Edit tour

Windows Analysis Report
Hauptdokument - Documento principale.PDF

Overview

General Information

Sample name:	Hauptdokument - Documento principale.PDF
Analysis ID:	1467036
MD5:	2efab3f36e5fd8abc3017694cb52c496
SHA1:	13b8c63c42df6b5250ebcefd0e20a428a02abc71
SHA256:	3674679e65bccbae759c967bab8eaeb14aaf7a8878f62931b7111f51f991914d

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Contains long sleeps (>= 3 min)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Classification

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 3900 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Hauptdokument - Documento principale.PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AdobeCollabSync.exe (PID: 6216 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 6304 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6216 MD5: 8A41FC5F946230805512B943C45AC9D8)

FullTrustNotifier.exe (PID: 6624 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri MD5: 92366A2F482926C3D0DD02D6F952F742)

AdobeCollabSync.exe (PID: 6432 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 6476 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6432 MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 6588 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 6632 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6588 MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 6832 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 6996 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6832 MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 6256 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 6536 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6256 MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 6540 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 6664 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6540 MD5: 8A41FC5F946230805512B943C45AC9D8)

AcroCEF.exe (PID: 6968 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6516 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1580,i,65636838809153346,4168336558303447421,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic	TCP traffic: 192.168.2.16:49712 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49712 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49712 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49712 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49712 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49712 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49712 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49712 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49712 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49712 -> 23.52.160.183:443

Source: global traffic	TCP traffic: 192.168.2.16:49712 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 23.52.160.183:443 -> 192.168.2.16:49712
Source: global traffic	TCP traffic: 192.168.2.16:49712 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49712 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 23.52.160.183:443 -> 192.168.2.16:49712
Source: global traffic	TCP traffic: 23.52.160.183:443 -> 192.168.2.16:49712
Source: global traffic	TCP traffic: 192.168.2.16:49712 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 23.52.160.183:443 -> 192.168.2.16:49712
Source: global traffic	TCP traffic: 23.52.160.183:443 -> 192.168.2.16:49712
Source: global traffic	TCP traffic: 192.168.2.16:49712 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49712 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 23.52.160.183:443 -> 192.168.2.16:49712
Source: global traffic	TCP traffic: 192.168.2.16:49712 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 23.52.160.183:443 -> 192.168.2.16:49712
Source: global traffic	TCP traffic: 192.168.2.16:49712 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 23.52.160.183:443 -> 192.168.2.16:49712
Source: global traffic	TCP traffic: 23.52.160.183:443 -> 192.168.2.16:49712
Source: global traffic	TCP traffic: 192.168.2.16:49712 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49712 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 23.52.160.183:443 -> 192.168.2.16:49712

Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.183

Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: classification engine

Classification label: clean1.winPDF@43/50@0/43

Source: Hauptdokument - Documento principale.PDF

Initial sample: http://www.infocert.it/

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

File created: C:\Users\user\AppData\Local\Temp\collab_low

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: vccorlib140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: msvcp140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: vcruntime140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: appcontracts.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: cdprt.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: cdp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: wldp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: umpdc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: propsys.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: dsreg.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: onecoreuapcommonproxystub.dll

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Hauptdokument - Documento principale.PDF	Initial sample: PDF keyword /JS count = 0
Source: Hauptdokument - Documento principale.PDF	Initial sample: PDF keyword /JavaScript count = 0

Source: Hauptdokument - Documento principale.PDF

Initial sample: PDF keyword /Page count = 11

Source: Hauptdokument - Documento principale.PDF

Initial sample: PDF keyword startxref count = 7

Source: Hauptdokument - Documento principale.PDF

Initial sample: PDF keyword stream count = 183

Source: Hauptdokument - Documento principale.PDF

Initial sample: PDF keyword /AcroForm count = 3

Source: Hauptdokument - Documento principale.PDF

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Hauptdokument - Documento principale.PDF

Initial sample: PDF keyword endobj count = 384

Source: Hauptdokument - Documento principale.PDF

Initial sample: PDF keyword endstream count = 183

Source: Hauptdokument - Documento principale.PDF

Initial sample: PDF eof value = 7

Source: Hauptdokument - Documento principale.PDF

Initial sample: PDF keyword obj count = 384

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 30000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 30000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	2 Exploitation for Client Execution	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	11 Virtualization/Sandbox Evasion	LSASS Memory	11 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	2 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
23.43.60.134	unknown	United States	20940	AKAMAI-ASN1EU	false
95.101.54.195	unknown	European Union	34164	AKAMAI-LONGB	false
173.222.108.210	unknown	United States	20940	AKAMAI-ASN1EU	false
23.52.160.183	unknown	United States	16625	AKAMAI-ASUS	false
3.233.129.217	unknown	United States	14618	AMAZON-AESUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1467036
Start date and time:	2024-07-03 16:49:27 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	30
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	Hauptdokument - Documento principale.PDF
Detection:	CLEAN
Classification:	clean1.winPDF@43/50@0/43
Cookbook Comments:	Found application associated with file extension: .PDF

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.211.8.250
Excluded domains from analysis (whitelisted): ssl.adobe.com.edgekey.net, fs.microsoft.com, armmf.adobe.com, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: Hauptdokument - Documento principale.PDF

LLM Input / Output

Input	Output
URL: PDF Model: gpt-4o	```json{ "riskscore": 1, "reasons": "The provided screenshot of the PDF document does not contain any visually prominent button or link that could mislead the user into clicking on a potentially harmful link. The text in the document does not create a sense of urgency or interest typically associated with phishing attempts, such as 'Click here to view document' or 'Open the link to see your invoice.' Additionally, there is no impersonation of well-known brands that would typically be used to deceive the user. The document appears to be a formal request for a certificate, with no immediate call to action that would prompt the user to click on a link. Therefore, the phishing risk is very low."}

Input

Output

URL: PDF Model: gpt-4o

```json{  "riskscore": 1,  "reasons": "The provided screenshot of the PDF document does not contain any visually prominent button or link that could mislead the user into clicking on a potentially harmful link. The text in the document does not create a sense of urgency or interest typically associated with phishing attempts, such as 'Click here to view document' or 'Open the link to see your invoice.' Additionally, there is no impersonation of well-known brands that would typically be used to deceive the user. The document appears to be a formal request for a certificate, with no immediate call to action that would prompt the user to click on a link. Therefore, the phishing risk is very low."}

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.193393237439825
Encrypted:	false
SSDEEP:
MD5:	C6CBB9D8D1D8B717D43FB5C919F881CB
SHA1:	EE3E05AE778407B0774599056B710934B00602F4
SHA-256:	65C0F5276B59D0921A73BE487EBB75A48954C3CD08F09B9BBF8C9F764E0E4AEE
SHA-512:	35405C125AD9ECCC352B82368E3186B90126173D2547B8453B4977C374110AA0D54B09B89FC0B68B351E9816E003BFC688FA1A2C2EFF7F45403D4555DE3D504D
Malicious:	false
Reputation:	unknown
Preview:	2024/07/03-10:50:09.644 1b64 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/07/03-10:50:09.646 1b64 Recovering log #3.2024/07/03-10:50:09.646 1b64 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.164701539230745
Encrypted:	false
SSDEEP:
MD5:	42ADAC88811D3A13265CBA29B28003BC
SHA1:	426EF1FF9AF79CFED10996CF427B14E2D36F1379
SHA-256:	9BA21D3189C2161D485828A7D9CAA5152DE333825A4DF65F592C09C30F148A2D
SHA-512:	987DFCB87C3EE70BD36D842ABDC8CF460D2A5B6AC82EFFE3F5DC3A892031F23479AC1B704C27128BF3314548706FD8DC4A2CC69051EAC8377B9C5B9E0AE84A3A
Malicious:	false
Reputation:	unknown
Preview:	2024/07/03-10:50:09.488 1870 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/07/03-10:50:09.491 1870 Recovering log #3.2024/07/03-10:50:09.492 1870 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\960da9b3-01aa-49a8-b9f6-5fed21001b49.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	403
Entropy (8bit):	4.953858338552356
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF4baa8b.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\e63c3327-24fd-4d17-85d9-9278eb8b0a4a.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	403
Entropy (8bit):	4.967178600473574
Encrypted:	false
SSDEEP:
MD5:	6E87BDF071812D26B24CA187A8941704
SHA1:	74867282E29D6EEFC276E47FB79CB24308270B1E
SHA-256:	89028DA960981BA77D7BAD5E3BD8A037CEB8E87F3F737BA258AF640120BA95F4
SHA-512:	B4293BC95DB7E23449E9D06B80DC5C73FF5E4884478FCF0DDA0E55A52FA7A33193590F9C28554CEF3BB34BF26A436422512FB78ADE1CFE4F12A98BC5AB7379ED
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13364578221626766","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":132316},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4099
Entropy (8bit):	5.230883859331389
Encrypted:	false
SSDEEP:
MD5:	CFD3DCCA704551C1CBAB69DFD5362873
SHA1:	6E29434BDEC562269A7C0EB38168BF07E4B47914
SHA-256:	B6B82DBF0AEDBAB8A52EC361F27CE7BE967F3875EAB5A2E88CF1B2A66DACD1A1
SHA-512:	2E278216547C575D54AAD2E74D01AA0DF2153107C33BE79112629598F7F25DE54BDEEA5FD984323BA5626642D6D61A1A3F8C4E1A989DFED6C5CB0F25DC90F449
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.19382200610318
Encrypted:	false
SSDEEP:
MD5:	34589E5B528191CC5AA7C921741E7559
SHA1:	749E083CADD0A776896745AFA84E3C269634D387
SHA-256:	52228730C2C1D347194CF0C7B4AB3BEFA0941D6CAC4282379C30D894C16D1B71
SHA-512:	6BD8145C533039FAEA43F027DC3D2751EF4F0394F07AC6487321329B169F949D7E1224169D03A50C3F39442AF04B3CC985771D8F50C970DA814A589D62399DFA
Malicious:	false
Reputation:	unknown
Preview:	2024/07/03-10:50:09.691 1870 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/07/03-10:50:09.692 1870 Recovering log #3.2024/07/03-10:50:09.694 1870 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, writer version 2, read version 2, file counter 1, database pages 1, cookie 0, schema 0, unknown 0 encoding, version-valid-for 1
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	0.08728080750134917
Encrypted:	false
SSDEEP:
MD5:	863BB379B267B2404CB64A3BC9B4A650
SHA1:	139EDCE2C64569B81175543D1DE743EF474F4432
SHA-256:	F7C1BC02F430EBD015E45159D9FD9E18643C4CDCCBB7E7733A248C8393CAA88C
SHA-512:	6AFF907DDAFC78AF2186F58D7102A88527BCE5473D72C03607EFC49C56ABAA157191D391A1ED9350CC058E9BB37040C29DBA9E3A668F640DE0100A639F1D2F51
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.28499812076190567
Encrypted:	false
SSDEEP:
MD5:	3380C9FD1A21DEB9638D27246580ECBA
SHA1:	50265CCF1200250F9F8FF05323ECF9C297E3B941
SHA-256:	77B2FB6BBE4ABB53F552B446679A63C2A4F6D4755D3724E66A2A73230E7ED40A
SHA-512:	8C0A438CB8FAA004C614906059FDCBA327FEFFFD441E437E4A979317A704792892372D1E4B67EB872D08D4A8782C7F2E16A1D8687A57E8DA2117F94C9B33AF5C
Malicious:	false
Reputation:	unknown
Preview:	.... .c.....LB.4................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-shm

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.06158684890055117
Encrypted:	false
SSDEEP:
MD5:	2D3959FEE44B45956517E8B73B06ED83
SHA1:	844E6A6A62E3B9C4D7E4028D0DB6E8DBCFC3C535
SHA-256:	8DBB58119C91ACB0E85AAB08D26384917DF36DBC5462964F63DFE8A34044179C
SHA-512:	B32D3C406CFE59B89E2C58BDB03AB4E7FAB7668B60242912A992E54405A0229E6C4DF37630E1C0C6494721B47F44EEC3CAC2AF9A4B93B3EC07BADB9B3C657E52
Malicious:	false
Reputation:	unknown
Preview:	..-........................u...W.A.&.Hs..^/..}7...-........................u...W.A.&.Hs..^/..}7.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-wal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	119512
Entropy (8bit):	0.9630844021492451
Encrypted:	false
SSDEEP:
MD5:	D1057445C633A77B29356CAB93A443B6
SHA1:	70BBF1663897EE24410BA5A33C6706CFB9CD352F
SHA-256:	4719C30694D48396CBAEF06722033C7314B250C465E3D54DFC9BED5AEED1E2C1
SHA-512:	D14978CD25E7A2D0CD08C59A93ECD773750D965F0957C8823960B8E04C30C415C90A1DA2155BE7AC9FB8910C1A51B92E20534DB70A9D79DB9DCE8117E2B6BE1B
Malicious:	false
Reputation:	unknown
Preview:	7....-...........A.&.Hs..kD...dN.........A.&.Hs.-.Z..)=.SQLite format 3......@ ..........................................................................c....................A...}...~...............D....................................................?...S-..indexsqlite_autoindex_pending_requests_1pending_requests..<...++../tabledevice_mappingsdevice_mappings.CREATE TABLE device_mappings ( .device_mapping_id TEXT PRIMARY KEY NOT NULL, .content_item_id TEXT NOT NULL, .content_item_type TEXT NOT NULL, .include_rel_types TEXT DEFAULT NULL, .include_depth INTEGER DEFAULT 0 NOT NULL, .branch TEXT DEFAULT NULL, .device_mapping_created TIMESTAMP DEFAULT (strftime('%s', 'now')) NOT NULL, .collection_id TEXT DEFAULT NULL, .TTL INTEGER DEFAULT 0 NOT NULL, .Priority INTEGER DEFAULT 0 NOT NULL, .app_info TEXT NOT NULL, .unPinned INTEGER DEFAULT 0 NOT NULL, .UNIQUE (content_item_id, branch))=...Q+..indexsqlite_autoindex_device_mappings_2device_mappings.=...Q+..indexsqlite_autoindex_device_mappings

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-07-03.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2420
Entropy (8bit):	5.176076530481997
Encrypted:	false
SSDEEP:
MD5:	3E1985403A301C0A9FEEEBE666B7668B
SHA1:	44ADBB2450879A024BE1020ADA83E031ECCE49BF
SHA-256:	D739F42547AF26F1CCE2C733512734892000E92E5FAF9F6049E024219A45CF4F
SHA-512:	5477C61E928CE922943E488B4C884E9070489C399F8D92AE7B6200D09C57F165EFC0A3A03E1EEF05B1364ED350E43E53EDA94169E369D6FF37FA6A643B188DCE
Malicious:	false
Reputation:	unknown
Preview:	20240703-105036.940: t=19f8: Info: app: Begin Starting up (AppController.cpp.musync::AppControllerImpl::startHandler.305)..20240703-105036.940: t=19f8: Info: app: End Starting up (AppController.cpp.musync::AppControllerImpl::startHandler.305)..20240703-105036.940: t=18a4: Info: AppShell: End start (AppShell.cpp.musync::AppShell::startup.173)..20240703-105036.956: t=18a4: Info: Cosylib: getContext. baseUrl: https://comments.adobe.io/sync/ (CosyLibImpl.h.cosylib::CosyLibImpl::getContext.181)..20240703-105036.956: t=18a4: Info: Cosylib: getContext. baseUrl: https://comments.adobe.io/sync/ (CosyLibImpl.h.cosylib::CosyLibImpl::getContext.181)..20240703-105036.956: t=18a4: Info: Cosylib: getEntityClient (CosyLibImpl.h.cosylib::CosyLibImpl::getEntityClient.166)..20240703-105036.956: t=18a4: Info: ES::cosylib: EntityClientImpl::getRegisteredLoginInfo : (EntityClientImpl.cpp.cosylib::EntityClientImpl::getRegisteredLoginInfo.944)..20240703-105036.956: t=18a4: Info: ES::cosylib: RequestHandle :

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 8, cookie 0x3, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.36835287347338636
Encrypted:	false
SSDEEP:
MD5:	F391306DD8BAA3198B26D3C80A906E19
SHA1:	6CD1B24D186F1CC68BF9097177DA5676C4A56422
SHA-256:	62604481C477AF3F8813122011B9CEC6DDEE9A3992F3FAFE236E3E92FC62E680
SHA-512:	5AD524078462D761F0F01933EBFC3714B44C93296BD4EDAB34B59CB833D1D9334CE830E196D2BD2BDA82837914E91B2B53E848EDC9BD04B7EDCC31D7DFD9DD53
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......2........h...2................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.28499812076190567
Encrypted:	false
SSDEEP:
MD5:	65DBD9197EDC8A864E15146276870452
SHA1:	57543AFDFEB6AD8E1F18EDA0071D33D985E73004
SHA-256:	C0875B21967C37946DD9DAAC9A86397D5D72A4739EE3051CBE2A0945D45C8584
SHA-512:	AE96D00A7092A8616178F044EDE54669F5107673F5B69E92216C8C6F76B3C1A7856D7F125DB0971DD5BBCA4DC8E83F0B877A0BF53ADE1EC4AC947CF06B4C4147
Malicious:	false
Reputation:	unknown
Preview:	.... .c......^.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240703145013Z-619.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	2.2139355797296174
Encrypted:	false
SSDEEP:
MD5:	EDD0EFB8D4EE8E1AC7BC1CA98363E046
SHA1:	AFC9BAE3407E93599DDD6F19450A807491494A28
SHA-256:	18664E2FC0F450EE6409C7363A8183C70EA2ECE839B3F4D8477F4072964BCD44
SHA-512:	1F5475BC6FF5A7E80502DB69CD7B688A156AF9A084EDCE0763E561CFF61A990729FB7EAC874EB28AB3F78B84A0CF52B13A7424A650189DB3E0040A6C5951D406
Malicious:	false
Reputation:	unknown
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	3.291927920232006
Encrypted:	false
SSDEEP:
MD5:	A4D5FECEFE05F21D6F81ACF4D9A788CF
SHA1:	1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
SHA-256:	83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
SHA-512:	FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	16928
Entropy (8bit):	1.2148576983672634
Encrypted:	false
SSDEEP:
MD5:	00422C9D7E3B2FFC482FCC9F56FD5B61
SHA1:	7C21027C57716F7B9E75F9243D8544C5FE9F5785
SHA-256:	BB37C8542ED33790466957A1A5A134B1418797E0B5F984E5CEF05FFE1F13564D
SHA-512:	2F7988FC1C1BE497166AF7E9A9029D282F4BACB95171FAED8FA0F7455B7A73E9827C4FCCA275EA212A5ADBF40C9F167B44A60474E6D3FA7E71B03F928E81648A
Malicious:	false
Reputation:	unknown
Preview:	.... .c.....J...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 23, cookie 0x11, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	0.9951370817377893
Encrypted:	false
SSDEEP:
MD5:	DCD066A1C8CA38D94ACA4E5DF6CA20BF
SHA1:	0C670E7CB31FE1CFD952082C3629AD8861BFD799
SHA-256:	E484D26709945669E18A3D0A7F95E3EA943D4170736EDD8FEDFE3F69A7B8D25E
SHA-512:	C07D385DB9B836F106E1951FDCD911D7FFF44AAE6EE7406CA665B211236E8ABE3395789E10200644343779983E9AD7B5E484B3B1567CA6EAB890A88E4FF9500B
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c......................7...4.....d...k.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Z...-%.qindexdependencies_diddependencies.CREATE INDEX dependencies_did o

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.28109187076190567
Encrypted:	false
SSDEEP:
MD5:	81D9E6BE1EB91CEDE94A7938CE742A75
SHA1:	7A76EF7D951A4EF16E8FBD6480C7D97EAA5320FF
SHA-256:	150958A913ED0310CB642414A244AA0D8814C2FF7F8055DDC440D89C20E39788
SHA-512:	9DA64258044B6627F6425B5640F1CF55F82B9084E0527129A4EEA4D216198E4DB81B3F4F759D7B83C99D48BCF8DF613C029F8C050CBB081A8B2E7AE42B51E3AA
Malicious:	false
Reputation:	unknown
Preview:	.... .c......H..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Reputation:	unknown
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	893
Entropy (8bit):	7.366016576663508
Encrypted:	false
SSDEEP:
MD5:	D4AE187B4574036C2D76B6DF8A8C1A30
SHA1:	B06F409FA14BAB33CBAF4A37811B8740B624D9E5
SHA-256:	A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
SHA-512:	1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
Malicious:	false
Reputation:	unknown
Preview:	0..y...H.........j0..f...1.0....H.........N0..J0..2.......D....'..09...@k0....H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0....H.............0..........P..W..be......,k0.[...}.@......3vI.?!I..N..>H.e...!.e..2....w..{........s.z..2..~..0....8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i.....)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0....H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..\|.Wv..(9..e...w.j..w.......)...55.1.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.144086598890895
Encrypted:	false
SSDEEP:
MD5:	9FE798BBDBCC9CF606DB3422AD5B8494
SHA1:	1879BA1F536A9C7827F429B9160CCB18E7E9425E
SHA-256:	91B2E49307602A2D66E2ACF0F3A7BFE540547543158F19AC343E397563615190
SHA-512:	54E6F59E1B6FE9D266704D86B6E880170B35F8FC0397DDA8CC0BB4684952AE3A7798385BC9C7EF5AD42D98A61B0F1DC5FF213BF35432365E27D4738D3D05B0AC
Malicious:	false
Reputation:	unknown
Preview:	p...... ...........fX...(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	252
Entropy (8bit):	3.026467887142631
Encrypted:	false
SSDEEP:
MD5:	15617FBAE3637673916B4E4F4F591A44
SHA1:	B00B579B5BC63101D4AB87EE8D45DAEB4BCE2F26
SHA-256:	21CB75FC32C4062B0EA2A52E83845332270E91A8372A1A220603AB54ABDF757C
SHA-512:	D6C2D4BFEFAF5A9FF34B47F4AB21E241715DB85F91EDABEE59D6616F90B1DAB05D486E5603466C555584C3C951CE7C49974575658BCE3D97E870C0C2F91D1F69
Malicious:	false
Reputation:	unknown
Preview:	p...... ....`.....mTX...(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.390197001749834
Encrypted:	false
SSDEEP:
MD5:	D866FEE7148890CB8E16E8E5BCC81FC1
SHA1:	3C7065BE8A8671648B26461130955508358C5B8A
SHA-256:	4147C0F7B0EB26B1EA777B05A98F499466333164C78AE8A8DF0B13E5C098D1E1
SHA-512:	79F31DA746512D0532B7850057DCF54DAB2A091458A4F4B4354C25E91E7F62F4C9F677991289347E3355F80467B411E8910B965E9F5A2F75539524C7F1D451F9
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d7d638f9-5dbd-430b-8e02-61a5e8f3822c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720196310580,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.33854735789515
Encrypted:	false
SSDEEP:
MD5:	83CD9E2973A211515CDF036E15A65FC3
SHA1:	52026344E313752DBF7CA93023CD1743BB866553
SHA-256:	AFFC3DBBCA78996281ECA891A652A3BBB841A41FBC8D53E6F26B48092F2FF9EC
SHA-512:	D9307103DCCAAB8AEB134AD6B2F01CCE0844F6E8B5CD195C416C89C8FE0269C0517CD0D240E8A172DC96896215D787F5059670FAE211E69A707DC78C2BD41175
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d7d638f9-5dbd-430b-8e02-61a5e8f3822c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720196310580,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.317542393290227
Encrypted:	false
SSDEEP:
MD5:	2F072F5E0DF6AD5B7F3481C7B715BB1F
SHA1:	DB952771FDF316B8D979E00C9A2FD041911F566A
SHA-256:	EC78718E0A9E06FB99AA3C8CE2611A1D7A800B4C360F50E5D4C0A3CF40D64721
SHA-512:	5AFBF2DC13648981AF9C36C3ECCAE34FAEF46171E5DD3C1125FD6FAF65D6C32965FBCC3AC4F9FA23B15D8761A4D3B59FAB73EF99E8D6AEFE55EEE74682706C92
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d7d638f9-5dbd-430b-8e02-61a5e8f3822c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720196310580,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.379518720856886
Encrypted:	false
SSDEEP:
MD5:	8224B059394C742878AEBDE65EA458D2
SHA1:	F0A6D3AD623DF5A3E48999D6B76F6B5EDEB4D0B1
SHA-256:	2B5F5618FD75C22BDFEE5D8EBB261A2BB4B8163C5D063B1EA6348EAB30890CF1
SHA-512:	4798A919EA25C0451E75E95076E914B0F9638D9946C183B6AB7E19FDAC72406DDC90C4006729575FDA44C9E011EC4E6CCE4CEE12C04C2E3AFCEEF67478A1AD2E
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d7d638f9-5dbd-430b-8e02-61a5e8f3822c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720196310580,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.33775370798398
Encrypted:	false
SSDEEP:
MD5:	3D7BDDDE75E5B26E179852DF480703C5
SHA1:	7CAC45C81E261D7A502E488EF5C52AE2C5ED834D
SHA-256:	019544E16DB6F81B36B0A87393B63A017B4626281A35F2D86428AA8E5A1540FD
SHA-512:	548F31199534ED726321228766964E2E4E9A1703CF3E1A4E293BEFADCBA7A7606EAD2EAF78C447BAF6233CF9B6D453952BEF7A1F25096613608926C9FA078823
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d7d638f9-5dbd-430b-8e02-61a5e8f3822c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720196310580,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.325428270838421
Encrypted:	false
SSDEEP:
MD5:	9E838100AA341ECAA60AAFFD59D03878
SHA1:	9371BB0838ACF56EA422560BB31CAEC946EF58CA
SHA-256:	4FDBA88C278053C9AE480EFF1C82A0BFC7CFC7DD31285EB80E81CFD5100C8DA5
SHA-512:	2831C6C3C1C0DA67591F2B3BC6AEF22C6D0289A443A8BB3F9D581F10DEF0DEBCFA7C5658FE8E98E3FB3649B2E4AA44EAD8C72BB2C679B71323DCAD22BE07AFE4
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d7d638f9-5dbd-430b-8e02-61a5e8f3822c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720196310580,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.327510276241869
Encrypted:	false
SSDEEP:
MD5:	BA25440C45127C156BA09E7AABB3E8B4
SHA1:	2DC640E349D4B243404C7F1C94C5A1B4668F7511
SHA-256:	0615F5DB1AD51F4277B1B512551EB473E36675E441BA1272F79B022F0ECD0811
SHA-512:	C5DC1969FBBA0C7226C31BC30FBE9983D834FF57978FF5A6C68597DD48FD7B7D85FE552BC6E54130D6F1E863B350EF08322DE7D95BCD7D75702655AB2B15BE55
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d7d638f9-5dbd-430b-8e02-61a5e8f3822c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720196310580,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.33267982570569
Encrypted:	false
SSDEEP:
MD5:	CDB92AB7281C684F12E8461166159CD3
SHA1:	AA7EB9427EE2AADD810024DC2853E8E4A82C1B3B
SHA-256:	96215B50F2B34CB288CB7BA238753BE36CD9A7C5CED8EE9E66029FAE75849065
SHA-512:	1D8609F55AA29871A9F651904479F1991113652E834A40ECDBC663D10C96BF64003973AA242D8CC7AF1B1A81F8CD54A40271DB4A46172C006E751D25E6E6B419
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d7d638f9-5dbd-430b-8e02-61a5e8f3822c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720196310580,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.738546325191226
Encrypted:	false
SSDEEP:
MD5:	A351F53F94DC0ED837D0877774A34A55
SHA1:	01D9115CE3F299D5351B03726A7698AF17E43BF0
SHA-256:	FC67C95D5A44BBCBE11BD2566F61D98BF65FEDE0FB51FF6ED5A3E150DC57832C
SHA-512:	3381EC42E2B58BAE4C875E194BD56BE1E868799125EFBDAB698C090DD4494D4E86449B7A43292229BA89B6337B38C79FB8C48D5BADCAE37F691DD931012BFE8D
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d7d638f9-5dbd-430b-8e02-61a5e8f3822c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720196310580,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.331218913925979
Encrypted:	false
SSDEEP:
MD5:	CD979531C51C7F2B7B00B88F18362CC8
SHA1:	AE99653895719E702BCAD7597A73CAC7143D665B
SHA-256:	7FF6317AEB611BCAD146849386069CFDFC4054ED32E5E5DDAA617875FBF61483
SHA-512:	03EB5587058794981BC4BCC3AC8287A89FB2841776FED511B77F4AFECD253E1D685EFDF047A001CC92C679A91A4AF9DAB3EC20FDD988EE6D83CDBB38F14FA834
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d7d638f9-5dbd-430b-8e02-61a5e8f3822c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720196310580,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.7726774192466355
Encrypted:	false
SSDEEP:
MD5:	9A92BD0F904FBC908CF1462E5FDF1ED9
SHA1:	CCED31437D736E3F9A632E4E7D5E776337313A4B
SHA-256:	3339CFBF926552990CC5633D580330F0191D808E402A141E595E868966EBB185
SHA-512:	C316184CCAE8027A4E3E8140DD2620A6A8FAF20469972C215C503E9116ADED7FF58683D7EC52CA3327BD0424A95373B2D9D121904FF8E07F1D05AD34EB3E205B
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d7d638f9-5dbd-430b-8e02-61a5e8f3822c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720196310580,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.314551448617534
Encrypted:	false
SSDEEP:
MD5:	45F2829950DB04177164EA5F8648E3D1
SHA1:	10739B7392A4C05C6671DFC25B5F1E1979F08E41
SHA-256:	1BB8D35B91F0B54F000D184C7F32711FD2C0F68925BC5E5FEED6D529B85949D9
SHA-512:	480D4A63395A696C089694236D7259E7941C8251BB1FAF76AF044B16AE1BA0222245E99133822E96801FD74D13DA4B469D9CFDB97D2B1CB60887F58793717CC8
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d7d638f9-5dbd-430b-8e02-61a5e8f3822c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720196310580,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.3180505047094755
Encrypted:	false
SSDEEP:
MD5:	0B490F32A23F1DE2EF30E48A9E437B87
SHA1:	FF0573757AFDB8DD83B269DFEE0CB70FDC520BD8
SHA-256:	D52F33EBD8A1CDD3EC96E2AB66921B01B7CE5940566C59DEDEDF867D7578E70E
SHA-512:	E5E55F5562356A46BAF8FB7ABA8758AFD1455423A993CAA8D8C540EA781075CB2F8655CF9E8FAED658472C5F9A488D10D60A5EB605C6572BB22D1D27FB9A8B0F
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d7d638f9-5dbd-430b-8e02-61a5e8f3822c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720196310580,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.338054042684127
Encrypted:	false
SSDEEP:
MD5:	ADB02676A4F663E4CFA2DD473B6A9A00
SHA1:	F651B068AA96959318DA6FCBBD28918971465BC3
SHA-256:	E10C541EA2F6ABD4139E04BDD230F5819B70F5229ED0BFB96006A1168E8DE2E0
SHA-512:	A464B6CD92E00CD45E73D8FB114592617A0E0085FCAF02AEEFFCF9B745733E122B78F4570D85F61F9F6BC173393B21F3BD9D99639354144165C6975468FFC006
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d7d638f9-5dbd-430b-8e02-61a5e8f3822c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720196310580,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.29254394220775
Encrypted:	false
SSDEEP:
MD5:	E42A2D1F4D8BF9C6146D1358009A9878
SHA1:	DEAE80D7598A84ECCB8E87A484CC8DF9C8ABF1EB
SHA-256:	8A0E9C4E9EA0DDF8D85A8B7FCE39FF317CF51BD141F4C2CBA1C48AFFDB5AF86D
SHA-512:	153E5029A527ADFEC653902DE6C7F5BC90C245A79A1246BAAFB2441299BE5A1CA4EF6BFA7FCDE8916E3C784568B74B0F937A266BD48B3B50CF45F140D7736AC4
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d7d638f9-5dbd-430b-8e02-61a5e8f3822c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720196310580,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.3679677788513604
Encrypted:	false
SSDEEP:
MD5:	63B794074EDD411A692FFCFBADB6B7B1
SHA1:	BF45AF564A212D06B690A799D9F98D2D7723FB30
SHA-256:	5FFBF2310F24796C9AEDE72475DCA51B85DF3624F250261C7C3127007CE06E07
SHA-512:	89BA16EF446568CB9A486A050908F5E9675EB7B18D8722FFD324FF9669AE2998849FADA9CAA52CF8507D8884468CE928E992EF69AF4DA21B8F95413D82828D43
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d7d638f9-5dbd-430b-8e02-61a5e8f3822c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720196310580,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1720018215613}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.113503087433393
Encrypted:	false
SSDEEP:
MD5:	CC342233308082791FBF71EB9A796ED2
SHA1:	E6258B6B304BBE93E2F6A75ADDBFCEDE4AF47D7D
SHA-256:	DEAACBC166650DC364C8DA4178026708C7A8E063C2E84D60548D2AEDF351AD77
SHA-512:	FB5DEF5CA758323AACF0AC61720A955CE867237F682939F6FD92978D38F27F7CA8C4885BE0C9464196246D5FED92674B2C100BE408D002CC94CA35C85AFB4BC9
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"8d5146c1e73d9eb67ebbc6b6fb3376f3","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1720018215000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"1312d6715f1e89e251c3125c76ef1c32","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1720018214000},{"id":"Edit_InApp_Aug2020","info":{"dg":"8f6c54b8576d5be3074e6e4bc8119cc0","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1720018214000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"0def8b16d707bed37c88dce7142d7dc5","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1720018214000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"1093c27ed113b2ec6b35413e90adda40","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1720018214000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"d206c00da92ff07ad3d1b68acf69535f","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1720018214000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 27, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 27
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9968806338812427
Encrypted:	false
SSDEEP:
MD5:	CA1A7BFCF291414D7DE7BE683799F791
SHA1:	F5482CE5997A4D4930D4481B576E4FC87226FB85
SHA-256:	0D2508E2914D601D443008B1717A52922C751113C7D5153E6523CCC8323ACA99
SHA-512:	B5D92595E1C215759F4086B71EAD5BD358CA67433F1E109D086702C86FAACE8A4572DA4C5888C79C08F5936247B7C5D3D0EBE7B67E99EB4B6E28E7BE797D0C95
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3609479924375107
Encrypted:	false
SSDEEP:
MD5:	CC323D2B04F8CB7A9ABE8A07747651FC
SHA1:	1E24DC1A4444CE20200177401D0469A986F7DF8D
SHA-256:	BE3A77CB34C58C7A6E99D4B7E8C22D7780804F66F3CB216E2A2B94BD17838A45
SHA-512:	AAA97A23A20F5D4DA187566E9E355FBC96CD30B38F6B5C332E24CD55C20AC93743B5390BAA023EDD8C524E4CB9E64C17EA6DC5F60BA1B68BB78CA17C704C5D04
Malicious:	false
Reputation:	unknown
Preview:	.... .c.....x..K......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j......-.....J...........7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIa9e4b.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.524398495091119
Encrypted:	false
SSDEEP:
MD5:	D15928170018CDC0C294FA643880DBD5
SHA1:	DF8D6C99038D9685DAC46000C987BBD93000B5BC
SHA-256:	617253A624406D76C7AEE200606A51EA58A327F1CBB831EE2134E5B5240430E5
SHA-512:	258A00842C84148C15E73410948348C6F49601EFDA84D48686FD9E46C0EC91B207D5F5EB4F91D798A87276D8A2E23BD07EC938378C05E9652A60FD9A9C021E3B
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.3./.0.7./.2.0.2.4. . .1.0.:.5.0.:.1.6. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-03 10-50-11-470.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.353642815103214
Encrypted:	false
SSDEEP:
MD5:	91F06491552FC977E9E8AF47786EE7C1
SHA1:	8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
SHA-256:	06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
SHA-512:	A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
Malicious:	false
Reputation:	unknown
Preview:	SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.415699751069799
Encrypted:	false
SSDEEP:
MD5:	56829348AC72F2724FFD57673597FAEF
SHA1:	29EF95A42D983849A52E4FAE8F9C183C95E5A870
SHA-256:	1FD3A7D92216AC01328E01138F8D2FCF0C60128ACCDB0FBCA1793E307E19E7FD
SHA-512:	1AC39CAD44980F8BFD457D4390C3AAC1C6E8B177720C8A5338AD0511ABE3967E3958332BECF7C5C8E784DB3CAC3F81F327C1AC5BD49AB568CADD0CA1128CFE21
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\799a3265-8d4f-451b-b70b-5f94a5fdb683.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:
MD5:	1D64D25345DD73F100517644279994E6
SHA1:	DE807F82098D469302955DCBE1A963CD6E887737
SHA-256:	0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC
SHA-512:	C0A37437F84B4895A7566E278046CFD50558AD84120CA0BD2EAD2259CA7A30BD67F0BDC4C043D73257773C607259A64B6F6AE4987C8B43BB47241F3C78EB9416
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\cbc9ebeb-5f9f-4fae-9cb9-02ca19cd3210.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\ce5a9f47-1ed4-43b7-9508-f0dd833bf62b.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Reputation:	unknown
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\f99ce4ee-0428-4425-a429-208315f2ea6d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:
MD5:	1A39CAAE4C5F8AD2A98F0756FFCBA562
SHA1:	279F2B503A0B10E257674D31532B01EA7DE0473F
SHA-256:	57D198C7BDB9B002B8C9C1E1CCFABFE81C00FE0A1E30A237196A7C133237AA95
SHA-512:	73D083E92FB59C92049AF8DC31A0AA2F38755453FFB161D18A1C4244747EE88B7A850F7951FC10F842AE65F6CC8F6164231DB6261777EC5379B337CB379BEF99
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ISO-8859 text, with very long lines (3486), with CRLF, CR line terminators
Category:	dropped
Size (bytes):	14456
Entropy (8bit):	4.2098179599164975
Encrypted:	false
SSDEEP:
MD5:	32FCA302C8B872738373D7CCB1E75FD4
SHA1:	DA85FAF24ED0ECFD5D69CCFD6286D8B77D7EB4F1
SHA-256:	CD0DD26304B88C20801FE80B33C49C009E2E5D4411B5D7F83252E1D90CD461C6
SHA-512:	57F8CC85FAFB15455074431216E47433E50DF5DE74ED74C395B7FF2C433DB7CE06F0A1C1FE1EFDC17229DBC33325D559789F43901556DD1A12963B94F01D5A1F
Malicious:	false
Reputation:	unknown
Preview:	%PPKLITE-2.1.%......1 0 obj.<</PPK<</AddressBook<</Entries[2 0 R 3 0 R 4 0 R 5 0 R 6 0 R]/NextID 1006/Type/AddressBook>>/Type/PPK/User<</Type/User>>/V 65537>>/Type/Catalog>>.endobj.2 0 obj.<</ABEType 1/Cert<308204A130820389A00302010202043E1CBD28300D06092A864886F70D01010505003069310B300906035504061302555331233021060355040A131A41646F62652053797374656D7320496E636F72706F7261746564311D301B060355040B131441646F6265205472757374205365727669636573311630140603550403130D41646F626520526F6F74204341301E170D3033303130383233333732335A170D3233303130393030303732335A3069310B300906035504061302555331233021060355040A131A41646F62652053797374656D7320496E636F72706F7261746564311D301B060355040B131441646F6265205472757374205365727669636573311630140603550403130D41646F626520526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100CC4F5484F7A7A2E733537F3F9C12886B2C9947677E0F1EB9AD1488F9C310D81DF0F0D59F690A2F5935B0CC6CA94C9C15A09FCE20BFA0CF54E2E02066453F3986387E9CC48E0722C624F60112B035DF55EA6990B

Static File Info

General

File type:	PDF document, version 1.7, 3 pages
Entropy (8bit):	7.727222210819467
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Hauptdokument - Documento principale.PDF
File size:	1'474'834 bytes
MD5:	2efab3f36e5fd8abc3017694cb52c496
SHA1:	13b8c63c42df6b5250ebcefd0e20a428a02abc71
SHA256:	3674679e65bccbae759c967bab8eaeb14aaf7a8878f62931b7111f51f991914d
SHA512:	33a0e4472298dc1fe5fe09e9692cf45fe97d0538fa9a001f8dabdc7ba81daa0c23af5b3b220d22ed84c982d21f2a6dc4d287767241fab28a6ebffca6b8848945
SSDEEP:	24576:BXBjXuhf0uzrWrPauZeUJpiMkZ6XE8YM3o2WxgGrYS5LYgJRwd0y5:BazYDZeUrimn4eGbqgJRwd0y5
TLSH:	AB650158418BD8CDE2539BD6F72E786A510DB32766C428A23D1D0F924B53EEFF41B182
File Content Preview:	%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(it-IT) /StructTreeRoot 70 0 R/Outlines 65 0 R/MarkInfo<</Marked true>>/Metadata 308 0 R/ViewerPreferences 309 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 3/Kids[ 3 0 R 47 0 R 52 0 R] >>..endobj..3

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.727222
Total Bytes:	1474834
Stream Entropy:	7.979718
Stream Bytes:	1244864
Entropy outside Streams:	4.014232
Bytes outside Streams:	229970
Number of EOF found:	7
Bytes after EOF:

Keywords Statistics

Name	Count
obj	384
endobj	384
stream	183
endstream	183
xref	7
trailer	7
startxref	7
/Page	11
/Encrypt	0
/ObjStm	1
/URI	2
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	3
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5
15	00c4d8d8c0e03000	2c574ae57fb2fa6495c3a5eaefd8403b
16	00ccece8d8e83044	faf2cd5829601e9ea9afcfc490dfb57c
17	0100010101010000	76b876b8f852e4985cc6f07ffb6dad2b
18	0100050101010200	caf715a28cac6e469e3fb501139f865b
62	a280a2a2a2a280a2	99cef03e2963cb6ab984fb5db07fb51f

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Hauptdokument - Documento principale.PDF"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6216
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6432
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6588
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6832
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6256
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6540
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6216
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1580,i,65636838809153346,4168336558303447421,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6432
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6588
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6832
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding F16BEF6029BD0F0306C3714677DB4B7C
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6256
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6540
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1580,i,65636838809153346,4168336558303447421,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Hauptdokument - Documento principale.PDF

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\960da9b3-01aa-49a8-b9f6-5fed21001b49.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF4baa8b.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\e63c3327-24fd-4d17-85d9-9278eb8b0a4a.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-journal

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-shm

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-wal

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-07-03.log

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230-journal

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240703145013Z-619.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Windows Analysis Report
Hauptdokument - Documento principale.PDF