Edit tour

Windows Analysis Report
NOTA_ACCR_11.PDF

Overview

General Information

Sample name:	NOTA_ACCR_11.PDF
Analysis ID:	1447160
MD5:	e6843c9d88e5dff3b04fa7eb6e3f3f52
SHA1:	0e07211f9b8704b444a70656b603b37a622881ad
SHA256:	2ce905cadfa90c99483047431ba23d00f81d3ef6a710a6b184def5f9283d02ee
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 6596 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\NOTA_ACCR_11.PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 2852 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7208 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1628,i,3488876338839633871,10701397785841666798,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.1.dr	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab

Source: classification engine

Classification label: clean0.winPDF@14/47@0/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6868

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-24 08-53-02-101.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\NOTA_ACCR_11.PDF"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1628,i,3488876338839633871,10701397785841666798,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1628,i,3488876338839633871,10701397785841666798,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: NOTA_ACCR_11.PDF	Initial sample: PDF keyword /JS count = 0
Source: NOTA_ACCR_11.PDF	Initial sample: PDF keyword /JavaScript count = 0

Source: NOTA_ACCR_11.PDF

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1447160
Start date and time:	2024-05-24 14:52:02 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 5s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	NOTA_ACCR_11.PDF
Detection:	CLEAN
Classification:	clean0.winPDF@14/47@0/0
Cookbook Comments:	Found application associated with file extension: .PDF Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 107.22.247.231, 18.207.85.246, 54.144.73.197, 34.193.227.236, 2.16.164.65, 2.16.164.59, 2.16.164.32, 2.16.164.42, 2.16.164.51, 2.16.164.64, 2.16.164.81, 2.16.164.49, 2.16.164.27, 172.64.41.3, 162.159.61.3, 2.16.202.123, 95.101.54.195, 69.192.160.136, 93.184.221.240, 72.247.154.160, 72.247.154.136
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com, wu.azureedge.net, a1952.dscq.akamai.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, apps.identrust.com, wu-b-net.trafficmanager.net, fs.microsoft.com, identrust.edgesuite.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

Time	Type	Description
08:53:12	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.229182439266949
Encrypted:	false
SSDEEP:	6:DC3v4q2Pwkn2nKuAl9OmbnIFUt86C/LJZmw+6C/LDkwOwkn2nKuAl9OmbjLJ:DC3v4vYfHAahFUt86CzJ/+6CzD5JfHAR
MD5:	1274DF30C126455A54FCC17467F05484
SHA1:	FE7A71B01419703EB781D35770DE12381F32267B
SHA-256:	D120ECBAE319709CF9CA0E742AC76503B38B749B60E5AC0966A7AC880394C31E
SHA-512:	F21DDD101056867ED836C9374D136F427DF2DDFE022448F0FA9D16050BF9AC5EF82284FC199E9016612FC0E4CA48447CDFEC501F10FBA73FACE9CEEEBD5F3B57
Malicious:	false
Reputation:	low
Preview:	2024/05/24-08:52:59.799 1bf0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/05/24-08:52:59.801 1bf0 Recovering log #3.2024/05/24-08:52:59.801 1bf0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.229182439266949
Encrypted:	false
SSDEEP:	6:DC3v4q2Pwkn2nKuAl9OmbnIFUt86C/LJZmw+6C/LDkwOwkn2nKuAl9OmbjLJ:DC3v4vYfHAahFUt86CzJ/+6CzD5JfHAR
MD5:	1274DF30C126455A54FCC17467F05484
SHA1:	FE7A71B01419703EB781D35770DE12381F32267B
SHA-256:	D120ECBAE319709CF9CA0E742AC76503B38B749B60E5AC0966A7AC880394C31E
SHA-512:	F21DDD101056867ED836C9374D136F427DF2DDFE022448F0FA9D16050BF9AC5EF82284FC199E9016612FC0E4CA48447CDFEC501F10FBA73FACE9CEEEBD5F3B57
Malicious:	false
Reputation:	low
Preview:	2024/05/24-08:52:59.799 1bf0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/05/24-08:52:59.801 1bf0 Recovering log #3.2024/05/24-08:52:59.801 1bf0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.189396631532638
Encrypted:	false
SSDEEP:	6:DC/stq2Pwkn2nKuAl9Ombzo2jMGIFUt86C/3sZZmw+6C/FFQkwOwkn2nKuAl9OmT:DCktvYfHAa8uFUt86CPsZ/+6C9S5JfHA
MD5:	E5ED11402BFC61C2F1DBF22F66A59004
SHA1:	0EAAD5DBABE5B97C66E57268F719B01B40EEEBE3
SHA-256:	3E7EDA1215DC0332BAF402587CAF4DFC866DCC46872DA59CE49A3704712A6979
SHA-512:	29F18D14CDB18705998E4031B3BD2A65214DB4EAD8015BE332759DF6F0598B77981AE75BF22A3DC868D84CF3AEA462C8897E405A9EDC31D3EDF262DEC5E0B82F
Malicious:	false
Reputation:	low
Preview:	2024/05/24-08:52:59.818 1c54 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/05/24-08:52:59.819 1c54 Recovering log #3.2024/05/24-08:52:59.820 1c54 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.189396631532638
Encrypted:	false
SSDEEP:	6:DC/stq2Pwkn2nKuAl9Ombzo2jMGIFUt86C/3sZZmw+6C/FFQkwOwkn2nKuAl9OmT:DCktvYfHAa8uFUt86CPsZ/+6C9S5JfHA
MD5:	E5ED11402BFC61C2F1DBF22F66A59004
SHA1:	0EAAD5DBABE5B97C66E57268F719B01B40EEEBE3
SHA-256:	3E7EDA1215DC0332BAF402587CAF4DFC866DCC46872DA59CE49A3704712A6979
SHA-512:	29F18D14CDB18705998E4031B3BD2A65214DB4EAD8015BE332759DF6F0598B77981AE75BF22A3DC868D84CF3AEA462C8897E405A9EDC31D3EDF262DEC5E0B82F
Malicious:	false
Reputation:	low
Preview:	2024/05/24-08:52:59.818 1c54 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/05/24-08:52:59.819 1c54 Recovering log #3.2024/05/24-08:52:59.820 1c54 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\270ce418-4898-4502-8dbb-71ed351451e2.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.969340035861989
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqFBxSsBdOg2Hmcaq3QYiubInP7E4T3y:Y2sRdsgdMHZ3QYhbG7nby
MD5:	DF9598A3178A124231C9DD3CE04A9B33
SHA1:	ECF32CFFB956942A4D051C210C8DFDCEA58788AD
SHA-256:	497BFBB51DF2037041F2E054D480B9F3E173BF2158BF0D3380A727039BA691FF
SHA-512:	A6CD77CA0C703BC6389F60FEE87D14D4C565EF4BB929817738136CD26BCA053811AD082549DD6504A00DC891D21D00F48842F897E7ED2026BA9E0675D390CE4B
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13361115185586770","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":168205},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.969340035861989
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqFBxSsBdOg2Hmcaq3QYiubInP7E4T3y:Y2sRdsgdMHZ3QYhbG7nby
MD5:	DF9598A3178A124231C9DD3CE04A9B33
SHA1:	ECF32CFFB956942A4D051C210C8DFDCEA58788AD
SHA-256:	497BFBB51DF2037041F2E054D480B9F3E173BF2158BF0D3380A727039BA691FF
SHA-512:	A6CD77CA0C703BC6389F60FEE87D14D4C565EF4BB929817738136CD26BCA053811AD082549DD6504A00DC891D21D00F48842F897E7ED2026BA9E0675D390CE4B
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13361115185586770","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":168205},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.261545653976532
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7BdUICnndZ:etJCV4FiN/jTN/2r8Mta02fEhgO73go4
MD5:	DC061BA941C0E27BEB544C7B7A164055
SHA1:	4E5B2A1068B81191DD819503FC6E9FE8809D79E0
SHA-256:	8E82FA1EF17CF595BE5373E76879D4E98A0D15DB43A4E6C46478BAB3E60EE9B3
SHA-512:	00CB66FD746F9287978E26C8D559DAF9C3CBCB8E188310401CF96DBC165B50801F28EC19C0E0621E212773C007711CBF8C907621C83926CB0903CADE2F687AA8
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.16456345305713
Encrypted:	false
SSDEEP:	6:DC4Vl1q2Pwkn2nKuAl9OmbzNMxIFUt86C4VjZmw+6C4V40zkwOwkn2nKuAl9Ombg:DCivYfHAa8jFUt86Ci/+6Cyz5JfHAa8E
MD5:	504148A39F51A648E92EB32286F20027
SHA1:	77960325ED380C5F74B161C7994E27807DB5FEB5
SHA-256:	B5BAC7FF33D04A7E06B3C8FE27B2C893E39FBF9891E3F9724DD788C13AF7871D
SHA-512:	D634786486E8C5FED5DA4AD5E38EE749D397BB2EF35AE9D73CAAA352F179D281CEA0157773FE0EA60A03F2B64B71DF19FE52402017FB5E0EC8472483484FF17D
Malicious:	false
Reputation:	low
Preview:	2024/05/24-08:53:00.118 1c54 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/05/24-08:53:00.180 1c54 Recovering log #3.2024/05/24-08:53:00.229 1c54 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.16456345305713
Encrypted:	false
SSDEEP:	6:DC4Vl1q2Pwkn2nKuAl9OmbzNMxIFUt86C4VjZmw+6C4V40zkwOwkn2nKuAl9Ombg:DCivYfHAa8jFUt86Ci/+6Cyz5JfHAa8E
MD5:	504148A39F51A648E92EB32286F20027
SHA1:	77960325ED380C5F74B161C7994E27807DB5FEB5
SHA-256:	B5BAC7FF33D04A7E06B3C8FE27B2C893E39FBF9891E3F9724DD788C13AF7871D
SHA-512:	D634786486E8C5FED5DA4AD5E38EE749D397BB2EF35AE9D73CAAA352F179D281CEA0157773FE0EA60A03F2B64B71DF19FE52402017FB5E0EC8472483484FF17D
Malicious:	false
Reputation:	low
Preview:	2024/05/24-08:53:00.118 1c54 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/05/24-08:53:00.180 1c54 Recovering log #3.2024/05/24-08:53:00.229 1c54 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240524125304Z-162.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	1.288604262217674
Encrypted:	false
SSDEEP:	48:m5qUe7kO89A6w4STAWtqqgJimly4q0TpZUCw4VJhnmSk9Xatl9RF4NvCgf5o1dSF:RkO8/w4OAV1fV3n6oEWQMw
MD5:	888CDF7A58C3695D343167C9B2E21D9F
SHA1:	6EF6FB43EAE22FF5F26719B51A8617A899772FF3
SHA-256:	218B419A8C30481B163F815376D4D24C477EEC29BB470C88DED7425AAF8C66A2
SHA-512:	F11B5BE48B6945E05E3D5A9D6A5137B52D0F19FDBD60027ACDC1E18F7F2798EB9066D0B36392229EA442AE37419E103AC945776DF979D4A858DAA6E2F8B1612E
Malicious:	false
Reputation:	low
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.445228716564698
Encrypted:	false
SSDEEP:	384:yezci5tGiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rJs3OazzU89UTTgUL
MD5:	4D8EBAC6A0F8980DAB43F051E9F074F0
SHA1:	940C8A31C909D38607DEB5E5760DD819485EE718
SHA-256:	3F7E57124CB37D9FC76BF20BE8B42F0BD3B9EDDE04409301D32655CF12E113D3
SHA-512:	F5453EE90536087E2F32869AB5E5C41F22D2AEE9E887517FDF1D28BD726A9EAD35407CB19C1E61647F6AB2EA1D24BD9EAD2DDBD72459FD4A50EA4AADD8A964F9
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.7755551976486537
Encrypted:	false
SSDEEP:	96:7XpjuE/iFO/DXKQg/ZiSb9IVXEBodRBkp:7Xpfu5jedRBG
MD5:	E4CBD66E94C11FBBE0C7A61A954F970B
SHA1:	09B8E9F78243A050F0D444B9F6C25389A1D31D98
SHA-256:	A2DAE86C4C38065000927AE31A70871DB770CEB0B056E01207255CE558D348F9
SHA-512:	D9FFC1D17707F43EA8AD964A167815DC4ECCA8641287837F6649D881DE8D651494439DA2BBA2373BD9E4FBEC917FF892C8EEB07DCBBE24E6A7F24DC4E89092DE
Malicious:	false
Preview:	.... .c......y ...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	69993
Entropy (8bit):	7.99584879649948
Encrypted:	true
SSDEEP:	1536:iMveRG6BWC7T2g1wGUa5QUoaIB9ttiFJG+AOQOXl0Usvwr:feRG6BX6gUaHo9tkBHiUewr
MD5:	29F65BA8E88C063813CC50A4EA544E93
SHA1:	05A7040D5C127E68C25D81CC51271FFB8BEF3568
SHA-256:	1ED81FA8DFB6999A9FEDC6E779138FFD99568992E22D300ACD181A6D2C8DE184
SHA-512:	E29B2E92C496245BED3372578074407E8EF8882906CE10C35B3C8DEEBFEFE01B5FD7F3030ACAA693E175F4B7ACA6CD7D8D10AE1C731B09C5FA19035E005DE3AA
Malicious:	false
Preview:	MSCF....i.......,...................I.................oXAy .authroot.stl.Ez..Q6..CK..<Tk...p.k..1...3...[..%Y.f..."K.6)..[I.hOB."..rK.RQ..}f..f...}....9.\|.....gA...30.,O2L...0..%.U...U.t.....`dqM2.x..t...<(uad.c...x5V.x..t..agd.v......i...KD..q(. ...JJ......#..'=. ...3.x...}...+T.K..!.'.`w .!.x.r.......YafhG..O.3....'P[..'.D../....n..t....R<..=\E7L0?{..T.f...ID...,...r....3z..O/.b.Iwx.. .o...a\.s........."..'.......<;s.[...l...6.)ll..B.P.....k.... k0.".t!/.,........{...P8....B..0(.. .Q.....d...q,\.$.n.Q.\.p...R..:.hr./..8.S<a.s...+#3....D..h1.a.0....{.9.....:e.......n.~G.{.M.1..OU.....B.Q..y_>.P{...}i.=.a..QQT.U..\|!.pyCD@.....l..70..w..)...W^.`l...%Y.\................i..=hYV.O8W@P.=.r.=..1m..1....)\.p..\|.c.3..t..[...).....l.{.Y....\S.....y....[.mCt....Js;...H....Q..F.....g.O...[..A.=...F[..z....k...mo.lW{`....O...T.g.Y.Uh.;m.'.N..f..}4..9i..t4p_bI..`.....Ie..l.P.... ...Lg......[....5g...~D.s.h'>n.m.c.7...-..P.gG...i$...v.m.b[.yO.P/*.YH.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	893
Entropy (8bit):	7.366016576663508
Encrypted:	false
SSDEEP:	24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
MD5:	D4AE187B4574036C2D76B6DF8A8C1A30
SHA1:	B06F409FA14BAB33CBAF4A37811B8740B624D9E5
SHA-256:	A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
SHA-512:	1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
Malicious:	false
Preview:	0..y...H.........j0..f...1.0....H.........N0..J0..2.......D....'..09...@k0....H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0....H.............0..........P..W..be......,k0.[...}.@......3vI.?!I..N..>H.e...!.e..2....w..{........s.z..2..~..0....8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i.....)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0....H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..\|.Wv..(9..e...w.j..w.......)...55.1.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	330
Entropy (8bit):	3.139206469813435
Encrypted:	false
SSDEEP:	6:kKlSlDN+SkQlPlEGYRMY9z+4KlDA3RUeVlWI/Vt:slMkPlE99SNxAhUeVLVt
MD5:	23B30DEEA2295EDF27E063213FE5DCCE
SHA1:	D2E5149583CAB68D84B3A9BE39656350C2D24E03
SHA-256:	1FEC0E987A022B57DD6B98D2D5D63D0FE6730A209741C4D20CC1B023D0890F77
SHA-512:	7DA30367A48C43E062259A2195CC67AF32A3221D7611B3E84A0BECF0B167B9F5B2DBC78716765AD9F68126FDA7685DAE9623778DE719A6B163208529D200B202
Malicious:	false
Preview:	p...... ...........h...(....................................................... ........M.........(...........i...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".b.3.6.8.5.3.8.5.a.4.7.f.d.a.1.:.0."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	252
Entropy (8bit):	3.026467887142631
Encrypted:	false
SSDEEP:	3:kkFklKSNllXfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7l3:kKZS31xliBAIdQZV7I7kc3
MD5:	5138BF1B70B601F415AA5406DC138DB4
SHA1:	0AD0963F7143C477D77E9041768B6929AE1957E6
SHA-256:	EE75299D7881D44401D9DCC1D2336CECC3B3DA4C078450B9D677FFEC0D46E8C8
SHA-512:	5BB6E13C01E33B9F347DFAEDE7965F092D926A8796C5BA1244B859C0A64B620C68A6CCAC542C3D8684C1A59583E76175AFEECFF1ED5A4EAF1CAF0AB4608D4007
Malicious:	false
Preview:	p...... ....`...v.?V...(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6868

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	243196
Entropy (8bit):	3.3450692389394283
Encrypted:	false
SSDEEP:	1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
MD5:	F5567C4FF4AB049B696D3BE0DD72A793
SHA1:	EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
SHA-256:	D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
SHA-512:	E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.368862201622063
Encrypted:	false
SSDEEP:	6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJM3g98kUwPeUkwRe9:YvXKX9UyN2Zc0veGMbLUkee9
MD5:	E6A01ED47584C497D6A93A9FA935A95F
SHA1:	A50F5D179911C01E630FE180C09BE79880AE278A
SHA-256:	4EF904AE3B4997682851C97D14577190373A837F51CA0A59E74910FF1B6052A4
SHA-512:	CAD2C9E15AC492C72EC8618DE4908B03645C041C1E221212ED8143A2F561E349A3877EBC2A036C986B4BC98EABC9AB7EA833EDCE4FDA2F010FC8ECA38FF0E53E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a84802fa-8a8c-4bdb-aa38-7df1649e4085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716729335951,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.318457930638335
Encrypted:	false
SSDEEP:	6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJfBoTfXpnrPeUkwRe9:YvXKX9UyN2Zc0veGWTfXcUkee9
MD5:	43D730D8B4475F2F22C8408F5A96E4CC
SHA1:	A45994EC37DCE8471A245760B2B3DBEC7DCCB413
SHA-256:	53A7DE03E1E461B00AEA9BB71FEFCA844822C528B140308674EF84814AB2AC3B
SHA-512:	852B6770E4F3EAC2009EC5DD568AA69D26BDBBBBC75D307C53A7B4EFEA08376D2A28878673BB3C67E274D4B29739B4E59ED77B837242C2C4603DE21DAA8553BE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a84802fa-8a8c-4bdb-aa38-7df1649e4085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716729335951,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.297164144865214
Encrypted:	false
SSDEEP:	6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJfBD2G6UpnrPeUkwRe9:YvXKX9UyN2Zc0veGR22cUkee9
MD5:	F559054C21FFC1198888428779E7405E
SHA1:	392D10AB4EF595861921F02C71D1D04DA6F9823D
SHA-256:	CFE783F65EC3E20B02657BA6D18E23E8D5A7027B80826CE8048D33BFE69F1868
SHA-512:	E2852D2903865FF009F5C8C42139CEFEAF1E364FFA42FA0F22BC6A0FCE4045466051BF5F0430642B12EE61EBF6D82C2504FE0FDB6F155B8998D867084431EACC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a84802fa-8a8c-4bdb-aa38-7df1649e4085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716729335951,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.356065648705111
Encrypted:	false
SSDEEP:	6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJfPmwrPeUkwRe9:YvXKX9UyN2Zc0veGH56Ukee9
MD5:	61CDF5DA423AE8778FE81A6B8244278E
SHA1:	B4513203A4238FE6321EF4A8865C03DAB0D898DF
SHA-256:	7EEA621FA66B648D0432EDAD65EE5CFE7072763FE85DA9EA7F568BB79B6E1AE5
SHA-512:	8AC3BDF6F4BB5CA06FA6A2E57F2191D79311C0C6B85A933E319BC26FD717414088EEA53AA1100505CE4015DDFB9FC38A981A47DC19DB2109686F6532D813BB73
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a84802fa-8a8c-4bdb-aa38-7df1649e4085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716729335951,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.314380638829615
Encrypted:	false
SSDEEP:	6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJfJWCtMdPeUkwRe9:YvXKX9UyN2Zc0veGBS8Ukee9
MD5:	A5A614EEFF71FE7B74DA2856CEEEA351
SHA1:	4F4FCC83688EFD1093F69A907690BCDAF5556392
SHA-256:	EA3DAB35AB9BD96CD620C30DD7D1C206706A2363EB423F9CE4CE8285A7EAED06
SHA-512:	73FD3C8AF92AA1F1B57B7AFA2AE95B8ADDEB02C9D3C64C2FF07185C8E23A5C0FA142E0BBEF2595D949C84A5A37061C53BB3B0722A9785EA6FFE1267CE03328A3
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a84802fa-8a8c-4bdb-aa38-7df1649e4085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716729335951,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.301518756594389
Encrypted:	false
SSDEEP:	6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJf8dPeUkwRe9:YvXKX9UyN2Zc0veGU8Ukee9
MD5:	F329F7FC14750C81AADA88B30E5A98D1
SHA1:	7A0E40B8D17990209F34EF67D5E21B24C28C1D47
SHA-256:	73DFE621AD7BF5BB0F09FECAD3E974876C1842F09934FE78E6F08328AEFC85F2
SHA-512:	A3091115C211774022281187CB24D6FD32DD83F551CADB02B0FB2A490E2F73A27F66D536D5D0225FE2058EE163E20E683BBA1FFBC70727C640AB7041025521EE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a84802fa-8a8c-4bdb-aa38-7df1649e4085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716729335951,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.306520173022594
Encrypted:	false
SSDEEP:	6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJfQ1rPeUkwRe9:YvXKX9UyN2Zc0veGY16Ukee9
MD5:	E248F93AE5A325B12623B72F12B3B103
SHA1:	B789027C402E3127F61BF7FC44BFFAA5046B87DE
SHA-256:	26BAA83247342773F1DCB3EEE1C40D45841D42CED4FA8A1798BC85E3294A5956
SHA-512:	643DDFA457B3766206CDE68D798DF0C1A03A721A0293AB6E150E139063698451422D4967E4589A55D33EE65BE571A2BDBBD0692148617AB03CD59D4073F3A2EC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a84802fa-8a8c-4bdb-aa38-7df1649e4085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716729335951,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.310321802865488
Encrypted:	false
SSDEEP:	6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJfFldPeUkwRe9:YvXKX9UyN2Zc0veGz8Ukee9
MD5:	AC25E5B07ADCA1778D8DF6A63E0B1A1D
SHA1:	20E0FF56AD924F9184E2E8F9C7DCA37520162A69
SHA-256:	66EA53EA93732DAC8C65EB77D9AA4FB2E596A60B017836D822593DCE5F579604
SHA-512:	EA051CA413A3383E11F1BF98AA3F222B1F3CF17B6869879705FC885B07C9304A5212B031F53B8343465C3466F80495534710FE977D9B15A36653DBAFC4019167
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a84802fa-8a8c-4bdb-aa38-7df1649e4085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716729335951,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.739946324863769
Encrypted:	false
SSDEEP:	24:Yv6X90zvaKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJN7:YvE8SEgigrNt0wSJn+ns8cvFJp
MD5:	B0AB0FC0AFD43BD8CE40916786552267
SHA1:	418B9CB5629DAE49103DB2B83F0D64B1555E07A9
SHA-256:	1BB3BCB1C2B74E299EADA8E6EE9D2A017358E7A28565BB0D2760492767D11FA1
SHA-512:	6DB6AB4DD09577EA1BD28AF73831C759E80D5837B7454F835BBDDFAD89BBBBB2B0247F87BE227666CA21AE3CAFCD9CAE850D4DBBFAFA2913433E2CEC3406D38C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a84802fa-8a8c-4bdb-aa38-7df1649e4085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716729335951,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.307603217756169
Encrypted:	false
SSDEEP:	6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJfYdPeUkwRe9:YvXKX9UyN2Zc0veGg8Ukee9
MD5:	D19966A72A43A03E32E0B3DFED9D615A
SHA1:	5842841DC354592047A5D6BF18CFC14D25A18F1F
SHA-256:	79ADCCF817E0220DC4105496B39816A7F291BF0458311CEFC2D51447A39F88BE
SHA-512:	24B76CA1D8D17F0E254FDE58AA5E9AAB72E04F39B071BD0EE645D19A4D343A84849F7C2598285E68BEA5FEE7B3B80AF81EA842FCC2C065E3A453874C69C8D941
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a84802fa-8a8c-4bdb-aa38-7df1649e4085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716729335951,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.779461824101886
Encrypted:	false
SSDEEP:	24:Yv6X90zvJrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNz:YvE8RHgDv3W2aYQfgB5OUupHrQ9FJV
MD5:	2C434E10252E51EAE098D6A0944E817D
SHA1:	24D42943F52B91F98AAAAD460E98880EF6331DB4
SHA-256:	016F5B000615241735F94F2E0C5570B8C47D77A3B81CB93211CC4B41B71DB84D
SHA-512:	1CAA2D711AA2584B42ADD9687EE49BBE78C643F99EEC48D6EA629C127979806FB0F59D7E73F582B606E89FB12E560BDCC4AC36D519F787E0F9C3C8A135C92528
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a84802fa-8a8c-4bdb-aa38-7df1649e4085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716729335951,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.2910980596378945
Encrypted:	false
SSDEEP:	6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJfbPtdPeUkwRe9:YvXKX9UyN2Zc0veGDV8Ukee9
MD5:	D7A077316F8B19B17200BB88CB99BE1D
SHA1:	0322B2460688BBF10A04CCE6CDEDD5A9809FD555
SHA-256:	C42B005BFA6D5CB99AE0B1CD2FAB294FEC61E5DE5E8DEE9ADAF672BA912F4D41
SHA-512:	05E026D1BC278657A8D346E0614E6604CA7DB91F49A5D9288191FA5782B5C2485C200868F3B89C0CD3672563B2B9F8856583B63CCFE3792A94083887449A0E99
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a84802fa-8a8c-4bdb-aa38-7df1649e4085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716729335951,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.296694720249448
Encrypted:	false
SSDEEP:	6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJf21rPeUkwRe9:YvXKX9UyN2Zc0veG+16Ukee9
MD5:	D64F9E81897D7D96D3EB09A34B7160AD
SHA1:	D8D80A5EEC36220939DACF8E59F2F830C6811650
SHA-256:	B391793BC3281994FCEA8DF400F2276AC7FC73BA89CDDA7012B95E324C745835
SHA-512:	405644A3FA4A8466827440768D3C8ADF3E695EDA4408B9D3950E1C0CA71541C1A3D60BC553EE1B1EB00DF9D20C4ABA25275AF631E92BD7893B84277D01092A64
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a84802fa-8a8c-4bdb-aa38-7df1649e4085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716729335951,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.314144528440095
Encrypted:	false
SSDEEP:	6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJfbpatdPeUkwRe9:YvXKX9UyN2Zc0veGVat8Ukee9
MD5:	7614B2A6023C81DCF8601C3643EB608E
SHA1:	E1E6613403B6CF4CAD059A24B4FD2FE86C068104
SHA-256:	7A36607C8C8A9E56D6D44823BB73A27159A0F5A6ECDA842A9339E4502A2344AE
SHA-512:	287681F52CD83531F4E8BC995765C2EDD5C391EE23CB4796B793E37C9A915FBE2BA01B913B53316D05BD35AAC26ACA4174D4541A699F09F88707106CFE8CA74D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a84802fa-8a8c-4bdb-aa38-7df1649e4085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716729335951,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.271225967997197
Encrypted:	false
SSDEEP:	6:YEQXJ2HXkUjGFyNHVoZcg1vRcR0Y+oAvJfshHHrPeUkwRe9:YvXKX9UyN2Zc0veGUUUkee9
MD5:	DF55AF82C6FFA506880304C4CF07E25A
SHA1:	182B99C5773BC9F4C3E34617D5DAD525D436A370
SHA-256:	CF28FA60AC8DE1D899483AB7B8F642BB40DD6E65CC3D3016CEFE55B7928F42C6
SHA-512:	3B08E7C00607E6B006994BE04C93B12640AB8ACC097D0C457747892413728D5AD3C20CD065A98E325D11AD72B42C77E02AE07C7E7D217611429D68F2AB1204B8
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a84802fa-8a8c-4bdb-aa38-7df1649e4085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716729335951,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.371093119918443
Encrypted:	false
SSDEEP:	12:YvXKX9UyN2Zc0veGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWn:Yv6X90zvo168CgEXX5kcIfANhO
MD5:	077AC633913BDDFE76C1430C3E50FDC0
SHA1:	A5642F7E33F7B73D3B30381E07E1BD55FCE1BFF3
SHA-256:	944D6EC9951F5DB92B1E9F9AF42FCCB5059026FC1F88970D08ADA4674B6BDA3C
SHA-512:	622C8FC1C8E9BC26DDB0F6E3764C3DC1E4840EA3808CB79044153654639EEDE49E26926371460DDE0CD65C7977B63728202E1CE1E3B9BA51DCFF2430DA7FCDC6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a84802fa-8a8c-4bdb-aa38-7df1649e4085","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716729335951,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1716555185987}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.132906381315609
Encrypted:	false
SSDEEP:	24:Ylqpr46CptGXt39la8vBay74q7BWEhDjxj0SZbQF2SGy2LS7aK5b9a6oudOG:Y8usBtRH1mIyJaKt9a6/
MD5:	9C47665B40AD999860895969967E080F
SHA1:	5476873E8395F231D9A7A3B1218DC42C2496CE15
SHA-256:	C76387B0CE5BF39F162BC61B287F27A57FE8F029F8B1EAE5E502B480F13514E9
SHA-512:	3835C7B2308BA5AD316C4224778B03557896C81F772653C28EDD4962B73421CC9AAB9FD924417BA3DFC6BD1F3A6AA66C792573BA5FA83FC9B431B7EADCCECAE9
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"202b87ae9851ebbccb042a87043b6e72","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1716555185000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"6d1bc05160fbcc2cfea62166efe6a243","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1716555185000},{"id":"Edit_InApp_Aug2020","info":{"dg":"5c51e91e3cd52fcd8d77235985e834d2","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1716555185000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"adaee12ac4b64f573c87ed3f626d449d","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1716555185000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"0ac962cbe51bccd4919238ac9f0d3538","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1716555185000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"a27b2710f00b5c744ce3ba6da7afeea9","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1716555185000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1890471520811814
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUU6dSvR9H9vxFGiDIAEkGVvpmp:lNVmswUUUUUUUU6d+FGSIt6p
MD5:	D30B3DB19D4F61B9E2D9844CD786348E
SHA1:	4EABA85D23378B1AEDB20FD7DFE514B39A82F2FD
SHA-256:	E1453986A2023B5F8DE1AB04C452736DB5A7E521C0AF35D402A40B6807C75ABA
SHA-512:	E936C1BF0E2ECE455D1994F0A96901458A5E9894593994A7F664B27BD3A2B31E9A4228E575300BDCA7FE849A314587B277BBF2C5A3E3993895ECF45A50640A92
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.6081934873499373
Encrypted:	false
SSDEEP:	48:7MqKUUUUUUUUUU6lvR9H9vxFGiDIAEkGVvaqFl2GL7msF:7qUUUUUUUUUU6BFGSItAKVmsF
MD5:	42FC1F36188E60BE259A7C6DA10C9282
SHA1:	A17931EC18232BA67F5D8D32D0EE7D503A111B7D
SHA-256:	DBB8DEE54DA636B3D49470A418A6E0EFE8EDC78A813C6409B22C872C19934971
SHA-512:	37755514B5DCE3A4F65A7E725C3F16F77A61251532DCD8D1502674508155C0DD74B09DD3F33525AD10D9B26C5E9D59AF6597A3C38F7BA23DF1FC7B8A71115CA5
Malicious:	false
Preview:	.... .c......0........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI1a233.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.534010397435022
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8cUlWyll:Qw946cPbiOxDlbYnuRKHWl
MD5:	983E97A21785EA9C346F10AD1B37C229
SHA1:	2412DDBAFFEC208D8D0607718F1241DE020C2777
SHA-256:	EA90022B3752C6FD31B8E8FF4715DCD48BCD0353DCA73F4E19B7F171E07F8742
SHA-512:	820E6FCA30097BD943022A15122606C09F6E8A00E3B094CBC90DBDB7A9669221C0E279317EECF2318F18FC80B9B9C58A2403508D2CC8BFA795AF708F9F8E5A12
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.0.5./.2.0.2.4. . .0.8.:.5.3.:.0.7. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-24 08-53-02-101.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.357337792456818
Encrypted:	false
SSDEEP:	384:xaxoxhswOQ7zRaL51g3MbhDiClKI0DbOJOz/ldNdAvx0KPJemlH5svs5kTp4nqag:BUKL
MD5:	3BCAC0B2723CF1F744A9DFB516F16685
SHA1:	9BCF75D03C1E512F4E1DF230D834403718FA41D1
SHA-256:	364C22B7E86397C4B50FA14380D1C1E6F1A2FB87204EBB4359B4648DA00387A6
SHA-512:	F6B33D313A6B6BB7870DE352D5AEC5436FE8F7EEBC50E554A1109956B0ADBC5A77DB4C3C422B8B65B9FF29702985EB34D73FDB6765E9ED1CEBFC851574AAA983
Malicious:	false
Preview:	SessionID=44103076-ef73-47ab-96a8-66983284c269.1716555182110 Timestamp=2024-05-24T08:53:02:110-0400 ThreadID=7136 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=44103076-ef73-47ab-96a8-66983284c269.1716555182110 Timestamp=2024-05-24T08:53:02:111-0400 ThreadID=7136 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=44103076-ef73-47ab-96a8-66983284c269.1716555182110 Timestamp=2024-05-24T08:53:02:112-0400 ThreadID=7136 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=44103076-ef73-47ab-96a8-66983284c269.1716555182110 Timestamp=2024-05-24T08:53:02:112-0400 ThreadID=7136 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=44103076-ef73-47ab-96a8-66983284c269.1716555182110 Timestamp=2024-05-24T08:53:02:112-0400 ThreadID=7136 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.384139359237204
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rX:Qw7
MD5:	2BDB2AD86F4C9135174463C233E1FDF3
SHA1:	1D7C83D066D2D9A8480636BA9309636CD639042D
SHA-256:	E57B55DD3C88FA1E1FA1EEDD538C311684FA4F65E079F33F85DE19562772E37E
SHA-512:	9B1ECA244D29045255279238BE4CCD3AF844F72408C0EEA2E143D0CC11C0216186C4626A65F1B902ECB8A07511E1ECED8C90E23B1394B9C572B75B508A86F5DD
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\006c72e0-57b7-4b27-b61f-a43c8d6b7cee.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\a8cacac0-8e83-4db4-8a2d-96a119f96fc0.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\d4d26192-d1d3-40d5-b1cd-63140bef78e1.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/M7oMOWLaGZ4ZwYIGNP8dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RVWLaGZ4ZwZGm3mlind9i4ufFXpAXkru
MD5:	E787F9888A1628BE8234F19E8EE26D68
SHA1:	44D5180C06ADBBDAADDBCE350CE4DEC997CD83E5
SHA-256:	3A09F3799148DA49F039A35AEDD22F368FB35B8D6022C4691C10606F704DAF80
SHA-512:	EE9B602898706CC0F33AA570E29A79A58ED748E1B738D74DF0C8C8DF193E23421B47AC8C862623ED774289D94FA90662A4CC436B80479D6420433D81752E9CA9
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\e3cb68e2-ba05-40d8-8b91-23e18e754f93.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

Static File Info

General

File type:	PDF document, version 1.4, 1 pages
Entropy (8bit):	7.77664190248463
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	NOTA_ACCR_11.PDF
File size:	18'289 bytes
MD5:	e6843c9d88e5dff3b04fa7eb6e3f3f52
SHA1:	0e07211f9b8704b444a70656b603b37a622881ad
SHA256:	2ce905cadfa90c99483047431ba23d00f81d3ef6a710a6b184def5f9283d02ee
SHA512:	053a9461c74d56c7d2dc5edc6a1f205f45fe7312d1faa3ac0427e8d7ce66bdf04ae8d2fb2d3e0794a143900637d7bb1f9b95d5c23d8d02ce1778e880a9ffe6de
SSDEEP:	384:XaX/sa3+NX2ULQZfQTYCdmWii5UdK/9embekBmfH/N2pWY0LOfke:XG/sE+bsBQ8DDi5UdK/kmbekMf8pWYSo
TLSH:	53829E0BDC1A0D85E99BB92B1DB67D5E477AB70329C0A6C6307F8F41E3009B496267C7
File Content Preview:	%PDF-1.4.%.....5 0 obj.<</Length 6 0 R/Filter /FlateDecode>>.stream.x....n\.....m>......G._..T..@Ab....M...d%....%M..O..t.....{.]_...6..p8$....;.k.).......3.....R..N..Fw......Y..=........N+...;.\.\|r..fOf.+D\2.."..l....l...Rp)*...A./>.uz.}....On..k2]....SY

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.776642
Total Bytes:	18289
Stream Entropy:	7.929289
Stream Bytes:	15569
Entropy outside Streams:	5.064208
Bytes outside Streams:	2720
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	19
endobj	19
stream	5
endstream	5
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
10	0f7355cdb5715f0e	c60a7c747b511b941544a5ef6440c476

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 6596, Parent PID: 2580

General

Target ID:	0
Start time:	08:52:58
Start date:	24/05/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\NOTA_ACCR_11.PDF"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 2852, Parent PID: 6596

General

Target ID:	1
Start time:	08:52:59
Start date:	24/05/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7208, Parent PID: 2852

General

Target ID:	3
Start time:	08:52:59
Start date:	24/05/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1628,i,3488876338839633871,10701397785841666798,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report NOTA_ACCR_11.PDF

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\270ce418-4898-4502-8dbb-71ed351451e2.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240524125304Z-162.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6868

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Windows Analysis Report
NOTA_ACCR_11.PDF