mar_2019_Dashboard_PEV_Sales_veloz.pdf
Source: ea354192.pdfInitial sample: https://www.amazon.com/zencar-portable-electric-charging-compatible/dp/b077n25ytg/ref=sr_1_3?ie=utf8&qid=1540247654&sr=8-3&keywords=ev+charger+level+1
Source: ea354192.pdfInitial sample: https://www.businesswire.com/news/home/20181031005476/en/edf-energy-nuvve-corporation-announce-plans-install
Source: ea354192.pdfInitial sample: https://about.bnef.com/electric-vehicle-outlook/
Source: ea354192.pdfInitial sample: https://www.amazon.com/Morec-Upgraded-Portable-220V-240V-Compatible/dp/B07DHFH8LW/ref=sr_1_1_sspa?ie=UTF8&qid=1540249557&sr=8-1-spons&keywords=ev+charger+level+2&psc=1
Source: ea354192.pdfInitial sample: https://www.amazon.com/mustart-portable-charger-electric-charging/dp/b077d5c86m/ref=sr_1_6?ie=utf8&qid=1540249557&sr=8-6&keywords=ev+charger+level+2&dpid=419egkiob2l&prest=_sy300_ql70_&dpsrc=srch
Source: ea354192.pdfInitial sample: https://www.amazon.com/juicebox-pro-40-juicenet-wifi-equipped/dp/b00ub9r4ko/ref=sr_1_4?ie=utf8&qid=1540249557&sr=8-4&keywords=ev+charger+level+2&dpid=51lfr6rfmnl&prest=_sy300_ql70_&dpsrc=srch
Source: ea354192.pdfInitial sample: http://www.caiso.com/informed/Pages/StakeholderProcesses/CompletedClosedStakeholderInitiatives/DemandResponse-ProxyDemandResource.aspx
Source: ea354192.pdfInitial sample: http://worldpopulationreview.com/states/
Source: ea354192.pdfInitial sample: https://autoalliance.org/energy-environment/advanced-technology-vehicle-sales-dashboard/
Source: ea354192.pdfInitial sample: https://en.wikipedia.org/wiki/phase-out_of_fossil_fuel_vehicles
Source: ea354192.pdfInitial sample: https://www.amazon.com/dp/b019dkkr7s/ref=emc_b_5_t
Source: ea354192.pdfInitial sample: https://www.energy.ca.gov/research/notices/2017-12-05_workshop/presentations/03_ucb_xbos-v.pdf
Source: ea354192.pdfInitial sample: https://evadoption.com/ev-models/
Source: ea354192.pdfInitial sample: https://www.amazon.com/orionmotortech-portable-electric-recognized-component/dp/b071dm35lt/ref=sr_1_1_sspa?ie=utf8&qid=1540247654&sr=8-1-spons&keywords=ev+charger+level+1&psc=1
Source: ea354192.pdfInitial sample: https://www.bloomberg.com/view/articles/2019-04-12/electric-vehicle-battery-shrinks-and-so-does-the-total-cost
Source: ea354192.pdfInitial sample: http://www.ren21.net/wp-content/uploads/2018/06/17-8652_gsr2018_fullreport_web_-1.pdf
Source: ea354192.pdfInitial sample: https://www.energy.gov/maps/renewable-energy-production-state
Source: ea354192.pdfInitial sample: https://www.elaad.nl/projects/invade/
Source: ea354192.pdfInitial sample: https://www.eia.gov/outlooks/aeo18/
Source: ea354192.pdfInitial sample: https://www.amazon.com/Zencar-Portable-Electric-Charging-Compatible/dp/B077N25YTG/ref=sr_1_3?ie=UTF8&qid=1540247654&sr=8-3&keywords=ev+charger+level+1
Source: ea354192.pdfInitial sample: https://www.amazon.com/siemens-us2-versicharge-installation-compatibility/dp/b00mfvi8ug/ref=sr_1_5?ie=utf8&qid=1540250481&sr=8-5&keywords=ev+charger+level+2&dpid=31cknfy5xzl&prest=_sy300_ql70_&dpsrc=srch
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7424Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-14 11-46-50-687.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: \Device\HarddiskVolume3\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: ea354192.pdfVirustotal: Detection: 14%
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ea354192.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1352,i,5345100234334298223,13379776298111162246,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1352,i,5345100234334298223,13379776298111162246,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: ea354192.pdfInitial sample: PDF keyword /JS count = 0
Source: ea354192.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: ea354192.pdfInitial sample: PDF keyword /Page count = 60
Source: ea354192.pdfInitial sample: PDF keyword stream count = 125
Source: ea354192.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: ea354192.pdfInitial sample: PDF keyword /ObjStm count = 7
Source: ea354192.pdfInitial sample: PDF keyword endobj count = 329
Source: ea354192.pdfInitial sample: PDF keyword endstream count = 125
Source: ea354192.pdfInitial sample: PDF keyword obj count = 329
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Spearphishing Link		1
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1591109 Sample: ea354192.pdf Startdate: 14/01/2025 Architecture: WINDOWS Score: 48 14 x1.i.lencr.org 2->14 16 bg.microsoft.map.fastly.net 2->16 18 Multi AV Scanner detection for submitted file 2->18 8 Acrobat.exe 18 78 2->8         started        signatures3 process4 process5 10 AcroCEF.exe 107 8->10         started        process6 12 AcroCEF.exe 2 10->12         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ea354192.pdf14%VirustotalBrowse
ea354192.pdf14%ReversingLabsDocument.Trojan.Heuristic

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://about.bnef.com/electric-vehicle-outlook/)0%Avira URL Cloudsafe
https://about.bnef.com/blog/cumulative-global-ev-sales-hit-4-million/)0%Avira URL Cloudsafe
http://www.veloz.org/wp-content/uploads/2019/04/3_mar_2019_Dashboard_PEV_Sales_veloz.pdf)0%Avira URL Cloudsafe
https://ccst.us/wp-content/uploads/Chapter-3-v2.pdf)0%Avira URL Cloudsafe
https://www.greencarreports.com/news/1121693_colorado-to-launch-smart-charging-pilot-program-as-it-p0%Avira URL Cloudsafe
https://autoalliance.org/energy-environment/advanced-technology-vehicle-sales-dashboard/)0%Avira URL Cloudsafe
https://www.fleeteurope.com/en/smart-mobility/netherlands/article/amsterdam-pilots-v2g-charging?a=FJ0%Avira URL Cloudsafe
https://www.energy.ca.gov/research/notices/2017-12-05_workshop/presentations/03_UCB_XBOS-V.pdf)0%Avira URL Cloudsafe
http://www.ren21.net/wp-content/uploads/2018/06/17-8652_GSR2018_FullReport_web_-1.pdf)0%Avira URL Cloudsafe
https://evadoption.com/ev-models/)0%Avira URL Cloudsafe
https://newmotion.com/the-future-of-ev-charging-with-v2x-technology)0%Avira URL Cloudsafe
https://www.elaad.nl/projects/invade/)0%Avira URL Cloudsafe
https://www.smart-energy.com/industry-sectors/electric-vehicles/the-uk-pilots-smart-ev-charging-hubs0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    x1.i.lencr.org
    		unknown
    		unknownfalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://insideevs.com/january-plug-in-car-sales-china-tripled/)ea354192.pdffalse
        		high
        http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
          		high
          https://www.amazon.com/ChargePoint-Enabled-Electric-Vehicle-Charger/dp/B071YDGJYZ/ref=sr_1_3?ie=UTF8ea354192.pdffalse
            		high
            https://www.eia.gov/outlooks/aeo18/)ea354192.pdffalse
              		high
              https://evadoption.com/ev-models/)ea354192.pdffalse
              • Avira URL Cloud: safe
              		unknown
              https://www.amazon.com/Maxgreen-Electric-100-240Volt-Portable-ft-Cable/dp/B07DWVFLMW/ref=sr_1_fkmr1_ea354192.pdffalse
                		high
                https://about.bnef.com/electric-vehicle-outlook/)ea354192.pdffalse
                • Avira URL Cloud: safe
                		unknown
                http://www.veloz.org/wp-content/uploads/2019/04/3_mar_2019_Dashboard_PEV_Sales_veloz.pdf)ea354192.pdffalse
                • Avira URL Cloud: safe
                		unknown
                https://about.bnef.com/blog/cumulative-global-ev-sales-hit-4-million/)ea354192.pdffalse
                • Avira URL Cloud: safe
                		unknown
                https://ccst.us/wp-content/uploads/Chapter-3-v2.pdf)ea354192.pdffalse
                • Avira URL Cloud: safe
                		unknown
                https://www.amazon.com/MUSTART-Portable-Charger-Electric-Charging/dp/B077D5C86M/ref=sr_1_6?ie=UTF8&qea354192.pdffalse
                  		high
                  https://www.fleeteurope.com/en/smart-mobility/netherlands/article/amsterdam-pilots-v2g-charging?a=FJea354192.pdffalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://www.amazon.com/Zencar-Portable-Electric-Charging-Compatible/dp/B077N25YTG/ref=sr_1_3?ie=UTF8ea354192.pdffalse
                    		high
                    https://www.bloomberg.com/view/articles/2019-04-12/electric-vehicle-battery-shrinks-and-so-does-the-ea354192.pdffalse
                      		high
                      https://www.businesswire.com/news/home/20181031005476/en/EDF-Energy-Nuvve-Corporation-Announce-Plansea354192.pdffalse
                        		high
                        https://www.amazon.com/JuiceBox-Pro-40-JuiceNet-WiFi-equipped/dp/B00UB9R4KO/ref=sr_1_4?ie=UTF8&qid=1ea354192.pdffalse
                          		high
                          https://afdc.energy.gov/evi-pro-lite)ea354192.pdffalse
                            		high
                            https://www.amazon.com/dp/B019DKKR7S/ref=emc_b_5_t)ea354192.pdffalse
                              		high
                              https://doi.org/10.1016/j.jpowsour.2016.09.116)ea354192.pdffalse
                                		high
                                https://www.greencarreports.com/news/1121693_colorado-to-launch-smart-charging-pilot-program-as-it-pea354192.pdffalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.ren21.net/wp-content/uploads/2018/06/17-8652_GSR2018_FullReport_web_-1.pdf)ea354192.pdffalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.energy.ca.gov/research/notices/2017-12-05_workshop/presentations/03_UCB_XBOS-V.pdf)ea354192.pdffalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.amazon.com/OrionMotorTech-Portable-Electric-Recognized-Component/dp/B071DM35LT/ref=sr_1_ea354192.pdffalse
                                  		high
                                  https://autoalliance.org/energy-environment/advanced-technology-vehicle-sales-dashboard/)ea354192.pdffalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.amazon.com/Morec-Upgraded-Portable-220V-240V-Compatible/dp/B07DHFH8LW/ref=sr_1_1_sspa?ieea354192.pdffalse
                                    		high
                                    http://worldpopulationreview.com/states/)ea354192.pdffalse
                                      		high
                                      https://www.amazon.com/Siemens-US2-VersiCharge-Installation-Compatibility/dp/B00MFVI8UG/ref=sr_1_5?iea354192.pdffalse
                                        		high
                                        https://www.eia.gov/outlooks/aeo/)ea354192.pdffalse
                                          		high
                                          http://www.caiso.com/informed/Pages/StakeholderProcesses/CompletedClosedStakeholderInitiatives/Demanea354192.pdffalse
                                            		high
                                            https://newmotion.com/the-future-of-ev-charging-with-v2x-technology)ea354192.pdffalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.energy.gov/maps/renewable-energy-production-state)ea354192.pdffalse
                                              		high
                                              https://www.elaad.nl/projects/invade/)ea354192.pdffalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.ncsl.org/research/energy/renewable-portfolio-standards.aspx)ea354192.pdffalse
                                                		high
                                                https://www.smart-energy.com/industry-sectors/electric-vehicles/the-uk-pilots-smart-ev-charging-hubsea354192.pdffalse
                                                • Avira URL Cloud: safe
                                                		unknown

                                                World Map of Contacted IPs

                                                No contacted IP infos

                                                General Information

                                                Joe Sandbox version:42.0.0 Malachite
                                                Analysis ID:1591109
                                                Start date and time:2025-01-14 17:45:52 +01:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:0h 4m 22s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:defaultwindowspdfcookbook.jbs
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:10
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Sample name:ea354192.pdf
                                                renamed because original name is a hash value
                                                Original Sample Name:Quantifying the Potential of Electric Vehicles to Provide Electric Grid Benefits in the MISO Area354192.pdf
                                                Detection:MAL
                                                Classification:mal48.winPDF@14/51@1/0
                                                Cookbook Comments:
                                                • Found application associated with file extension: .pdf
                                                • Found PDF document
                                                • Close Viewer

                                                Warnings

                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                • Excluded IPs from analysis (whitelisted): 2.23.240.205, 18.213.11.84, 54.224.241.105, 50.16.47.176, 34.237.241.83, 2.16.168.107, 2.16.168.105, 162.159.61.3, 172.64.41.3, 23.209.209.135, 199.232.210.172, 2.23.242.162, 23.41.168.139, 4.245.163.56, 13.107.246.45
                                                • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
                                                • Not all processes where analyzed, report is missing behavior information

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                11:47:00API Interceptor3x Sleep call for process: AcroCEF.exe modified

                                                Joe Sandbox View / Context

                                                IPs

                                                No context

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                bg.microsoft.map.fastly.netEcastillo-In Service Agreement.pdfGet hashmaliciousHTMLPhisherBrowse
                                                • 199.232.210.172
                                                2.ps1Get hashmaliciousUnknownBrowse
                                                • 199.232.210.172
                                                Payment Receipt.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                • 199.232.214.172
                                                AimPrivStoreAtt117.exeGet hashmaliciousUnknownBrowse
                                                • 199.232.210.172
                                                email.emlGet hashmaliciousunknownBrowse
                                                • 199.232.214.172
                                                http://www.brillflooring.comGet hashmaliciousUnknownBrowse
                                                • 199.232.214.172
                                                final shipping documents.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                • 199.232.214.172
                                                0dsIoO7xjt.docxGet hashmaliciousUnknownBrowse
                                                • 199.232.210.172
                                                original.emlGet hashmaliciousUnknownBrowse
                                                • 199.232.214.172
                                                original.emlGet hashmaliciousUnknownBrowse
                                                • 199.232.214.172

                                                ASNs

                                                No context

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):292
                                                Entropy (8bit):5.218474172726009
                                                Encrypted:false
                                                SSDEEP:6:iO86fVRwFVq2Pwkn2nKuAl9OmbnIFUtW6fVRlngZmwo6fVRlnIkwOwkn2nKuAl91:71RqvYfHAahFUtPRC/RRu5JfHAaSJ
                                                MD5:37C7357178D270FD5D0219672A60E3FD
                                                SHA1:828BBD4A24296D0A1745810B839BEC308E5D3D89
                                                SHA-256:A54CEAFEA2002CD6F922606C53B1334FC7277ABF32D22C6F1534915562144884
                                                SHA-512:B0E8C5FB29B04A752CF681B0B07CD368D79436BC06CD3140668BA73F37DD2531C1057E238885ABF8CD947309F90FFA90312A8CA16FAFF1E43E7E549DC3C81F74
                                                Malicious:false
                                                Reputation:low
                                                Preview:2025/01/14-11:46:48.029 1d84 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/14-11:46:48.031 1d84 Recovering log #3.2025/01/14-11:46:48.031 1d84 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):292
                                                Entropy (8bit):5.218474172726009
                                                Encrypted:false
                                                SSDEEP:6:iO86fVRwFVq2Pwkn2nKuAl9OmbnIFUtW6fVRlngZmwo6fVRlnIkwOwkn2nKuAl91:71RqvYfHAahFUtPRC/RRu5JfHAaSJ
                                                MD5:37C7357178D270FD5D0219672A60E3FD
                                                SHA1:828BBD4A24296D0A1745810B839BEC308E5D3D89
                                                SHA-256:A54CEAFEA2002CD6F922606C53B1334FC7277ABF32D22C6F1534915562144884
                                                SHA-512:B0E8C5FB29B04A752CF681B0B07CD368D79436BC06CD3140668BA73F37DD2531C1057E238885ABF8CD947309F90FFA90312A8CA16FAFF1E43E7E549DC3C81F74
                                                Malicious:false
                                                Reputation:low
                                                Preview:2025/01/14-11:46:48.029 1d84 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/14-11:46:48.031 1d84 Recovering log #3.2025/01/14-11:46:48.031 1d84 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):336
                                                Entropy (8bit):5.1553091850772965
                                                Encrypted:false
                                                SSDEEP:6:iO86fVRYlEq2Pwkn2nKuAl9Ombzo2jMGIFUtW6fVRYVUAiZmwo6fVRYnkwOwkn2g:71RYlEvYfHAa8uFUtPRYVU/RRYn5JfHA
                                                MD5:E09DF1218F288E16F7CB9CA270BB6BCB
                                                SHA1:838DAED1EB1894AB54B93BC3C8D6973652112766
                                                SHA-256:66DEE8DD08EB577CB56A5DD4390893E95BCDF85E3DBA655648D718FB2E2BF56F
                                                SHA-512:9792D7E7A7D9C2D79E00BFE35167C6233AD6BD7DA2BCA3B6DC1D1DBD4F9F83BF204C25B0F645080310B30A552C6FAD9D94327CAFB6D34149883234EB3F35EA95
                                                Malicious:false
                                                Reputation:low
                                                Preview:2025/01/14-11:46:48.161 1ec0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/01/14-11:46:48.162 1ec0 Recovering log #3.2025/01/14-11:46:48.163 1ec0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):336
                                                Entropy (8bit):5.1553091850772965
                                                Encrypted:false
                                                SSDEEP:6:iO86fVRYlEq2Pwkn2nKuAl9Ombzo2jMGIFUtW6fVRYVUAiZmwo6fVRYnkwOwkn2g:71RYlEvYfHAa8uFUtPRYVU/RRYn5JfHA
                                                MD5:E09DF1218F288E16F7CB9CA270BB6BCB
                                                SHA1:838DAED1EB1894AB54B93BC3C8D6973652112766
                                                SHA-256:66DEE8DD08EB577CB56A5DD4390893E95BCDF85E3DBA655648D718FB2E2BF56F
                                                SHA-512:9792D7E7A7D9C2D79E00BFE35167C6233AD6BD7DA2BCA3B6DC1D1DBD4F9F83BF204C25B0F645080310B30A552C6FAD9D94327CAFB6D34149883234EB3F35EA95
                                                Malicious:false
                                                Reputation:low
                                                Preview:2025/01/14-11:46:48.161 1ec0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/01/14-11:46:48.162 1ec0 Recovering log #3.2025/01/14-11:46:48.163 1ec0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\8c562307-3bfe-4bd5-98b7-992c4e458786.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:JSON data
                                                Category:modified
                                                Size (bytes):475
                                                Entropy (8bit):4.957917042250998
                                                Encrypted:false
                                                SSDEEP:12:YH/um3RA8sqnQ4hsBdOg2H3Acaq3QYiubInP7E4T3y:Y2sRdsbbdMH3r3QYhbG7nby
                                                MD5:3445EF9B82F829FD693158213488902D
                                                SHA1:CD64E88D0A87F79D057B254291A2EF0E583D3A79
                                                SHA-256:681B57F3FA7BCED8145911070F1206669BD0EEBE2F898DA05CDBC4F685157822
                                                SHA-512:279E8EDBA3F5618C34DF45FCFBC47E15F9DB21A0BAE626B227DF9CE636231BB7015A3582470352DCE75EC53A290602865F5E470FFC9E6A0A50BAD389ED6CC9F6
                                                Malicious:false
                                                Reputation:low
                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381433220689284","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":151359},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):475
                                                Entropy (8bit):4.957917042250998
                                                Encrypted:false
                                                SSDEEP:12:YH/um3RA8sqnQ4hsBdOg2H3Acaq3QYiubInP7E4T3y:Y2sRdsbbdMH3r3QYhbG7nby
                                                MD5:3445EF9B82F829FD693158213488902D
                                                SHA1:CD64E88D0A87F79D057B254291A2EF0E583D3A79
                                                SHA-256:681B57F3FA7BCED8145911070F1206669BD0EEBE2F898DA05CDBC4F685157822
                                                SHA-512:279E8EDBA3F5618C34DF45FCFBC47E15F9DB21A0BAE626B227DF9CE636231BB7015A3582470352DCE75EC53A290602865F5E470FFC9E6A0A50BAD389ED6CC9F6
                                                Malicious:false
                                                Reputation:low
                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381433220689284","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":151359},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):4730
                                                Entropy (8bit):5.25346937435616
                                                Encrypted:false
                                                SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo74EDCsOkEpZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goE
                                                MD5:F0584301B4596D45F51B764AD44BA16A
                                                SHA1:A0BF1583078A537243402CD3D980B6A4004AEEC7
                                                SHA-256:9432A330637EFD4AFF16211BCE241FF52528ED4D036BE3DFD299953FBD10EAA5
                                                SHA-512:8B27C6B9168EC67B7A206C3EEBE059D7B1A6BD16478CA235219384835A3B658DD46464293AC890853EE2F8BFC1A5F9AF24EF80857BF5A925AD7D630098C816A9
                                                Malicious:false
                                                Reputation:low
                                                Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):324
                                                Entropy (8bit):5.198962964791776
                                                Encrypted:false
                                                SSDEEP:6:iO86fVRXFZGIq2Pwkn2nKuAl9OmbzNMxIFUtW6fVRDZmwo6fVR/PG7kwOwkn2nKA:71RXFZGIvYfHAa8jFUtPRD/RR/m5JfHP
                                                MD5:BE5664191F5B94505E17C8E9B57218B5
                                                SHA1:BD241B7ED91C0869B123CA6666C374A3656B42F4
                                                SHA-256:CA448ED0D89134CC8BA05431826AF0D8227B34FC5175E8456FBFEF4B35A17961
                                                SHA-512:5AB650C0563067D25D3F8CF39EDD1AC1F983DD733C6A29691FB532740B1A102AACD37D1B68DDCB082B443CEDF3E505E5FAC2099586EE2FF4B26B6926BACFCA12
                                                Malicious:false
                                                Preview:2025/01/14-11:46:48.336 1ec0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/01/14-11:46:48.357 1ec0 Recovering log #3.2025/01/14-11:46:48.358 1ec0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):324
                                                Entropy (8bit):5.198962964791776
                                                Encrypted:false
                                                SSDEEP:6:iO86fVRXFZGIq2Pwkn2nKuAl9OmbzNMxIFUtW6fVRDZmwo6fVR/PG7kwOwkn2nKA:71RXFZGIvYfHAa8jFUtPRD/RR/m5JfHP
                                                MD5:BE5664191F5B94505E17C8E9B57218B5
                                                SHA1:BD241B7ED91C0869B123CA6666C374A3656B42F4
                                                SHA-256:CA448ED0D89134CC8BA05431826AF0D8227B34FC5175E8456FBFEF4B35A17961
                                                SHA-512:5AB650C0563067D25D3F8CF39EDD1AC1F983DD733C6A29691FB532740B1A102AACD37D1B68DDCB082B443CEDF3E505E5FAC2099586EE2FF4B26B6926BACFCA12
                                                Malicious:false
                                                Preview:2025/01/14-11:46:48.336 1ec0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/01/14-11:46:48.357 1ec0 Recovering log #3.2025/01/14-11:46:48.358 1ec0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250114164652Z-174.bmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                                                Category:dropped
                                                Size (bytes):71190
                                                Entropy (8bit):0.8988557156733402
                                                Encrypted:false
                                                SSDEEP:96:Ox1GDJrkkthwElI8peFFI7GN/vyUQIOUvfZr0vQ145vg9xf75eVNSqQpvHTZJfwh:Ox1qPmyePQGNwW2Q1454fwVCHHfT6
                                                MD5:5F6682623DF164BDDE37CCE3887096CF
                                                SHA1:077383D0BC684F69F067A94C1C190F4306FA3938
                                                SHA-256:6C5F0EC9940E80E0EF25F989A5E95C427D0039A26A299EB985A2751D7D469130
                                                SHA-512:77D0F83CBCB1123C5267B3A48AED8F20E2D2519825E2FFF0422E8097220E10B9855DD0CB009E65A054B6FC7C9D49015A14E821930F7A62DC8DD193D4B582B935
                                                Malicious:false
                                                Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                                                Category:dropped
                                                Size (bytes):86016
                                                Entropy (8bit):4.444874695850629
                                                Encrypted:false
                                                SSDEEP:384:yezci5tbiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rYs3OazzU89UTTgUL
                                                MD5:6D189A080F98DEAC313CE517596DC45F
                                                SHA1:75A1758BFC8DF3F562367BD29457F20510615E8B
                                                SHA-256:10C35843E9A325AD6FCC120E7E425701B8CA68E1A51B748952B0C7DA4AA8D843
                                                SHA-512:B22A24D00E68CD882E733E83FA8A3F1C05508297466DFF2E73E81DC9B5F1648D079402872B02A5D74C954C6F9C1A0E9EF07049E8A8AB6C655B652E5BDA815593
                                                Malicious:false
                                                Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:SQLite Rollback Journal
                                                Category:dropped
                                                Size (bytes):8720
                                                Entropy (8bit):3.7755349893667174
                                                Encrypted:false
                                                SSDEEP:48:7M6p/E2ioyVoYioy9oWoy1Cwoy1p7KOioy1noy1AYoy1Wioy1hioybioyzyoy1nD:7JpjuoYF6xXKQswZb9IVXEBodRBkP
                                                MD5:A4B4A65AAB5E753070FA1FD61AC9EE6C
                                                SHA1:7DBF5CE4803EC8F58DFBADF7B1EA412D472218D0
                                                SHA-256:C8B7D60EBB10AA36F6C07867C21173E4EDA1ADF2EE74B5A506A8A7330825F648
                                                SHA-512:595476AD7945663DC4642E4DC6AEBBD627BF1F5D8453CC74AADC39E04853415FC86A4A6540FDB32D982BBDCEC6C0E07FDDF901C80777AA419F4522BEA068D2E6
                                                Malicious:false
                                                Preview:.... .c.....3..<...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:Certificate, Version=3
                                                Category:dropped
                                                Size (bytes):1391
                                                Entropy (8bit):7.705940075877404
                                                Encrypted:false
                                                SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                                MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                Malicious:false
                                                Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                Category:dropped
                                                Size (bytes):71954
                                                Entropy (8bit):7.996617769952133
                                                Encrypted:true
                                                SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                Malicious:false
                                                Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):192
                                                Entropy (8bit):2.779094196322516
                                                Encrypted:false
                                                SSDEEP:3:kkFklrkMhfllXlE/HT8kr0JtNNX8RolJuRdxLlGB9lQRYwpDdt:kK3M6T8iWTNMa8RdWBwRd
                                                MD5:22495CA09FE68A1A32D7B6F11D4DC2DA
                                                SHA1:E14D375DB57BB107F4B2F5E069E20810ED8FD034
                                                SHA-256:846C7A3904EAB3CE0910E51A822EFC28E8AE43CD07A01473B59B89DFDDEFB7F6
                                                SHA-512:1914940EF9EB2E8B9FE70DCA5A5C5D40F9ED6200181B2FC93217C0F3B8F99E91B0FBB5AC7D35D4390A1FD2BCF5141D10A7A814BDF7A49C53E435FB07B019C296
                                                Malicious:false
                                                Preview:p...... .........A..f..(....................................................... ..........W.....J..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:data
                                                Category:modified
                                                Size (bytes):328
                                                Entropy (8bit):3.241800306278292
                                                Encrypted:false
                                                SSDEEP:6:kKpfn99UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:ZnkDImsLNkPlE99SNxAhUe/3
                                                MD5:BE8CE8C9BFF9392552DAC41CCBBE89D5
                                                SHA1:0504321503E7EBB009DBE08ED588F35702920E50
                                                SHA-256:3BE10974D62795595526788C266E6BFE86A06E4CEE34B032C7082E9876935946
                                                SHA-512:34600C8AFC5950D465B29BAC58AAB7B8490B9ABD93FDEAF58DA3149A36C345E71DE0D0C9ACBEF7ADA91E30212DDFC3AA8C19DF40AFFA4DF819702D7DAFE0F510
                                                Malicious:false
                                                Preview:p...... ........{....f..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:PostScript document text
                                                Category:dropped
                                                Size (bytes):1233
                                                Entropy (8bit):5.233980037532449
                                                Encrypted:false
                                                SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                Malicious:false
                                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7424

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:PostScript document text
                                                Category:dropped
                                                Size (bytes):1233
                                                Entropy (8bit):5.233980037532449
                                                Encrypted:false
                                                SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                Malicious:false
                                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:PostScript document text
                                                Category:dropped
                                                Size (bytes):1233
                                                Entropy (8bit):5.233980037532449
                                                Encrypted:false
                                                SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                Malicious:false
                                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:PostScript document text
                                                Category:dropped
                                                Size (bytes):10880
                                                Entropy (8bit):5.214360287289079
                                                Encrypted:false
                                                SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                MD5:B60EE534029885BD6DECA42D1263BDC0
                                                SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                Malicious:false
                                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7424

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:PostScript document text
                                                Category:dropped
                                                Size (bytes):10880
                                                Entropy (8bit):5.214360287289079
                                                Encrypted:false
                                                SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                MD5:B60EE534029885BD6DECA42D1263BDC0
                                                SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                Malicious:false
                                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):243196
                                                Entropy (8bit):3.3450692389394283
                                                Encrypted:false
                                                SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
                                                MD5:F5567C4FF4AB049B696D3BE0DD72A793
                                                SHA1:EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
                                                SHA-256:D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
                                                SHA-512:E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
                                                Malicious:false
                                                Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):295
                                                Entropy (8bit):5.3627065455190905
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXGYqGT+pdVoZcg1vRcR0Y5dcqoAvJM3g98kUwPeUkwRe9:YvXKXGYl+WZc0vDGMbLUkee9
                                                MD5:9D06483372AAF54D5A2A4565AF676D1E
                                                SHA1:B111C0050C09B3E6D7A18B0E5FA0CA808E683650
                                                SHA-256:940004372CCD0B5281233F807F6CE6AADEDBB185B080234EAB541BE221EA4CD5
                                                SHA-512:12916045AD28F5B0EDDDF571385CA02FCF9B5FB42141C84B7C491189F8EBB787936CAB4C59F45FB2AD1164A52F6CE9F0C09846CD13CF04FB3480F34F06C72B3B
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"ecda6f2c-7cf5-4902-bd95-bea482c331a2","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1737050828788,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):294
                                                Entropy (8bit):5.310221353545861
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXGYqGT+pdVoZcg1vRcR0Y5dcqoAvJfBoTfXpnrPeUkwRe9:YvXKXGYl+WZc0vDGWTfXcUkee9
                                                MD5:8218D4CBCB1276AA025BC116DBD2B238
                                                SHA1:D4D4CDE5B6A8B43CF155F16201446967570F5DE6
                                                SHA-256:2AD8EC24BA60FB1B4D1872C9C8CF235A020B710DDDB3FA54FBD3F821C60EDCC6
                                                SHA-512:12E165CB7D8894FE7ADD993FD7BFC0973E6B86DC5526C2834E02A5D4DFDCE3FB8E2EAD217D9185A94553B82A3CF181A51905EA301935433B292AEC833B4C738E
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"ecda6f2c-7cf5-4902-bd95-bea482c331a2","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1737050828788,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):294
                                                Entropy (8bit):5.287982423917687
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXGYqGT+pdVoZcg1vRcR0Y5dcqoAvJfBD2G6UpnrPeUkwRe9:YvXKXGYl+WZc0vDGR22cUkee9
                                                MD5:DFE1BD9B63C37F37D551639AD17CBB5B
                                                SHA1:DA5FA1431422D66C7AED4AE4AE0826CA2014BFCF
                                                SHA-256:AA7E9DD0050A6B12C559DFFD30C0009078816459CD2D2093076E49DF0BE7ABBF
                                                SHA-512:8B40357DA648619993A5E161087FBA3B9178A5B9AAA918158BAE58D1F50DF19DB17EAB4D1805E8DA02062E5316A2314DA47031641F30C0A772A89F94E9DD1B5C
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"ecda6f2c-7cf5-4902-bd95-bea482c331a2","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1737050828788,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):285
                                                Entropy (8bit):5.349694004668702
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXGYqGT+pdVoZcg1vRcR0Y5dcqoAvJfPmwrPeUkwRe9:YvXKXGYl+WZc0vDGH56Ukee9
                                                MD5:46678E4B6F3EE5CD872AB2ACAD1FF13D
                                                SHA1:99A9DB5452EAFDC66DFCE8DFD5E9FA244A177AF7
                                                SHA-256:DBC20BB69568D4638B5592956BA01A01CDAEE7695857C45C8AB816FB2822385B
                                                SHA-512:9DDE985C956A7F3CA49F7E4F6860D7C650E2056919F8BA969F449AA15BDA2E2084DC665D816C17F605788A9A4D81011BD3A46D9255C199552293BBDC638BA365
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"ecda6f2c-7cf5-4902-bd95-bea482c331a2","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1737050828788,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):1123
                                                Entropy (8bit):5.689234728296636
                                                Encrypted:false
                                                SSDEEP:24:Yv6XGG+WzvYpLgE9cQx8LennAvzBvkn0RCmK8czOCCSh:YvOAhgy6SAFv5Ah8cv/h
                                                MD5:669063CC8FA2DCAD186E5333013694A3
                                                SHA1:B6A7FB92F0753A3FCC4BE02437484DAF39EC6E6B
                                                SHA-256:B52291C67476F4CB63833C55B6BCB9170E6BA27625C18B7603D58D942BC5B5FF
                                                SHA-512:C2F5B0A265BABAB55CEAB4C6EC4066C33632F91775A11C72BEE3147F7B3C8488A1526CC4FDD1EF99CC930FFCC92053C232877D4828D3452A525B240A651BC11C
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"ecda6f2c-7cf5-4902-bd95-bea482c331a2","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1737050828788,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):289
                                                Entropy (8bit):5.293973833327525
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXGYqGT+pdVoZcg1vRcR0Y5dcqoAvJf8dPeUkwRe9:YvXKXGYl+WZc0vDGU8Ukee9
                                                MD5:FDE1696ED907443702C806599D310B39
                                                SHA1:88B282468301428BAC9A47E110E09D49EBC1F103
                                                SHA-256:6A59FB1053AF8A2B3B68B54C97449516EF2AEDCF5D3335FED6012E527E58C7CE
                                                SHA-512:B1F81B3F7A71FF3A488BC60425E74CC578D643BB7DF58C02783D7B7666F50DD4B8C62B67177ED9ADD18C7B5175AD12BD7EA80995D5D0C161620EAA69B41A7FFA
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"ecda6f2c-7cf5-4902-bd95-bea482c331a2","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1737050828788,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):292
                                                Entropy (8bit):5.298227181018529
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXGYqGT+pdVoZcg1vRcR0Y5dcqoAvJfQ1rPeUkwRe9:YvXKXGYl+WZc0vDGY16Ukee9
                                                MD5:5F3A371A0FE213F258FF273B53B4FF12
                                                SHA1:668B2F1022DDAFE7339CCC3D70F96BDACF543EDC
                                                SHA-256:48A7FE982666D4EBC06E6CCBC26A8DEA7C9F739526BC89E05E92AD50A6675918
                                                SHA-512:62393D9A80F61C319834A4ED9C4311DF8E1C722D999AF2ACFECDF556AA62F1BDB143C436AD75629741459FE1CCF756D247E2DA09383D21C853EE30FE807A0C56
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"ecda6f2c-7cf5-4902-bd95-bea482c331a2","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1737050828788,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):289
                                                Entropy (8bit):5.3041478498106915
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXGYqGT+pdVoZcg1vRcR0Y5dcqoAvJfFldPeUkwRe9:YvXKXGYl+WZc0vDGz8Ukee9
                                                MD5:06ED023BBD70FA3ABE5164F3E7E77D9F
                                                SHA1:E6BAEF8FC7AEA8C2FB7FB618FBD3B28B52CEB1F3
                                                SHA-256:3A0A0883208FE24FE24362C40717536E621C45549FF2A2D472F2F9219B4B44CA
                                                SHA-512:5F3ABFC8A21510035DE617800DB9FE6F257549FA06C506FBCAA1852CCD8D83C04C094C01AE940BF719FA6838994B171FEFB77388303B758DC54896649B3083BB
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"ecda6f2c-7cf5-4902-bd95-bea482c331a2","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1737050828788,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):295
                                                Entropy (8bit):5.320196925879327
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXGYqGT+pdVoZcg1vRcR0Y5dcqoAvJfzdPeUkwRe9:YvXKXGYl+WZc0vDGb8Ukee9
                                                MD5:0E6BEC0FF20F7A19341CFFCB4BE800F9
                                                SHA1:C693F8FD97E9F8F408EBD5AE6CD6FC8AA898046F
                                                SHA-256:D23AED9A92AC47F7F0C040BBC3E9EC76E133AD9F33A8C5846F49C018629DA26E
                                                SHA-512:49A4AAFC8AEBD099E8DAB67302FB3C0509EEAAE5062F3DD7441A0D953FA67E6A62EE65DAE5E4075C95F4B95AF9BCCA104EEB330CA0178D577556CD3E9324071F
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"ecda6f2c-7cf5-4902-bd95-bea482c331a2","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1737050828788,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):289
                                                Entropy (8bit):5.301135446627151
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXGYqGT+pdVoZcg1vRcR0Y5dcqoAvJfYdPeUkwRe9:YvXKXGYl+WZc0vDGg8Ukee9
                                                MD5:12C42BA5EA74E6C317E99919EEDFC83E
                                                SHA1:B5F67141C6601F5F3B342F1BE82B6BE0C98BF356
                                                SHA-256:C996544E10DEF36A75CA7F46EBF2EE22F441E36AD0A1CD3E96E95C7E3EEEE18C
                                                SHA-512:516211806CDF54F6DCCF092BB8C7C2B5471AFD94E037FE6FDBBABB1D789B81F6FA9CE9C3A82E0AAC2E54C4C8EEED1D920FB218CCE7F0ECFC30F4027E3B7DCC27
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"ecda6f2c-7cf5-4902-bd95-bea482c331a2","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1737050828788,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):284
                                                Entropy (8bit):5.287504800635186
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXGYqGT+pdVoZcg1vRcR0Y5dcqoAvJf+dPeUkwRe9:YvXKXGYl+WZc0vDG28Ukee9
                                                MD5:B10F953570B53D282701A14A55FC7AB4
                                                SHA1:B939135972B6E1AB9D95F45D29AC1B32E5237151
                                                SHA-256:73FD8E473CD68BEEA7AE2E72166A802884672C5FC15F83A06ACE589BC0DE648D
                                                SHA-512:026D51C8E5177C1A74E6F20DE7BDFC54FDC109EBD814C27BE0B631007268794944EAC692A21BAF723D6A9A174E6EBBAFD5331D515A1E6BA414780BD632483713
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"ecda6f2c-7cf5-4902-bd95-bea482c331a2","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1737050828788,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):291
                                                Entropy (8bit):5.284674740544127
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXGYqGT+pdVoZcg1vRcR0Y5dcqoAvJfbPtdPeUkwRe9:YvXKXGYl+WZc0vDGDV8Ukee9
                                                MD5:3781322FF9DB16F1F6EC87F6B84F06A4
                                                SHA1:E0EA6090E68CA6D91CE84CBC99C1BACB6A18B450
                                                SHA-256:5AEDD75F73CC65D199C14A4E536D81F39C2CAFE492DB537F2E76EC2E4F515A1D
                                                SHA-512:0CED9B43647957FAA4F971098AFF798C8A7704A569696241E1A466928FFE111DF525B74925070F30E3D31C8E01F9C0C3965994F74EB77A7E1A3125077E2C88C3
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"ecda6f2c-7cf5-4902-bd95-bea482c331a2","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1737050828788,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):287
                                                Entropy (8bit):5.2896377750442225
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXGYqGT+pdVoZcg1vRcR0Y5dcqoAvJf21rPeUkwRe9:YvXKXGYl+WZc0vDG+16Ukee9
                                                MD5:464A4E13BFD6E20C455F5A8E2947DA41
                                                SHA1:4A48B64FE38A246A518169ACDF342C3A2D55652D
                                                SHA-256:925C565412846EC06715C66043424F9336F1C69FAB0E6D919465DE7F3B50B32C
                                                SHA-512:9F0174BD2CF20720C234E73EA16390E160EFA49998387AC0C3CBCA45AA9B5DFA87159E53C99D817878C1F1CF09EF526AEA2368B858AD41BBD2FA817E8051AA42
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"ecda6f2c-7cf5-4902-bd95-bea482c331a2","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1737050828788,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):1090
                                                Entropy (8bit):5.666101119401162
                                                Encrypted:false
                                                SSDEEP:24:Yv6XGG+WzvsamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSh:YvOiBgkDMUJUAh8cvMh
                                                MD5:867A9FB06B9D9F39376FF44118E4EDB4
                                                SHA1:837BC2FD763ECE11E1E41F6AD2D0B82B94FAD8D3
                                                SHA-256:E1461DD86E269F015B337B832EE1D6C2CFFD920C77793471345AE7534C55E5F7
                                                SHA-512:8F58BC5ECF51EB655CBA90A590137BD70D1FA8A1ABE3F080155CE862A9394D633EC68684EEF8C098731B5C8A312208E41ADE1DE54A4B58037957A54FBE5A436B
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"ecda6f2c-7cf5-4902-bd95-bea482c331a2","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1737050828788,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):286
                                                Entropy (8bit):5.264987253197071
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXGYqGT+pdVoZcg1vRcR0Y5dcqoAvJfshHHrPeUkwRe9:YvXKXGYl+WZc0vDGUUUkee9
                                                MD5:38A614D1E333A7F17B3332B9817562F0
                                                SHA1:57DA886B566931F0B69183715A09FAFF80C0B43B
                                                SHA-256:4D7EF7CF4160F477053DF34FB005B4892765E32B6B6E9B1C4ACD73A169529A31
                                                SHA-512:EFDEAA4A108BA993A30806980633166E1E6C38DC3E42471AB536EB5CBE5C4EACBF22CF485CA498BF1B8409632BD115D35C0A55D8D1CC174E20942414A6208431
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"ecda6f2c-7cf5-4902-bd95-bea482c331a2","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1737050828788,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):282
                                                Entropy (8bit):5.271375141970208
                                                Encrypted:false
                                                SSDEEP:6:YEQXJ2HXGYqGT+pdVoZcg1vRcR0Y5dcqoAvJTqgFCrPeUkwRe9:YvXKXGYl+WZc0vDGTq16Ukee9
                                                MD5:9CB0604A1C76B5D14A9EBC46143C403D
                                                SHA1:9B1C3724DFE160B673D1A72FFF72F86448249505
                                                SHA-256:04A3CE8861834BE2C286DEA127F5705E6DED97D6877231002D65BE35DAD878CD
                                                SHA-512:6AE7705D2334B3B6C2AD1F678695E42D4B38E109DA5ACBA2E3E9C727DD4F05E03465642144C9632EE577DB3756C1E06A4A14294A82A58EBF2C3D6D40EA42F402
                                                Malicious:false
                                                Preview:{"analyticsData":{"responseGUID":"ecda6f2c-7cf5-4902-bd95-bea482c331a2","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1737050828788,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):4
                                                Entropy (8bit):0.8112781244591328
                                                Encrypted:false
                                                SSDEEP:3:e:e
                                                MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                Malicious:false
                                                Preview:....

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):2814
                                                Entropy (8bit):5.135526118762805
                                                Encrypted:false
                                                SSDEEP:24:YbBaHvHayZf/MxuJw980rlff+jkPt58j0S271q2ThP2LSIC4GFUKx9JbV5Py9Zub:YYvQx2SQkPyFshP6LGFjx9JZM9K
                                                MD5:7153EE43B920A01FCEA7B5094ADBB4D1
                                                SHA1:7AB941BC6087935DC8D66529FC9F93FC61D2075B
                                                SHA-256:0729BE47186AD08A9190D2A9DA26FCEC99A3AEE107CC2D0AF5EC703BC5278D19
                                                SHA-512:DFABB413FC89547C4B4992E497306816F9D0571EE844788E325E8951BA7D580D197405D9714163C892E92C95115B55B44E3720A51D3DD88D132B1B90C27436F9
                                                Malicious:false
                                                Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"c9569abf6805647478ec0b7328d1eb3f","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1736873214000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"1e937c1df9e2f9ce6c3d08262e5b52ab","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1736873213000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"fdbedef90b3b342bd4517379d527a177","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1736873213000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"4d1a299ee8dbcc30ee925507c0110718","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1736873213000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"0033dbf571c34cab532be4a3fd550a6c","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1736873213000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"926f6ae632745e7b8fec96a8a36e6c06","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                                                Category:dropped
                                                Size (bytes):12288
                                                Entropy (8bit):1.1884968818121022
                                                Encrypted:false
                                                SSDEEP:48:TGufl2GL7msEHUUUUUUUUuSvR9H9vxFGiDIAEkGVvpc:lNVmswUUUUUUUUu+FGSIto
                                                MD5:49EFCCA55D0BCDA1A9B541FF6A6D9D29
                                                SHA1:943BFA70B1106ECB1960F5A5C5E254DB9D4D1B9F
                                                SHA-256:DE7A8F409A70741CDE9AC7C3B6C183BA107826A29007A826D71CFE00764B7D50
                                                SHA-512:54901B119F1DD8DE48195E55C80507D1A1C4736391ED89069DFDD530C8E398ED488F90FB4F05230E6140E2583C99A2D03A45693AFE604ADB7DBCC3B45F00A7FF
                                                Malicious:false
                                                Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:SQLite Rollback Journal
                                                Category:dropped
                                                Size (bytes):8720
                                                Entropy (8bit):1.6077558115663633
                                                Encrypted:false
                                                SSDEEP:48:7MlKUUUUUUUUUU8vR9H9vxFGiDIAEkGVvJqFl2GL7ms9:7LUUUUUUUUUUMFGSIt/KVms9
                                                MD5:701C9BAC825A488FE8C13106E905598B
                                                SHA1:2514229B5BCE27AA1B525A42C24BC04A87FFE397
                                                SHA-256:69848F1C88609BC44CBE780B1FAFCAFD1D4D305C79DCD90C4540C821076DDE80
                                                SHA-512:1595B20708C5254DCF5F904840B7920CA2EA5B827CB08BC55674414B6839B922303CEA5346B03486F61B3E78A94DE0BCCF688E0386F7A5B82954574716D0B40B
                                                Malicious:false
                                                Preview:.... .c...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):66726
                                                Entropy (8bit):5.392739213842091
                                                Encrypted:false
                                                SSDEEP:768:RNOpblrU6TBH44ADKZEgceu0dcthnyYUEmO3GKye0qOPpYyu:6a6TZ44ADEceTdcthn9lqzhK
                                                MD5:EE9285FC42E795A13E0DAFFC11791B18
                                                SHA1:B72A780ACFA43057D74BD9915BDA05620EBE814E
                                                SHA-256:BE49567FF9814F9133B3A05F4E871774D0B4C1E69D364C879DA626663AA99CB3
                                                SHA-512:F2FD22AD5FB7F22B0A390017FA3D28181CB046A5BEA73CCD86B7C0FBE9CDD82F7672EA3D6C3D2E9978CA2F3B1B89DC5215342189206B7CEBF0A5270B1C702BE0
                                                Malicious:false
                                                Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                                C:\Users\user\AppData\Local\Temp\MSIb28a7.LOG

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):246
                                                Entropy (8bit):3.5248044522866877
                                                Encrypted:false
                                                SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K84sClE0w:Qw946cPbiOxDlbYnuRKID0w
                                                MD5:432A0B3DB5658E1EA344BF867A6208C8
                                                SHA1:7C75F19119AE9F157AF6536F58069A28AE739929
                                                SHA-256:4076D295F306767140B8FB70C2A39B34DA77E84CF782A2E8B2224399407EB986
                                                SHA-512:5C0C8C48F06D83B182F9E7B9FE5533253347858C6708FA1CEF139F8FB753E399DF1B8BAC821356159D3C3139456F4AB3018E13F2C8FE32F6E210589410D85508
                                                Malicious:false
                                                Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.4./.0.1./.2.0.2.5. . .1.1.:.4.6.:.5.8. .=.=.=.....

                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-14 11-46-50-687.log

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:ASCII text, with very long lines (393)
                                                Category:dropped
                                                Size (bytes):16525
                                                Entropy (8bit):5.345946398610936
                                                Encrypted:false
                                                SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                                                MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                                                SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                                                SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                                                SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                                                Malicious:false
                                                Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):15114
                                                Entropy (8bit):5.32850556242959
                                                Encrypted:false
                                                SSDEEP:384:K0edGgrjhiHtSoFqU5aSGcggtghg+gTgnMTTouNqegI4Rf/rcumdWQl86AJAdEv4:KM7
                                                MD5:C0753235E6F14C162FBBF57A8C5D93C4
                                                SHA1:17856785450A47DCD8D0CE017230B1575DDEA107
                                                SHA-256:4103B386B8DC2405786C7B8AE3237D1249F139451ACDA071A445611052EB531D
                                                SHA-512:8B1FACD49E1F485092F484D90AF56A1A08073F10751C7B856A8263B5F61BA613AA7705515D88B0D1112D81143C40C1AF812E8D627F08E07C99DA2CC6F9D8A67A
                                                Malicious:false
                                                Preview:SessionID=de5bfb70-321d-4203-962b-e3deda64e7b7.1736873210723 Timestamp=2025-01-14T11:46:50:723-0500 ThreadID=3720 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=de5bfb70-321d-4203-962b-e3deda64e7b7.1736873210723 Timestamp=2025-01-14T11:46:50:724-0500 ThreadID=3720 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=de5bfb70-321d-4203-962b-e3deda64e7b7.1736873210723 Timestamp=2025-01-14T11:46:50:724-0500 ThreadID=3720 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=de5bfb70-321d-4203-962b-e3deda64e7b7.1736873210723 Timestamp=2025-01-14T11:46:50:724-0500 ThreadID=3720 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=de5bfb70-321d-4203-962b-e3deda64e7b7.1736873210723 Timestamp=2025-01-14T11:46:50:724-0500 ThreadID=3720 Component=ngl-lib_NglAppLib Description="SetConf

                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):29752
                                                Entropy (8bit):5.39299667461832
                                                Encrypted:false
                                                SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rU:A
                                                MD5:E1EA4B8C6ED504D9225A60C412583A5A
                                                SHA1:A9BBDB4C23931F783D48A00E65FBBF65EE9BA7F6
                                                SHA-256:F8D4245B72897E2B52B6D5A58683B262BC3964B24B29DD184E4F379E95E4FB31
                                                SHA-512:9F7871FCCE4A04BD10F9023AC645D7B9D59324A4D9FB212D81BED651D45D0A0CF1FB9E772FCC28BF08624356E0CD06EE1EDCC0A0382376DD5869A5BD3ACD485A
                                                Malicious:false
                                                Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\021ad75e-9310-482e-a89e-3e8e88c93e7d.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                Category:dropped
                                                Size (bytes):1407294
                                                Entropy (8bit):7.97605879016224
                                                Encrypted:false
                                                SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                                                MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                                                SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                                                SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                                                SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                                                Malicious:false
                                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\08b220cb-58f8-439d-815b-9e20475fcd0e.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                Category:dropped
                                                Size (bytes):386528
                                                Entropy (8bit):7.9736851559892425
                                                Encrypted:false
                                                SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                Malicious:false
                                                Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\8865a10a-7ca6-4c4c-be53-ce9a4f595274.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                Category:dropped
                                                Size (bytes):758601
                                                Entropy (8bit):7.98639316555857
                                                Encrypted:false
                                                SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                MD5:3A49135134665364308390AC398006F1
                                                SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                Malicious:false
                                                Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\ab3e03da-f804-45a6-a6f5-f3c465aff0c2.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                Category:dropped
                                                Size (bytes):1419751
                                                Entropy (8bit):7.976496077007677
                                                Encrypted:false
                                                SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                                                MD5:18E3D04537AF72FDBEB3760B2D10C80E
                                                SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                                                SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                                                SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                                                Malicious:false
                                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                Static File Info

                                                General

                                                File type:PDF document, version 1.5, 60 pages
                                                Entropy (8bit):7.978138540200381
                                                TrID:
                                                • Adobe Portable Document Format (5005/1) 100.00%
                                                File name:ea354192.pdf
                                                File size:3'891'514 bytes
                                                MD5:7fff1cb2b11866cf29a901cce8619a36
                                                SHA1:936a3da2ad73eff778f0a9aff0cb385466f9e625
                                                SHA256:ffafb3ba7d27a1a016efe5be737f65b5c2e835b92e29322ff4402da4c25effe4
                                                SHA512:e9133f59dcef277437521c31e835ab0fd3e0192a5d58954d0f50deaa05d349b55165c1e95b19d407e896aafd73db238bce45bc37e0f23fedc98256a219720d65
                                                SSDEEP:98304:lHIuVDHNJFFFH2jwKzvBWvTBC2oK8e+LlxIiaTQ+Hprh:lHICJv4wKzvww2ZEzWH
                                                TLSH:ED060123844DADCFD71A53F17B0F3D5D366A3222F1C966950325CB8A6A64A3F288711F
                                                File Content Preview:%PDF-1.5..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en-US) /StructTreeRoot 303 0 R/MarkInfo<</Marked true>>>>..endobj..2 0 obj..<</Type/Pages/Count 60/Kids[ 3 0 R 15 0 R 20 0 R 22 0 R 23 0 R 24 0 R 25 0 R 26 0 R 29 0 R 30 0 R 32 0 R 34 0 R 35 0 R 3

                                                File Icon

                                                Icon Hash:62cc8caeb29e8ae0

                                                Static PDF Info

                                                General

                                                Header:%PDF-1.5
                                                Total Entropy:7.978139
                                                Total Bytes:3891514
                                                Stream Entropy:7.986574
                                                Stream Bytes:3756088
                                                Entropy outside Streams:4.826253
                                                Bytes outside Streams:135426
                                                Number of EOF found:2
                                                Bytes after EOF:

                                                Keywords Statistics

                                                NameCount
                                                obj329
                                                endobj329
                                                stream125
                                                endstream125
                                                xref2
                                                trailer2
                                                startxref2
                                                /Page60
                                                /Encrypt0
                                                /ObjStm7
                                                /URI128
                                                /JS0
                                                /JavaScript0
                                                /AA0
                                                /OpenAction0
                                                /AcroForm0
                                                /JBIG2Decode0
                                                /RichMedia0
                                                /Launch0
                                                /EmbeddedFile0

                                                Image Streams

                                                IDDHASHMD5Preview
                                                116d635a2e554d8235d59bd6d758804ce5d781957ce4b2d8c0
                                                122d0d1e1f1f1e0dac307feddab02bee28b47d7e746700def1
                                                1380809a919492befe50d3038e1fb148db228cb35d52e9fe78
                                                148080baa9a4bafafe15028ca3e792e4de383cd8b77f389b54
                                                1144c4d84959382051f1d025ba59bd84535623eff71031f3b01

                                                Network Behavior

                                                Network Port Distribution

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Jan 14, 2025 17:47:00.729206085 CET6398953192.168.2.41.1.1.1

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Jan 14, 2025 17:47:00.729206085 CET192.168.2.41.1.1.10xc9b8Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Jan 14, 2025 17:47:00.736658096 CET1.1.1.1192.168.2.40xc9b8No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                Jan 14, 2025 17:47:01.436261892 CET1.1.1.1192.168.2.40xc5a5No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                Jan 14, 2025 17:47:01.436261892 CET1.1.1.1192.168.2.40xc5a5No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:11:46:47
                                                Start date:14/01/2025
                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ea354192.pdf"
                                                Imagebase:0x7ff6bc1b0000
                                                File size:5'641'176 bytes
                                                MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:1
                                                Start time:11:46:47
                                                Start date:14/01/2025
                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                Imagebase:0x7ff74bb60000
                                                File size:3'581'912 bytes
                                                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:3
                                                Start time:11:46:48
                                                Start date:14/01/2025
                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1352,i,5345100234334298223,13379776298111162246,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                Imagebase:0x7ff74bb60000
                                                File size:3'581'912 bytes
                                                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Disassembly

                                                No disassembly