Edit tour

Windows Analysis Report
Autonomous Medical Devices Incorporated - AGREEMENT.pdf

Overview

General Information

Sample name:	Autonomous Medical Devices Incorporated - AGREEMENT.pdf
Analysis ID:	1446156
MD5:	ca582ffeae72d8fbd737b4a2e96308ca
SHA1:	30c4037e4709a98bda7701f07a8dbf84cfc1e5a1
SHA256:	08fc670b30bb5fef3eca1af88c9942436d18124e81dfe7218016943d391a2134
Infos:

Errors Corrupt sample or wrongly selected analyzer.

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

IP address seen in connection with other malware

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 6984 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Autonomous Medical Devices Incorporated - AGREEMENT.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 824 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7188 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1636,i,13229278376060799718,1582003535039204585,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 8020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://newagreeement.myvnc.com/?hqggurcl" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2416 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1960,i,4143171357290156241,13071037754588390243,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Joe Sandbox View	IP Address: 1.1.1.1 1.1.1.1
Source: Joe Sandbox View	IP Address: 23.47.168.24 23.47.168.24
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Autonomous Medical Devices Incorporated - AGREEMENT.pdf

String found in binary or memory: https://newagreeement.myvnc.com/?hqggurcl)

Source: classification engine

Classification label: unknown0.winPDF@44/48@0/5

Source: Autonomous Medical Devices Incorporated - AGREEMENT.pdf

Initial sample: https://newagreeement.myvnc.com/?hqggurcl

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-22 17-55-46-939.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Autonomous Medical Devices Incorporated - AGREEMENT.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1636,i,13229278376060799718,1582003535039204585,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://newagreeement.myvnc.com/?hqggurcl"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1960,i,4143171357290156241,13071037754588390243,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1636,i,13229278376060799718,1582003535039204585,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1960,i,4143171357290156241,13071037754588390243,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Autonomous Medical Devices Incorporated - AGREEMENT.pdf	Initial sample: PDF keyword /JS count = 0
Source: Autonomous Medical Devices Incorporated - AGREEMENT.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Autonomous Medical Devices Incorporated - AGREEMENT.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Autonomous Medical Devices Incorporated - AGREEMENT.pdf

Initial sample: PDF keyword /ObjStm count = 7

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://newagreeement.myvnc.com/?hqggurcl)	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://newagreeement.myvnc.com/?hqggurcl)	Autonomous Medical Devices Incorporated - AGREEMENT.pdf	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.250.185.132	unknown	United States	15169	GOOGLEUS	false
8.8.8.8	unknown	United States	15169	GOOGLEUS	false
23.47.168.24	unknown	United States	16625	AKAMAI-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1446156
Start date and time:	2024-05-22 23:54:57 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 33s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Autonomous Medical Devices Incorporated - AGREEMENT.pdf
Detection:	UNKNOWN
Classification:	unknown0.winPDF@44/48@0/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document URL browsing timeout or error Close Viewer

Errors

Corrupt sample or wrongly selected analyzer.

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, MoUsoCoreWorker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 2.19.105.74, 54.144.73.197, 107.22.247.231, 18.207.85.246, 34.193.227.236, 88.221.110.59, 88.221.110.99, 162.159.61.3, 172.64.41.3, 23.57.90.81, 23.57.90.77, 23.57.90.76, 192.168.2.4, 142.250.185.163, 172.217.16.142, 173.194.76.84, 34.104.35.123, 142.250.186.138, 142.250.185.138, 142.250.186.170, 142.250.185.74, 142.250.185.234, 172.217.18.10, 142.250.186.106, 142.250.185.170, 142.250.185.202, 142.250.184.234, 216.58.212.138, 142.250.185.106, 142.250.184.202, 216.58.206.42, 172.217.18.106, 172.217.16.202, 88.221.110.91, 142.250.184.227, 172.217.23.110
Excluded domains from analysis (whitelisted): clients1.google.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, geo2.adobe.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: Autonomous Medical Devices Incorporated - AGREEMENT.pdf

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
23.47.168.24	PIO88938MB.docx.doc	Get hash	malicious	Unknown	Browse
	http://jimdo-storage.global.ssl.fastly.net/file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdf	Get hash	malicious	Unknown	Browse
	http://6.imimg.com/data6/Rfq/2024/3/404696953/HX/AW/IV/217882449/square-breathing-pdf.pdf	Get hash	malicious	Unknown	Browse
	phish_alert_iocp_v1.4.48 (23).eml	Get hash	malicious	HTMLPhisher	Browse
	https://app.nihaocloud.com/f/bf027d5695e84bac920c/	Get hash	malicious	Unknown	Browse
	MDE_File_Sample_f29ce0d93859cca71356213c6e187a644debf0c9.zip	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	https://docvmentdrive.au1.cdn-alpha.com/wordplusnero/Payment.pdf	Get hash	malicious	Unknown	Browse
	qqeng.pdf.lnk	Get hash	malicious	RHADAMANTHYS	Browse
	D21 .pdf.exe	Get hash	malicious	Unknown	Browse
	D21 .pdf.exe	Get hash	malicious	Unknown	Browse
1.1.1.1	PO-230821_pdf.exe	Get hash	malicious	FormBook, NSISDropper	Browse	www.974dp.com/sn26/?kJBLpb8=qaEGeuQorcUQurUZCuE8d9pas+Z0M0brqtX248JBolEfq8j8F1R9i1jKZexhxY54UlRG&ML0tl=NZlpi
	AFfv8HpACF.exe	Get hash	malicious	Unknown	Browse	1.1.1.1/
	INVOICE_90990_PDF.exe	Get hash	malicious	FormBook	Browse	www.quranvisor.com/usvr/?mN9d3vF=HHrW7cA9N4YJlebHFvlsdlDciSnnaQItEG8Ccfxp291VjnjcuwoPACt7EOqEq4SWjIf8&Pjf81=-Zdd-V5hqhM4p2S
	Go.exe	Get hash	malicious	Unknown	Browse	1.1.1.1/
239.255.255.250	https://github.com/Edoumou/T-Grant/files/15404347/2023.COMPLETE.TAX.ORGANIZER.pdf.zip	Get hash	malicious	Unknown	Browse
	https://l.mypad.in/Hxfu5y	Get hash	malicious	Unknown	Browse
	http://url599.estatementdelivery.com/ls/click?upn=u001.h5yowTV3YgByQ5KXv1aN2pQO1uBIjzSapKitRxKpKQh0sh5wI56jHfE4mYqC-2B6lSGdWfyJHEygBc6XW0vr79x5uE-2FqYNP2X2U5-2FpRLVdm6QvkCoZ5ATzgfZheQHogS7LHtxocFujMZgRpnuMqIpa8f4a1NemcucNTwddc4eoETo-3D_QLR_BZBi33829kV7bjXXEEzfpMVvkQCl2LPaHTAPGsIqmJywGabIgW3Muh5uWXw2ss9M49NIf3bDg9aqG-2F8h3Ujwt3ii0602q7OtTg9ja1FJ9GnQ7lutOUPdNa8nVI1tXntmQBbEW1T3cIBeEbuizwr7xcukeZjuyKGv-2B9kh8u4Tscym-2BygnOJkLYuTHlnsZNMcODCh5uMAaZza-2BJzCvX3eLa3l1xpZil1tZsd1Hz0xZv8-2FS81qu3d7etILzRIPCT-2F8fw0ZXFdFSnN30mOFeMGveVQ-3D-3D	Get hash	malicious	Unknown	Browse
	http://url599.estatementdelivery.com/ls/click?upn=u001.h5yowTV3YgByQ5KXv1aN2pQO1uBIjzSapKitRxKpKQh0sh5wI56jHfE4mYqC-2B6lSGdWfyJHEygBc6XW0vr79x5uE-2FqYNP2X2U5-2FpRLVdm6QvkCoZ5ATzgfZheQHogS7LHtxocFujMZgRpnuMqIpa8f4a1NemcucNTwddc4eoETo-3D_QLR_BZBi33829kV7bjXXEEzfpMVvkQCl2LPaHTAPGsIqmJywGabIgW3Muh5uWXw2ss9M49NIf3bDg9aqG-2F8h3Ujwt3ii0602q7OtTg9ja1FJ9GnQ7lutOUPdNa8nVI1tXntmQBbEW1T3cIBeEbuizwr7xcukeZjuyKGv-2B9kh8u4Tscym-2BygnOJkLYuTHlnsZNMcODCh5uMAaZza-2BJzCvX3eLa3l1xpZil1tZsd1Hz0xZv8-2FS81qu3d7etILzRIPCT-2F8fw0ZXFdFSnN30mOFeMGveVQ-3D-3D	Get hash	malicious	Unknown	Browse
	http://url599.estatementdelivery.com/ls/click?upn=u001.h5yowTV3YgByQ5KXv1aN2pQO1uBIjzSapKitRxKpKQh0sh5wI56jHfE4mYqC-2B6lSGdWfyJHEygBc6XW0vr79x5uE-2FqYNP2X2U5-2FpRLVdm6QvkCoZ5ATzgfZheQHogS7LHtxocFujMZgRpnuMqIpa8f4a1NemcucNTwddc4eoETo-3D_QLR_BZBi33829kV7bjXXEEzfpMVvkQCl2LPaHTAPGsIqmJywGabIgW3Muh5uWXw2ss9M49NIf3bDg9aqG-2F8h3Ujwt3ii0602q7OtTg9ja1FJ9GnQ7lutOUPdNa8nVI1tXntmQBbEW1T3cIBeEbuizwr7xcukeZjuyKGv-2B9kh8u4Tscym-2BygnOJkLYuTHlnsZNMcODCh5uMAaZza-2BJzCvX3eLa3l1xpZil1tZsd1Hz0xZv8-2FS81qu3d7etILzRIPCT-2F8fw0ZXFdFSnN30mOFeMGveVQ-3D-3D	Get hash	malicious	Unknown	Browse
	https://microsrcft.com/route/3a2badc2e16ee67306027e92dfee2e7779d7afcd/	Get hash	malicious	Unknown	Browse
	http://inclucedhealth.com	Get hash	malicious	Unknown	Browse
	https://url.us.m.mimecastprotect.com/s/KCOEC2kqvrf0N8VsnT72v?bWV5ZXJzZXJ2aWNlcw==	Get hash	malicious	Unknown	Browse
	https://u32291210.ct.sendgrid.net/ls/click?upn=u001.zoYnZnzT1aNmxJyDpkt5-2F7ByDXhgHLoQINYxAMxqgpvOMLVzh2duB66JhsxmyNA-2B2oB29Sr-2BzUY3wsjUhL2w9w-3D-3DzLYR_E9PZ-2BNd-2BL-2FR-2FOsoqChC9LPbvFaV0s1njwxE0n9wyiNepBnXObnHyQf0Ox16EAtw0HITpr4QufWYHU-2FMF-2FYtG-2FUx1lneU2A8oshW8vQCDJT7V1aDwmGHrGPEUfNk-2BL7E29MeLQRurIdmGI6J2wW-2FHEHY-2FH2k1w8pcozxtLO-2FQcWd1Z75RHd6z6Rz-2FnYMpLiQR-2Ba6Xi9bSq62ph-2Fx4Wy5rEk14P2SsQkC1xAglbpMaIkGPriUiu1i-2B2SPtsxmQMUBDZ0yuyPlCYenGmrBDISDo28mqVRcU7H9gbpI-2BGBc7gVvsoFobGAujAwtvMDY6syXbecDgXgdAVZExexA5-2F-2BFj7hlD0KLoX1l18-2BMJWP6EQm4PLE1aaEf0CHd6Mv-2BtQe6ZVAV5UWiNWin1lJTOw7s646pCT7jQ-2BhEQUnqUx0NFHFw-2Bmufqblk5fJLT3I406XkF5yEDer67L0oXESfK4NfFP-2BSZQvG4M7Tdk7ilnyg4drSCxHDQjMQAiPuXIU-2F2jNL8okF8RQHSnGCCGSV-2FVhyiLxgTtwXulPsS2Pfu3VxcWTGee78ZvvJoPAMjUdELlc4orywF-2FtAFJFvQt1NfXJsHy53Ndf0bsLTzh5WDP36wbQGeqd29Fs7BRhhcsd7mwtzgDqbZIMmTLITIpAaSwSNsjJHx9DSMOeCo7pD2ZqTLCQ3vBDZPdARAZD3UIFbhBFKI-2FbBs-2FupWBBB7aPI45C-2BdGElT5AypObmE5PKEgXVuF3lxA5Y2t6mEIsVXGmQpPfKtAJaHYluOvTRB9DW7q9KOyI4Pcsi3FxeuuIe-2FTG0c9MAyO2HO1TSdYaqyoLpLsqtTsqyQMnFO0Yl8NPB6XwEOt9-2Bu9Rp-2F4LbHJTfJDyJ3Sh7-2FZwLkAx6u6SdyfnvRSGc93MbM37LnWS7aV-2F77ZN4aNVDIeDxxgTg34QEKNiFOrZiwODBLc0alaLuPjMMmsuwyWIiooz6VWDGfL0TJ-2FAMbeLtjov46V1xT-2Fg9WWXArp-2FAn7hYl6g1dGriic0McSexm	Get hash	malicious	Unknown	Browse
	https://github.com/ustaxes/UsTaxes/files/15378217/All.2023.Tax.Documents.zip	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	948209184.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	documentos.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	104.17.64.14
	https://l.mypad.in/Hxfu5y	Get hash	malicious	Unknown	Browse	188.114.97.3
	Ziraat Bankas#U0131 Swift Mesaj#U0131.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	104.17.64.14
	http://url599.estatementdelivery.com/ls/click?upn=u001.h5yowTV3YgByQ5KXv1aN2pQO1uBIjzSapKitRxKpKQh0sh5wI56jHfE4mYqC-2B6lSGdWfyJHEygBc6XW0vr79x5uE-2FqYNP2X2U5-2FpRLVdm6QvkCoZ5ATzgfZheQHogS7LHtxocFujMZgRpnuMqIpa8f4a1NemcucNTwddc4eoETo-3D_QLR_BZBi33829kV7bjXXEEzfpMVvkQCl2LPaHTAPGsIqmJywGabIgW3Muh5uWXw2ss9M49NIf3bDg9aqG-2F8h3Ujwt3ii0602q7OtTg9ja1FJ9GnQ7lutOUPdNa8nVI1tXntmQBbEW1T3cIBeEbuizwr7xcukeZjuyKGv-2B9kh8u4Tscym-2BygnOJkLYuTHlnsZNMcODCh5uMAaZza-2BJzCvX3eLa3l1xpZil1tZsd1Hz0xZv8-2FS81qu3d7etILzRIPCT-2F8fw0ZXFdFSnN30mOFeMGveVQ-3D-3D	Get hash	malicious	Unknown	Browse	1.1.1.1
	Dados Do Hospede.ppam	Get hash	malicious	Njrat	Browse	172.67.191.176
	56882720_50174358_2024-05-23_203027.xls	Get hash	malicious	Unknown	Browse	188.114.96.3
	Enquiry No. 2421005.xla.xlsx	Get hash	malicious	Unknown	Browse	188.114.96.3
	56882720_50174358_2024-05-23_203027.xls	Get hash	malicious	Unknown	Browse	188.114.97.3
	PYR0948.doc	Get hash	malicious	Unknown	Browse	104.21.74.191
AKAMAI-ASUS	a6lzHWp4pa.exe	Get hash	malicious	LummaC, CryptOne, LummaC Stealer, SmokeLoader, Vidar	Browse	23.195.238.96
	https://app.frame.io/presentations/52095d75-78f4-40d2-8ecd-505b67097ee1?component_clicked=digest_call_to_action&email_id=1d128434-b5ec-4195-8c8c-860eac345853&email_type=pending-reviewer-invite	Get hash	malicious	Unknown	Browse	23.56.162.185
	https://cs-server-s2s.yellowblue.io/sync-iframe	Get hash	malicious	Unknown	Browse	88.221.168.23
	Quarantined Messages.zip	Get hash	malicious	Unknown	Browse	2.19.126.160
	http://sallywilliamson.com	Get hash	malicious	Unknown	Browse	2.22.155.216
	New Voicemail Vote.html	Get hash	malicious	HTMLPhisher	Browse	104.97.44.213
	http://phantym-wallett.weebly.com/	Get hash	malicious	Unknown	Browse	23.37.48.101
	https://innate-acidic-slip.glitch.me/public/zn0u.htm?/NATWESTB.ANKCR.CARD/info.htm	Get hash	malicious	Unknown	Browse	23.36.234.187
	file.exe	Get hash	malicious	Vidar	Browse	92.122.104.90
	https://bizzerba.com/?ksoxtyqh&qrc=eaastsales@tronicsamerica.com	Get hash	malicious	HTMLPhisher	Browse	23.38.98.103

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.251453828885947
Encrypted:	false
SSDEEP:	6:DsuMq2Pwkn2nKuAl9OmbnIFUt86suHZmw+6suVkwOwkn2nKuAl9OmbjLJ:D1MvYfHAahFUt861H/+61V5JfHAaSJ
MD5:	140B7AA7B217ED5424A55B46E6F9D5C5
SHA1:	301F15675F4FF10646867004135CE90916B457EE
SHA-256:	F630AEF6BE723B259A0A6308FE01CD98CCCE882952130BA266B9573404F5E6E2
SHA-512:	E5D82F400870542C7567E6BC616D7AA89F4B805F89259DB385186B3C643ACEB365F57D94630BC0F2E28D982B69E29776096DF00DD9070A9E8158F8C4FE03CA4B
Malicious:	false
Reputation:	low
Preview:	2024/05/22-17:55:44.682 bf4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/05/22-17:55:44.684 bf4 Recovering log #3.2024/05/22-17:55:44.684 bf4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.251453828885947
Encrypted:	false
SSDEEP:	6:DsuMq2Pwkn2nKuAl9OmbnIFUt86suHZmw+6suVkwOwkn2nKuAl9OmbjLJ:D1MvYfHAahFUt861H/+61V5JfHAaSJ
MD5:	140B7AA7B217ED5424A55B46E6F9D5C5
SHA1:	301F15675F4FF10646867004135CE90916B457EE
SHA-256:	F630AEF6BE723B259A0A6308FE01CD98CCCE882952130BA266B9573404F5E6E2
SHA-512:	E5D82F400870542C7567E6BC616D7AA89F4B805F89259DB385186B3C643ACEB365F57D94630BC0F2E28D982B69E29776096DF00DD9070A9E8158F8C4FE03CA4B
Malicious:	false
Reputation:	low
Preview:	2024/05/22-17:55:44.682 bf4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/05/22-17:55:44.684 bf4 Recovering log #3.2024/05/22-17:55:44.684 bf4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.174801407415286
Encrypted:	false
SSDEEP:	6:DsuJq2Pwkn2nKuAl9Ombzo2jMGIFUt86suBzXZmw+6suWkwOwkn2nKuAl9Ombzos:D1JvYfHAa8uFUt861VX/+61W5JfHAa8z
MD5:	23315C52A402A4A1763E7EEBAF60C8D6
SHA1:	B60758D2BF7CE9C7EE48BBAD45CCAD14D7AD7A08
SHA-256:	026D36C679549E57B90D5793253EADC7828E2A88FF963A9C16F3CFADEC5160D5
SHA-512:	448071A921DB3CE0F621C78AEDC426D3F5F931B48DB50684C6159D1F80E608AC5B1506B0BB6AA122BB59E9BDF420E6C801BA9EB3474AA3F8CE60BC03BC5A4DA2
Malicious:	false
Reputation:	low
Preview:	2024/05/22-17:55:44.755 1c40 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/05/22-17:55:44.756 1c40 Recovering log #3.2024/05/22-17:55:44.757 1c40 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.174801407415286
Encrypted:	false
SSDEEP:	6:DsuJq2Pwkn2nKuAl9Ombzo2jMGIFUt86suBzXZmw+6suWkwOwkn2nKuAl9Ombzos:D1JvYfHAa8uFUt861VX/+61W5JfHAa8z
MD5:	23315C52A402A4A1763E7EEBAF60C8D6
SHA1:	B60758D2BF7CE9C7EE48BBAD45CCAD14D7AD7A08
SHA-256:	026D36C679549E57B90D5793253EADC7828E2A88FF963A9C16F3CFADEC5160D5
SHA-512:	448071A921DB3CE0F621C78AEDC426D3F5F931B48DB50684C6159D1F80E608AC5B1506B0BB6AA122BB59E9BDF420E6C801BA9EB3474AA3F8CE60BC03BC5A4DA2
Malicious:	false
Reputation:	low
Preview:	2024/05/22-17:55:44.755 1c40 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/05/22-17:55:44.756 1c40 Recovering log #3.2024/05/22-17:55:44.757 1c40 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\29efc47f-e870-4bed-9379-f6c4397127a9.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.971316048517525
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqD19JVSsBdOg2HXcaq3QYiubInP7E4T3y:Y2sRdsW1ZXdMHW3QYhbG7nby
MD5:	CDC62C1825D050282DDA8C9391AEA3A9
SHA1:	EF3ADC668900781DD8543EAB84F8429F9B574DB5
SHA-256:	37192B0D66700201D7059420C81A343AD2261E5BF499190D418125115D7C0D5C
SHA-512:	9522095569F0902EAC7840CFDC9BC97DCC6B67F481A45CCF5E33A17189A95205E845D0C0ADE22C681B5B46BC13399D9C0D2B1E44CCECB6413338B961BFDC41A6
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13360974957141655","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":184578},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.971316048517525
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqD19JVSsBdOg2HXcaq3QYiubInP7E4T3y:Y2sRdsW1ZXdMHW3QYhbG7nby
MD5:	CDC62C1825D050282DDA8C9391AEA3A9
SHA1:	EF3ADC668900781DD8543EAB84F8429F9B574DB5
SHA-256:	37192B0D66700201D7059420C81A343AD2261E5BF499190D418125115D7C0D5C
SHA-512:	9522095569F0902EAC7840CFDC9BC97DCC6B67F481A45CCF5E33A17189A95205E845D0C0ADE22C681B5B46BC13399D9C0D2B1E44CCECB6413338B961BFDC41A6
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13360974957141655","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":184578},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.250406088735075
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7OkkCRzcDpZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goK
MD5:	C131AAB7C6780E5B098E23983304A8BA
SHA1:	C86E08E7F907B36E79227C5448454C5DEBBCC570
SHA-256:	F09D3FBE0E2F16CA52E57F2A33D6F05C224F5C3CFDFCFB237EEB66F975481D3C
SHA-512:	850C28F35A4EEB7E1C238A06256496BDA539B0C3FCA1FDD2A97B1145CCF91AC17F58AE60D2C95F90F87BBB4A8B97E9DAAAFE1C83D43A1CF2572CCC62FBD7017E
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.171965050989925
Encrypted:	false
SSDEEP:	6:Ds0Oq2Pwkn2nKuAl9OmbzNMxIFUt86s4GZZmw+6s4GzkwOwkn2nKuAl9OmbzNMFd:DjOvYfHAa8jFUt86Ni/+6NO5JfHAa84J
MD5:	05660B12656A52EAEAF96474B6E364E3
SHA1:	7382A09C4BCE6F69592A48A87875DF83887B2AF3
SHA-256:	9C7896504B1D9C3159BF359BBA16C44E8CB2A390A864B6EC613692208A3A1B73
SHA-512:	C51E88E26502972AFFEB96811E8B629E58CFFE978624C5044498CA46F423AC7269036349D1E69498133FD2E9FB480393032384926E53C6DB9BE87D3E1A53BE93
Malicious:	false
Reputation:	low
Preview:	2024/05/22-17:55:45.384 1c40 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/05/22-17:55:45.503 1c40 Recovering log #3.2024/05/22-17:55:45.503 1c40 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.171965050989925
Encrypted:	false
SSDEEP:	6:Ds0Oq2Pwkn2nKuAl9OmbzNMxIFUt86s4GZZmw+6s4GzkwOwkn2nKuAl9OmbzNMFd:DjOvYfHAa8jFUt86Ni/+6NO5JfHAa84J
MD5:	05660B12656A52EAEAF96474B6E364E3
SHA1:	7382A09C4BCE6F69592A48A87875DF83887B2AF3
SHA-256:	9C7896504B1D9C3159BF359BBA16C44E8CB2A390A864B6EC613692208A3A1B73
SHA-512:	C51E88E26502972AFFEB96811E8B629E58CFFE978624C5044498CA46F423AC7269036349D1E69498133FD2E9FB480393032384926E53C6DB9BE87D3E1A53BE93
Malicious:	false
Reputation:	low
Preview:	2024/05/22-17:55:45.384 1c40 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/05/22-17:55:45.503 1c40 Recovering log #3.2024/05/22-17:55:45.503 1c40 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240522215549Z-163.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 164 x -102 x 32, cbSize 66966, bits offset 54
Category:	dropped
Size (bytes):	66966
Entropy (8bit):	5.073596645829244
Encrypted:	false
SSDEEP:	768:F9l81RnWWmWjQuvj9DEbp4ZCY44rnFw6fJ:FrWnWWXQ2j9DEbp4ZCY44rnFw6fJ
MD5:	CEE55DCC6DB807E15FEC83045D1DF9D8
SHA1:	5EA13D13C68D3DD94E7073291D6FC0B867657684
SHA-256:	E73D4B7A74F38134144868ED7FFC362FF99FB1B45476E9A84D943512F8D520ED
SHA-512:	C13E3D50A70525FAC4A096B34356CC49C0CADB2E533ED88CF864381B822F4E92EEC1795964C88EA1593DC8A3A8B0FC9BDA2F21E59B130C05616711F1218F659C
Malicious:	false
Preview:	BM........6...(............. .........................{{{.{{{.nnn.jjj.lll.lll.jjj.nnn.hhh.ttt.fff.sss.hhh.ooo.iii.mmm.kkk.lll.ooo.jjj.rrr.hhh.ttt.eee.qqq.kkk.ppp.lll.lll.ppp.lll.rrr.iii.ttt.hhh.rrr.hhh.ooo.kkk.mmm.ooo.jjj.ooo.hhh.qqq.ggg.rrr.ggg.ppp.iii.nnn.lll.lll.ooo.jjj.rrr.ggg.sss.ggg.qqq.iii.ooo.kkk.mmm.mmm.kkk.ppp.hhh.ttt.ggg.rrr.hhh.ppp.lll.mmm.nnn.kkk.qqq.iii.rrr.fff.sss.hhh.ppp.kkk.ooo.mmm.lll.ooo.jjj.rrr.iii.ttt.ggg.rrr.iii.ppp.mmm.nnn.ppp.lll.rrr.iii.ttt.hhh.sss.iii.ppp.kkk.ooo.mmm.lll.rrr.jjj.uuu.hhh.sss.hhh.qqq.jjj.ooo.nnn.mmm.ppp.kkk.qqq.iii.ttt.iii.sss.kkk.ooo.mmm.nnn.ooo.lll.rrr.jjj.sss.iii.sss.kkk.qqq.mmm.ppp.ppp.mmm.qqq.kkk.ttt.iii.ttt.iii.rrr.lll.qqq.ooo.ooo.rrr.lll.uuu.jjj.vvv.jjj.SSS.SSS.999.:::.???.@@@.AAA.AAA.@@@.>>>.@@@.MMM.JJJ.:::.777.666.777.===.BBB.@@@.>>>.FFF.HHH.@@@.???.FFF.CCC.<<<.:::.>>>.FFF.DDD.@@@.EEE.III.@@@.:::.;;;.:::.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.999.99

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 17, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 17
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.445445751929343
Encrypted:	false
SSDEEP:	384:SeMci5tgiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:k3s3OazzU89UTTgUL
MD5:	B27C43594542586096EC5E2C54121272
SHA1:	E5ED524C536C67A608CA398E884F913565C04E29
SHA-256:	9422DBA861F0344F149AE9E2B3E2B8E99469C586C1E0EBC55D70155B4FF4033F
SHA-512:	22B691AD9FFEB00CF7B03FF007ABB8F9C4154CE2232BC801EE66531B5EBA76745506ED5EAB8BAD4D653B033CCF39A91B26008CFA67961D56FFFD0224C8611DEF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	2.2136303849848047
Encrypted:	false
SSDEEP:	24:7+tlomnuwKqqLrzkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf92:7MSmnCqqvmFTIF3XmHjBoGGR+jMz+LhI
MD5:	D82F482A318F4DB132AF2474079604F8
SHA1:	61F1D1F23D413C18A5B2DEEBB4ABCBA61CC0AB02
SHA-256:	781DFBD5BCB29DBFB03B15C4F0DC55E4EFA266BAAE943FED9AD6970E9D19C1DB
SHA-512:	F8995B8D817F73B6649A2F3E5F032E62C485C1CA60E4CC750199A2B170196FFC13FC337BB65B7831D0F88007EE522CFBDDC2C1AFA830CB342FE57EF70CB9187B
Malicious:	false
Preview:	.... .c.....x.G.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1668

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	244540
Entropy (8bit):	3.3415042960460593
Encrypted:	false
SSDEEP:	1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwggErRo+RQn:yPClJ/3AYvYwgrFo+RQn
MD5:	758B42992DDFC41CB5E57069C621B54A
SHA1:	D0C28AF6CF1BD2208DA97DEDE57F6C78CEC98DCD
SHA-256:	55DF75758DD6CA825ED2DC9380EDC8469351191308C34CACFC44205197ABD25D
SHA-512:	437918372167A402005A728DCBBEF7B3A9580B794AD6A948A435C9D57C1672ACC1B7376E2A09113B66600EF5049D23625174256565BC639125A2F2BD07928926
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.357200483613533
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9b66QWkVoZcg1vRcR0YalqoAvJM3g98kUwPeUkwRe9:YvXKX9b66DlZc0v9ZGMbLUkee9
MD5:	CBC3B465355DDDABC850B0161B6D26D6
SHA1:	2A785C0C0F46842BC21E3534A69B3859FBCB528D
SHA-256:	6E79779249453EBB44B7C00ECE66497DB767B927F37FA3448673F01BD49BC3E2
SHA-512:	E0D3A86E133FE8D2BFA0D7ABD240D49AF4C98D3673C151F32C0E4DB6F1C1BE715046D77FBE92207859CDEFFE0D6F38ED69816F647098741A170906A962E0F275
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b2c5f4e4-32f6-4d0b-a53a-c4e2a4234d8c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716589685392,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.3051059653193215
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9b66QWkVoZcg1vRcR0YalqoAvJfBoTfXpnrPeUkwRe9:YvXKX9b66DlZc0v9ZGWTfXcUkee9
MD5:	38C967DCFBE23A57D8ABE310B06D9FB2
SHA1:	5277BCB323A02653A821833173783A4884A644F6
SHA-256:	D16FAE98D3CC34336E9B9C691C3215860A4279452E51468BFDDDA64A068BFCDB
SHA-512:	AF0DA01CA89E1608073B379DA20522ED767DB8A4B6F1CE2CB5873A2B6813C4A1D2984EE3A6E719F45936B4075CBB29B7A2F2E10542E2AE7A9CFB3BFEA5DA1FF8
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b2c5f4e4-32f6-4d0b-a53a-c4e2a4234d8c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716589685392,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.283244880064589
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9b66QWkVoZcg1vRcR0YalqoAvJfBD2G6UpnrPeUkwRe9:YvXKX9b66DlZc0v9ZGR22cUkee9
MD5:	A125AF173BD787951894F7364DC53B03
SHA1:	045627BE98E5500E545A2D8F8584B845C2F00BB8
SHA-256:	5C5F99E5DD57C715192386FDF9CF46E58F99BB3FAEDB3C1236E06E6DDC30820F
SHA-512:	74E0506E92A0281EC0014C9DAD4DB5A7872205BE53B49B38C076765DF14BEBBE183B92FB589213B71B0C831F5AAC7AF561F28B2C51A1BF24F018833F108AD6DE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b2c5f4e4-32f6-4d0b-a53a-c4e2a4234d8c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716589685392,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.343994747608565
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9b66QWkVoZcg1vRcR0YalqoAvJfPmwrPeUkwRe9:YvXKX9b66DlZc0v9ZGH56Ukee9
MD5:	FDEAB904371BAA4465CCD717FA935729
SHA1:	87DFBF08128D9485C4808A32F0E87D5C4EFA70BA
SHA-256:	657E37E72E5259E7C54C4B3845FC604529AAC3870D31AD8B46D7CD98B689AE75
SHA-512:	5BE2300A4FE232E7C6A15116AD60B4D1FCADFAE0289D567B572F2B2CD90C30FA4BB28D97A43F77C8214DD119AF9636D080F4CBCC1B89E20B90DDBA3AFA393A57
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b2c5f4e4-32f6-4d0b-a53a-c4e2a4234d8c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716589685392,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.302416686369252
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9b66QWkVoZcg1vRcR0YalqoAvJfJWCtMdPeUkwRe9:YvXKX9b66DlZc0v9ZGBS8Ukee9
MD5:	5A4B6D48C8CE63849F9CFB43F3B465E5
SHA1:	76E75301383DA6402D0E78A6D02D70F6D83BCB43
SHA-256:	359683146B595B84BD91457F6CFD8BE31A9FAC2FD639CCB57B0CB8A483053849
SHA-512:	2EA98D8402DCECCF6C9A5F61DA68D380DFED1F0BF10D007A931C668850FF464FF0662FAFF5C8F6545C67F989329717ECE07362C5FBF1EE331301F164A4DA15C6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b2c5f4e4-32f6-4d0b-a53a-c4e2a4234d8c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716589685392,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.288769943574574
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9b66QWkVoZcg1vRcR0YalqoAvJf8dPeUkwRe9:YvXKX9b66DlZc0v9ZGU8Ukee9
MD5:	C92739CD2152E94E89032BC303AE5EBD
SHA1:	71509CBFB5992BB2AAB2DE83E07E3EC74F4DC99C
SHA-256:	8587BA7785EADA351A232676DE9F0ACD7AF7BD6296FFE6C5BE950305A0F586AF
SHA-512:	C20AC5125E365B3569D861297F69982A3B472F400B3F583B738089E95EED68BD8783968F7391572AA5EFF81AC166EDA6B6390EB63E333542B0E44C9C0ACE8339
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b2c5f4e4-32f6-4d0b-a53a-c4e2a4234d8c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716589685392,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.293076755886329
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9b66QWkVoZcg1vRcR0YalqoAvJfQ1rPeUkwRe9:YvXKX9b66DlZc0v9ZGY16Ukee9
MD5:	E8E90D92D074D16CBAD870F7CD09E671
SHA1:	8D90482E24754740B3DF00E83D57C830F02F8A7E
SHA-256:	984ED724D6B9CEAFE86319573BA6454A530F3406CA9EADD12E348ECDACA830E0
SHA-512:	5153D412205EA11E8C3915201E778CF19D32E1060616B735B7C5628CE0EEA0CEA43D361B9EF6323E70DC28C442A506D2C68195C28E814B6B19B8381D711C2592
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b2c5f4e4-32f6-4d0b-a53a-c4e2a4234d8c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716589685392,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.298527475201213
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9b66QWkVoZcg1vRcR0YalqoAvJfFldPeUkwRe9:YvXKX9b66DlZc0v9ZGz8Ukee9
MD5:	B6747E0128EE7B469EB293FD08E563D9
SHA1:	DBAFD066B0A880EC5F76ACDD67C42D22F0EED1FA
SHA-256:	62F9CB263A2309D68E93EE76AEED02C653011ED153FDD0490DA445E15A04247A
SHA-512:	542CCB912D400500DCC434EF7177695E3E96B29B199F08BEAD83D4FD961EFB288A7BF0E1B080FEB0118857E3D6DE3ADCD081BB110569772FB322AEEE6189B7EB
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b2c5f4e4-32f6-4d0b-a53a-c4e2a4234d8c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716589685392,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.736272704267465
Encrypted:	false
SSDEEP:	24:Yv6X9Jlzv9FKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNR:YvSLEgigrNt0wSJn+ns8cvFJ3
MD5:	8BE59C76A8ED7A97F99CC909B0AB7B51
SHA1:	6A0290800E360D691BF7F9680D2971F3A75F2F0A
SHA-256:	C1B27CA9B2B4BB78DBE23D54401B211061C280CA53E680CB226334FDBF390075
SHA-512:	B3CC97E8D1C252A0044B975664FA3421255C21814946B7382A69591026D372AB1456FD8790CA05F6BC2AC8FFCE0E54B02B415308B2FD0B274828D307CC7DEE03
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b2c5f4e4-32f6-4d0b-a53a-c4e2a4234d8c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716589685392,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.295515072017672
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9b66QWkVoZcg1vRcR0YalqoAvJfYdPeUkwRe9:YvXKX9b66DlZc0v9ZGg8Ukee9
MD5:	70E80C3B1F3E4EA48A937C0511BFC09E
SHA1:	A05791147F5454EF816AE0847738B0203836AD19
SHA-256:	3CA0330CD734EEDCE7EF6BF5B049A57347223442D0FB74916220DE55625BADC8
SHA-512:	5303C6CDD38820A5585CA4F5F2D2F97D1398887D8A105AC43C2FC65A35A800574E8387284CAE6547D5AE4BD1E3CC866FE4A3BFEA450D18463EBAC6E92D21D74C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b2c5f4e4-32f6-4d0b-a53a-c4e2a4234d8c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716589685392,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.776836154707044
Encrypted:	false
SSDEEP:	24:Yv6X9Jlzv94rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNp:YvS2HgDv3W2aYQfgB5OUupHrQ9FJz
MD5:	CE44F92B3CF8939EC8185114ED35D373
SHA1:	968FB9DFEE54E00A8AAA31315632C6F4791E7F50
SHA-256:	FF75A5AD1D1BD070F8121361E0DEA9B951C5A660FD2DF09343CBA2770F339FCE
SHA-512:	6CE0825391D729F86F77D093E15CCBD572E281C090516F509074856D9CB80F9B1CA58289BEC0DB29A02029AB95D02A1A37417BD2D2EB63BF92D902BF69D33B82
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b2c5f4e4-32f6-4d0b-a53a-c4e2a4234d8c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716589685392,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.279092993938837
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9b66QWkVoZcg1vRcR0YalqoAvJfbPtdPeUkwRe9:YvXKX9b66DlZc0v9ZGDV8Ukee9
MD5:	060B51CE833D1FF10BF09EA43AF64475
SHA1:	E9C1614C1BF096F3E5193F2C682DC8366316F24D
SHA-256:	4CB10154053B2AC160156F3C42C7964869198198C16ED1FC091A0DBD39FCF5B2
SHA-512:	F5965AAE8E979E6DE8994504D045CBAA4B6FF62EF32D5100BCAA6EAED8797B2491879EB9616AAA2720667BAA2E0BBD7B4253353F5469CC1E1B54C4F2B6CC415C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b2c5f4e4-32f6-4d0b-a53a-c4e2a4234d8c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716589685392,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.283978234061159
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9b66QWkVoZcg1vRcR0YalqoAvJf21rPeUkwRe9:YvXKX9b66DlZc0v9ZG+16Ukee9
MD5:	191A6C30B6AE499B053D9D93448CEA6B
SHA1:	C9CD5376225CB0C9263F1BD45E863AAE130ED1B2
SHA-256:	A9D00760BB39B6CCFC2A58382356033D089533FCDFFA46376AA1DE85D20013E6
SHA-512:	88D0C157257492DB92B470EDBF002F728DDAD5FE48E91DF6343642423DECA4DDFE919C54AE3A632E2A7E2ED36E9116FB1AD1AD1F6B87BF74A34699558BFB300E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b2c5f4e4-32f6-4d0b-a53a-c4e2a4234d8c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716589685392,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.30235020077582
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9b66QWkVoZcg1vRcR0YalqoAvJfbpatdPeUkwRe9:YvXKX9b66DlZc0v9ZGVat8Ukee9
MD5:	CB4D6147C459F7A11EF529F8DF81A983
SHA1:	2BC3F94E692D550FC246E75173D79B310AF34AA6
SHA-256:	D8C87F29F8C013E42F532356E3FFF5BCFFEC231927523C5992556B9EF122EAA3
SHA-512:	DC73D0CF802B7863057598B89F4369E56F086FEA322BA7245992EDAA9E4C5A31CB48D1C9F2B8B3FA45344437E0DF686652E790C9901ED3F0C8A3CEFD85D8E686
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b2c5f4e4-32f6-4d0b-a53a-c4e2a4234d8c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716589685392,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.259307923609171
Encrypted:	false
SSDEEP:	6:YEQXJ2HX9b66QWkVoZcg1vRcR0YalqoAvJfshHHrPeUkwRe9:YvXKX9b66DlZc0v9ZGUUUkee9
MD5:	36EB77856AB5F3BEFBDD9A6D4E1B1E4F
SHA1:	8971A4814D3240C8B7B4986664C4673664FEB79E
SHA-256:	E44198FA7C5CC72F9CED0011B079123CB81C61406D38AA51F60A6659B10FAE07
SHA-512:	A6F4EE4668730AB9BA1B656B211D46BC4B132BD1553A1F2A0C0C629DA863D5FF6A6ED4B988D2BC2177480730E1816BFD44E4FD53705AE5D599F972F0E839C33E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b2c5f4e4-32f6-4d0b-a53a-c4e2a4234d8c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716589685392,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.367571750511344
Encrypted:	false
SSDEEP:	12:YvXKX9b66DlZc0v9ZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWt:Yv6X9Jlzv91168CgEXX5kcIfANhk
MD5:	9D277AD0728E8E2CA52844E3EA3969E8
SHA1:	F139B80D87E6D663A3AB89DD997EF9C4EE0942C4
SHA-256:	97A398FC780B0E95DB44B01AF44A527817ED4AB72652F98C6F050154E3A0A954
SHA-512:	D8D33A388DD81B1E6B84054D64BF4B2E5DAEEEE1C130EEAEBB03F7D1E8D4DE0AF4BEE58F4045FD027687C0577BF1E0DBB78B9715905A867128438A6A7B8E3C05
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b2c5f4e4-32f6-4d0b-a53a-c4e2a4234d8c","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716589685392,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1716414950424}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.14160235624993
Encrypted:	false
SSDEEP:	24:Y6kvUC+wqOBO40gBLakmayIbGzNsBjJj0S/vTRbX25f2LSZfL8c5I6Vh96umOG:YhcAqQLvhYE9fRzOf/fL8cCQh9K
MD5:	FBB27D45A1E84280EB648F79498C2136
SHA1:	636AF3AF7464442159CB070BD4DA2F4492BF3CBF
SHA-256:	70BF1FC9BE3E19454D6C47CC984566465DFCE90E1E154352769B797F1DF6BB7D
SHA-512:	406A9C60370A100FCFF769D7C12D2788C5F6BF1533F85A38D7C563F751417EF8EDBEA2C33235AF77F5D700927B292968D9A1C8A5520C9E5883CFBC4BF707932B
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"32492dca208f14c40398c15f909fbedb","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1716414950000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"6141081a22c8dcb69023ec6a15641b0d","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1716414950000},{"id":"Edit_InApp_Aug2020","info":{"dg":"29c33a2585c62066d5187fdb07cc588d","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1716414950000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"c0e073842c6a9e00416d42ccca4b9d78","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1716414950000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"5fc9ffb13531d8ec73d461f5cd1bf243","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1716414950000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"7f7c73569f477712db39e8c8afff470e","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1716414950000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 26, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 26
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.188285631957526
Encrypted:	false
SSDEEP:	48:Tll2GL7msETUUUUUUUwuTvR9H9vxFGiDIAEkGVvpCKJuuuF:fVmsQUUUUUUUbFGSItS/
MD5:	C6614C8EC261971732EA43737A2739B7
SHA1:	9FCCC2BD108766963A748A792BC3A23FA681A122
SHA-256:	B78A7FFC0746ECC5FF705E8D85B8AC5143A7585ACC6A032AEC558FE094D385C7
SHA-512:	5A2C9D92281F1F9A76D6626E1C9D327429AF1791B5E77AA87BEFB84DBFB5F2C81B6584B1CEB6976B9EA97DBA1B5618095044436F9728EF4325D43903D6F28FDE
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.6093987308695419
Encrypted:	false
SSDEEP:	48:7MVSsUUUUUUUUwuhSvR9H9vxFGiDIAEkGVvpcu3qGufl2GL7ms+:79sUUUUUUUUZ+FGSItPKNVms+
MD5:	1765C8BBFFFE4A74964A24A4685EA533
SHA1:	8A1157F98813F2CEC25EF17D1D7E5E42566A80B6
SHA-256:	277D6FD183B9FA7920148F2EE8039B5818F35D970D9D2D7CEAA6F56B2B7BE42E
SHA-512:	875E867FDA7AB9E55F0FFDD04A3E39D3D85710E25B58865C45739D093F3BF15F45EED113F04339A4001EBD1B7F472D728689D60465711055F1522C23CEF21F32
Malicious:	false
Preview:	.... .c.......K.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI3a4aa.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5004142083842487
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8lyCH:Qw946cPbiOxDlbYnuRKRCH
MD5:	F69D4A619D5E226A824B4CE503BCF2D0
SHA1:	E8290ECFD51CA10060E1F9CDAB091F9F655BE6B4
SHA-256:	1C1BB3F470EAC9DF3FDF1FE9F85FEC37547E63E590D9FEF59B30DF457D44EB85
SHA-512:	0DFE6204D25E033F8EA0B70CB3FE6CDEDB74733EA7EC02BCD47398601941F7BE8C6C690A27211AD51CF33A6B1D55750F634C0847C71765363668A5888EC72D2A
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.2./.0.5./.2.0.2.4. . .1.7.:.5.5.:.5.2. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91phv2w3_exedtq_1ac.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	127214
Entropy (8bit):	7.992938944970855
Encrypted:	true
SSDEEP:	3072:uswQeDPMQviqN8xfRmKMPcSnWlG1SS7Zqc6DOR44IxtUsi5:uswtPMMrSx+0SWlG1SSO6cYsi
MD5:	997CE5ED3633E8FF84C2F7D1F0E48E53
SHA1:	D22617BDF6D8DCE13E5FCBE9BDD57A812EE1E237
SHA-256:	E06C221FB5B43F5A25220D326EB501573C2E0CC9FBB31007BF79054B6F613907
SHA-512:	CE187CD9CE4CAC28B91CD0B090A70B15E28BC59BE0CC2A1E58F4257ACBAD5C05B40D7E1ECC8F16B626BC51AFE6817E524A4326F09C3FBA85637285EA1F3291D8
Malicious:	false
Preview:	PK........,C.X...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........>.X..lz............message.xml.]Ys..~...r..S.c...-.K....v.Y.KEK...E.H.......Z(...V.N.... ..p.s....(...$...o..=:.D..A.....w.....#....8..4;nGq.<.}?.>.#?.........,.Bq..G..v08....G.=.i.....~..Q.......4.....h...`............Z... ..~(.X.g.>..;8=...7.x.G.....v.{..^.y}s...#u+.. ...s.$.2.._t...Gyuz....x...&gO..8..$.hp#.W.@..V...x.OW.c.........."S.x...>.Y....L..1..I<..vL.{$......#.i...7X\l....S..^..?.)..9tX..V.=.3qL.a...b.Bv.....X\|..O. y.5u.19...d..}{..q.d..p}......)..l..r.fk..<..v..(..o......-.f_....h..e ......Z....K.;Ka..cB<....:..x.(...v{(..!@.Z...Bg.n.<..PD.".+..0.A..5.Y...x....9.]..........d.2.h......<.j........~.+.g...8r.....].lS.9..RX@.;..........9.....8.A.......?tq....&....0..t..]...aW.....<.....Ka.=XO..C........~.F3.+.b..Y.\.,..Cq6.n..8..b`..b..{.8.......2o.S.J3U.bx;S..L..Y..L.v..LU.g....%..0U.....\...P>...Q..e..p0#yKN.H.Br..Nh r..D..?..Vuh..q)o.D.]#h.M.A

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9sok0qh_exedtr_1ac.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	127214
Entropy (8bit):	7.992938944970855
Encrypted:	true
SSDEEP:	3072:uswQeDPMQviqN8xfRmKMPcSnWlG1SS7Zqc6DOR44IxtUsi5:uswtPMMrSx+0SWlG1SSO6cYsi
MD5:	997CE5ED3633E8FF84C2F7D1F0E48E53
SHA1:	D22617BDF6D8DCE13E5FCBE9BDD57A812EE1E237
SHA-256:	E06C221FB5B43F5A25220D326EB501573C2E0CC9FBB31007BF79054B6F613907
SHA-512:	CE187CD9CE4CAC28B91CD0B090A70B15E28BC59BE0CC2A1E58F4257ACBAD5C05B40D7E1ECC8F16B626BC51AFE6817E524A4326F09C3FBA85637285EA1F3291D8
Malicious:	false
Preview:	PK........,C.X...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........>.X..lz............message.xml.]Ys..~...r..S.c...-.K....v.Y.KEK...E.H.......Z(...V.N.... ..p.s....(...$...o..=:.D..A.....w.....#....8..4;nGq.<.}?.>.#?.........,.Bq..G..v08....G.=.i.....~..Q.......4.....h...`............Z... ..~(.X.g.>..;8=...7.x.G.....v.{..^.y}s...#u+.. ...s.$.2.._t...Gyuz....x...&gO..8..$.hp#.W.@..V...x.OW.c.........."S.x...>.Y....L..1..I<..vL.{$......#.i...7X\l....S..^..?.)..9tX..V.=.3qL.a...b.Bv.....X\|..O. y.5u.19...d..}{..q.d..p}......)..l..r.fk..<..v..(..o......-.f_....h..e ......Z....K.;Ka..cB<....:..x.(...v{(..!@.Z...Bg.n.<..PD.".+..0.A..5.Y...x....9.]..........d.2.h......<.j........~.+.g...8r.....].lS.9..RX@.;..........9.....8.A.......?tq....&....0..t..]...aW.....<.....Ka.=XO..C........~.F3.+.b..Y.\.,..Cq6.n..8..b`..b..{.8.......2o.S.J3U.bx;S..L..Y..L.v..LU.g....%..0U.....\...P>...Q..e..p0#yKN.H.Br..Nh r..D..?..Vuh..q)o.D.]#h.M.A

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-22 17-55-46-939.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16601
Entropy (8bit):	5.303256749656828
Encrypted:	false
SSDEEP:	384:HuSnaeIWkMHnS0SD4YIQOgDaqNGusB1A2UXz9JtIpVU+YhUBJiFsTgTiXOc7IpJO:Jm89
MD5:	98F35BE0FBB7870BD376CFBEAE0A9CA5
SHA1:	C4E41A6CA2573BAA4FC659CFEC06F24E435D6EA0
SHA-256:	C4C4F8F79296CD0E5E70AB4682B1516574610668A9741DD5A6C9EEDAFE1151B0
SHA-512:	FCCD1478567E454C72FE90ABAA14B1041B6C6E3D944ACAAC0F0ECBBB38C0E14D40E85B0B04B2B4830BBF1A8C6FCEB10313EC52138B70E19B4FCDFD55C9FB39F1
Malicious:	false
Preview:	SessionID=07e0ec4e-e8d9-4df1-9195-ff71d0e692ee.1716414946962 Timestamp=2024-05-22T17:55:46:962-0400 ThreadID=3804 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=07e0ec4e-e8d9-4df1-9195-ff71d0e692ee.1716414946962 Timestamp=2024-05-22T17:55:46:963-0400 ThreadID=3804 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=07e0ec4e-e8d9-4df1-9195-ff71d0e692ee.1716414946962 Timestamp=2024-05-22T17:55:46:963-0400 ThreadID=3804 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=07e0ec4e-e8d9-4df1-9195-ff71d0e692ee.1716414946962 Timestamp=2024-05-22T17:55:46:963-0400 ThreadID=3804 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=07e0ec4e-e8d9-4df1-9195-ff71d0e692ee.1716414946962 Timestamp=2024-05-22T17:55:46:963-0400 ThreadID=3804 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.388475083992443
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rS:gA1AIA7AJAHAFAcAUAeA6A6AlAPAhAdo
MD5:	1DAEEFBAF449741941D9FA82EE8586ED
SHA1:	E6F459711CF205695A302B77EAB5BB06C62BAA6C
SHA-256:	11796AB14D4A892588886567BB47A67288F88F02FE303CDD65B15916311440F8
SHA-512:	C90080971ABE4A5DD20081AACD9840417386CB2AC2FC9F4B3169C0B922AEFCB341B38630A0ABB09DC3189ACD873E92EEC43A820E6D7987363F73231A73B67F2E
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\059bf0cd-1d4a-4181-a41f-42c503682bd6.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\65528e2f-dfd7-4de8-b797-f55a10e0087e.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
MD5:	18E3D04537AF72FDBEB3760B2D10C80E
SHA1:	B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
SHA-256:	BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
SHA-512:	2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\9e2cbcea-2e9e-4531-98ae-ef21da2f51b2.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\a457223d-2b99-4863-9396-570b6347297d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.66829583405449
Encrypted:	false
SSDEEP:	3:So6FwHn:So6FwHn
MD5:	DD4A3BD8B9FF61628346391EA9987E1D
SHA1:	474076C122CACAAF112469FC62976BB69187AA2B
SHA-256:	7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
SHA-512:	FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
Malicious:	false
Preview:	<</Settings [/c <<>>].>>

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	85893
Entropy (8bit):	6.4285188239971465
Encrypted:	false
SSDEEP:	1536:Lh3s60i02RwxwFnZNt0zfIagnbSLDII+DY:LVs/i0C4IZN+gbE8pDY
MD5:	B7A9A5A223B9DCE0E7D10E2B32A0BA07
SHA1:	FFB925FA80873CF50D8CB6DA530BA8CD7F0D9922
SHA-256:	4EF52E63D45F5230C47DBD3764AA90768F708B24885579375724473BB3FFB255
SHA-512:	A46488535961F26B7E41E1BA98E2015627917366BE08B172B0A5377E5A4EC1C0BD14F1A4E2473B5831A7538B3554E818FE3349DA42C0F40E03B3474EC77532F4
Malicious:	false
Preview:	0..O.0..Mg...0....H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240403114831Z..240410114831Z0..L.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!......S....fNj'.wy..210602000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!......C.lm..B.*.....210602000001Z0!... .}...\|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	737
Entropy (8bit):	7.5099882082938105
Encrypted:	false
SSDEEP:	12:yeRLaWQMnFQlRmyOFfBS9i7u8meIHKbw2O9TrU/Y/QmpFlT1xaOu8OAbsHqvNDVk:y2GWnSmyOtci7umNbQ9TrUw/QmxT1xsD
MD5:	152F65AAA856C44E87C8ED561AE43C0F
SHA1:	B6440383DBC4D3446E91CBB58EEB8C8BD6671F50
SHA-256:	48AC59FC9FA38016B6D5A4CB5D89A2C0CABCD8A0404AF29FBE995B4AA647A292
SHA-512:	106287A2EA36511D229E6991638D99B796B24B05D4BC8AE75BE5E9B79EA7A324330A26B3B4028FC4A8523FB82D7E3F9A793AE0E9C1F377939956C5667E44381E
Malicious:	false
Preview:	0...0.....0....H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..240401194722Z..240422194722Z.00.0...U.#..0.......q]dL..g?....O0...U........0....H............._..T...?..G).L/..K..5...3.j(..G.D0...>...bH.p.O{..Y....^.]I.G......~r.Ye...Sy.....X...1........8'../...O...P;QO.-O.BUq......1s..(,....v....L.q..H.6j %..R.p..H..).;vt.....6...r]/.....4.%....G....J..3Y.....d....N....tu...q....2.wm..$...d...w...G?..h.?.+E...$d.........80X45[...A.7,.....s`...sS.g.]...].i...y].bu.U.......AP....T.d!...eB.`...u.....Z....&.....*$mY..q7.;.5..s..x.$.._..5.W..F?p@.+Ud-...&'...po$..4R7L.`.g.......J...........h...M(./>)..;.g....B..F.?>...Q{%.i.....!lm\|\|..cxb..

Static File Info

General

File type:	PDF document, version 1.7 (zip deflate encoded)
Entropy (8bit):	7.489417409130376
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Autonomous Medical Devices Incorporated - AGREEMENT.pdf
File size:	138'519 bytes
MD5:	ca582ffeae72d8fbd737b4a2e96308ca
SHA1:	30c4037e4709a98bda7701f07a8dbf84cfc1e5a1
SHA256:	08fc670b30bb5fef3eca1af88c9942436d18124e81dfe7218016943d391a2134
SHA512:	8292025299c85352271b73a92e1460b43f64f3fe6664aa5b62d55cfde5fc714de4a4ed7beb14f7d3933cf8943a82471379f42534fc6d7bb170b3631cd2905012
SSDEEP:	3072:0CyFdVXzXJaKOT2NqwsWm0qm099dDCXin9:7yZX/Q2PM739vAQ9
TLSH:	59D3CF9CA590C4C9C5FBCBF9D74BE6E7A22D4703258119B6725F4AC0070BE8EFA5B406
File Content Preview:	%PDF-1.7.%......905 0 obj.<</Filter/FlateDecode/First 5/Length 99/N 1/Type/ObjStm>>stream..h.24V0P...wq...H.)..B..D....K.P.5/9?%3/...pqs.O..(.Z..............M.@..Q..I..... %..9)...vv.......'..endstream.endobj.906 0 obj.<</Filter/FlateDecode/First 4/Length

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.489417
Total Bytes:	138519
Stream Entropy:	7.662569
Stream Bytes:	115837
Entropy outside Streams:	4.232210
Bytes outside Streams:	22682
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	22
endobj	22
stream	15
endstream	15
xref	0
trailer	0
startxref	1
/Page	0
/Encrypt	0
/ObjStm	7
/URI	2
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	1
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
18	33d6d6e6e6e66666	98d36d87a2b712c4f6ba87283b937df1

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 6984, Parent PID: 2580

General

Target ID:	0
Start time:	17:55:43
Start date:	22/05/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Autonomous Medical Devices Incorporated - AGREEMENT.pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 824, Parent PID: 6984

General

Target ID:	1
Start time:	17:55:44
Start date:	22/05/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7188, Parent PID: 824

General

Target ID:	3
Start time:	17:55:44
Start date:	22/05/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1636,i,13229278376060799718,1582003535039204585,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 8020, Parent PID: 4480

General

Target ID:	9
Start time:	17:56:08
Start date:	22/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://newagreeement.myvnc.com/?hqggurcl"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2416, Parent PID: 8020

General

Target ID:	10
Start time:	17:56:09
Start date:	22/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1960,i,4143171357290156241,13071037754588390243,262144 /prefetch:8
Imagebase:	0x7ff72bec0000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Autonomous Medical Devices Incorporated - AGREEMENT.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Errors

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\29efc47f-e870-4bed-9379-f6c4397127a9.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240522215549Z-163.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1668

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Windows Analysis Report
Autonomous Medical Devices Incorporated - AGREEMENT.pdf