Edit tour

Windows Analysis Report
890353636349.pdf

Overview

General Information

Sample name:	890353636349.pdf
Analysis ID:	1541493
MD5:	d7926c13cb57a7bd08e7be4ebf4a10e1
SHA1:	a1e0a7e7a48a8b84c51b88cb49a2b5a0a7b0db76
SHA256:	b286998e7c90022c57177d63fc758f67d78048d9b38fafdf6e88aaea0fdece03
Infos:

Detection

Score:	20
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

AI detected landing page (webpage, office document or email)

Potential document exploit detected (performs DNS queries)

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 7000 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\890353636349.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 2312 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7196 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1644,i,16379480728050368061,9106298892841580487,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: global traffic

DNS query: name: x1.i.lencr.org

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.dr	String found in binary or memory: http://x1.i.lencr.org/

Source: classification engine

Classification label: sus20.winPDF@14/46@1/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-24 16-11-30-816.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\890353636349.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1644,i,16379480728050368061,9106298892841580487,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1644,i,16379480728050368061,9106298892841580487,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: 890353636349.pdf	Initial sample: PDF keyword /JS count = 0
Source: 890353636349.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A9vxzc8l_1akvxlu_3sc.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A9vxzc8l_1akvxlu_3sc.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: 890353636349.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: 890353636349.pdf

Initial sample: PDF keyword obj count = 65

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: PDF document

LLM: PDF document contains prominent button: 'click here to view document'

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Exploitation for Client Execution	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://x1.i.lencr.org/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false		unknown
x1.i.lencr.org	unknown	unknown	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.1.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541493
Start date and time:	2024-10-24 22:10:32 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 5s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	890353636349.pdf
Detection:	SUS
Classification:	sus20.winPDF@14/46@1/0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 23.22.254.206, 52.5.13.197, 54.227.187.23, 52.202.204.11, 2.22.242.123, 2.22.242.11, 172.64.41.3, 162.159.61.3, 2.23.197.184, 88.221.168.141, 199.232.214.172, 2.19.11.117, 2.19.11.122
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: 890353636349.pdf

Simulations

Behavior and APIs

Time	Type	Description
16:11:42	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

Joe Sandbox View / Context

IPs

⊘No context

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
bg.microsoft.map.fastly.net	Doc-Secure6033.pdf	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGKYA8h-2Fs2ZE4k4Mw5OTNkG7MXiFSxnNtW0j6ofSHAXW1HldotIiuSczAWXKMwqPC9SEFfmHbhfPeJSnLL1byLqHFtV-2B5-2Bzlu3aEmkvEsjdF4pfPyN0cCie5qLdpyqXEVc-3DdW75_nptsQERiP2bxDplO0Yopma5-2B3-2BHXjIBfjCSriTnBL6bDAIVjKAbvVGNCWdU9DqIsFlkV1hwq0qq8QFfBJ4Jw83lxfQiag11eNjful-2F5DZNB0MfOdNL9CUK7i3u0XSRn3tgRxnTXYhlIImrFKtd24RJvAaDi0YLYq-2F-2Bnuc9osPPDAYREdTeCb9pcHCOzNWNquq3heowckATHcFvqXT76Jk2gcbZFXWlQRsFjG8eDMpM-2FLXpgzBvYnGXnUOibU2YR8sPRE-2FoPHFza-2Fw01eQ45phCwYix9qckBwiXG0HXQmAbfGqimPLouUL92q8izxx4IU5EnAunMVPc46qKMPXhEF7g-3D-3D	Get hash	malicious	Unknown	Browse	199.232.214.172
	QN1BkRVd.eml	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://na2.docusign.net/Signing/EmailStart.aspx?a=c6104538-ac3b-4407-b24b-a0b641ee4589&etti=24&acct=7853161b-6814-4528-85bc-ffe96cfca42f&er=09ab18a7-8de5-4c92-931d-cb9cd9f7b00d	Get hash	malicious	Unknown	Browse	199.232.214.172
	https://egift.activationshub.com/gift-card/view/8lPFUrjq1LGzg7JHwS8hJJRdL	Get hash	malicious	Unknown	Browse	199.232.214.172
	https://www.canva.com/design/DAGUUU-VdiI/DdL4Z-_loK4X7NMMbGGnJg/view?utm_content=DAGUUU-VdiI&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse	199.232.214.172
	Windows-StandardCollector-x64.exe	Get hash	malicious	Codoso Ghost	Browse	199.232.210.172
	Payment for outstanding statements.pdf	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172
	ATT25322.html	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://app.pandadoc.com/document/v2?token=69b8ae0059c2551a9a27ed1b65653c1a0b5ee1ff	Get hash	malicious	Unknown	Browse	199.232.214.172

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.236570790928558
Encrypted:	false
SSDEEP:	6:+7dL3HMq2Pwkn2nKuAl9OmbnIFUt8t7dL/Zmw+t7dLtkwOwkn2nKuAl9OmbjLJ:qJ8vYfHAahFUt85J//+5Jt5JfHAaSJ
MD5:	6382DEFAF52B629BDE3FFF203DF783C2
SHA1:	BE3D9EFE400CA0D7F8CACDEA0419E23E9364119E
SHA-256:	6530ACF7BE8A3E88A0EFC5C63EA0783004B13E925160D6EBE979940AC230F8D7
SHA-512:	3F3CF6C42352C73A0FA260D16BEE8CFED82C78CE9F0BDD9DCAF46306FEF64938A6C46971A73A21730E30D283274FA51CA246285EB97B4280A1188A4BC95A8DF6
Malicious:	false
Reputation:	low
Preview:	2024/10/24-16:11:28.517 18b4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/24-16:11:28.519 18b4 Recovering log #3.2024/10/24-16:11:28.519 18b4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.236570790928558
Encrypted:	false
SSDEEP:	6:+7dL3HMq2Pwkn2nKuAl9OmbnIFUt8t7dL/Zmw+t7dLtkwOwkn2nKuAl9OmbjLJ:qJ8vYfHAahFUt85J//+5Jt5JfHAaSJ
MD5:	6382DEFAF52B629BDE3FFF203DF783C2
SHA1:	BE3D9EFE400CA0D7F8CACDEA0419E23E9364119E
SHA-256:	6530ACF7BE8A3E88A0EFC5C63EA0783004B13E925160D6EBE979940AC230F8D7
SHA-512:	3F3CF6C42352C73A0FA260D16BEE8CFED82C78CE9F0BDD9DCAF46306FEF64938A6C46971A73A21730E30D283274FA51CA246285EB97B4280A1188A4BC95A8DF6
Malicious:	false
Reputation:	low
Preview:	2024/10/24-16:11:28.517 18b4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/24-16:11:28.519 18b4 Recovering log #3.2024/10/24-16:11:28.519 18b4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.194608985992321
Encrypted:	false
SSDEEP:	6:+7dLzfkQ+q2Pwkn2nKuAl9Ombzo2jMGIFUt8t7dLddWZmw+t7dLUMQVkwOwkn2ng:qJz5+vYfHAa8uFUt85JjW/+5JqV5JfHA
MD5:	723E5399735DA59A0428B489C5B30F38
SHA1:	CC8AB9F286AC21661D0FCC96E2735B3083AF9DEF
SHA-256:	33B4E9C90FB83B06CA30BBE62341FD0A1F5EF0EC63AAC53EF021F50EF3883F7A
SHA-512:	9345DB0826F779CA430B84BEB5EE2F6EF5DF4DFF25C7055AAB022D15C2EEEB0489BA558D07A422619B52447B736FA7D13B84036A800FCA10898E42EE7683BE7E
Malicious:	false
Reputation:	low
Preview:	2024/10/24-16:11:28.538 1c3c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/24-16:11:28.539 1c3c Recovering log #3.2024/10/24-16:11:28.540 1c3c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.194608985992321
Encrypted:	false
SSDEEP:	6:+7dLzfkQ+q2Pwkn2nKuAl9Ombzo2jMGIFUt8t7dLddWZmw+t7dLUMQVkwOwkn2ng:qJz5+vYfHAa8uFUt85JjW/+5JqV5JfHA
MD5:	723E5399735DA59A0428B489C5B30F38
SHA1:	CC8AB9F286AC21661D0FCC96E2735B3083AF9DEF
SHA-256:	33B4E9C90FB83B06CA30BBE62341FD0A1F5EF0EC63AAC53EF021F50EF3883F7A
SHA-512:	9345DB0826F779CA430B84BEB5EE2F6EF5DF4DFF25C7055AAB022D15C2EEEB0489BA558D07A422619B52447B736FA7D13B84036A800FCA10898E42EE7683BE7E
Malicious:	false
Reputation:	low
Preview:	2024/10/24-16:11:28.538 1c3c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/24-16:11:28.539 1c3c Recovering log #3.2024/10/24-16:11:28.540 1c3c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\94904b28-2c39-4174-a2a1-ef1bbf5918df.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.96586900324779
Encrypted:	false
SSDEEP:	12:YH/um3RA8sq2oksBdOg2Hfcaq3QYiubInP7E4T3y:Y2sRdsqdMHu3QYhbG7nby
MD5:	BEC71DB103EC6BF65E8BBF75BCC5118C
SHA1:	0062712A1F9D35EDFFD7B98D1FC56425BA4832A9
SHA-256:	F026C1D687F4879196A4558B53F6831185B656B62363F16DBB4EC737956C1DE8
SHA-512:	DAAAC939D9DC01822720271FC34F2CFC89502B6450107A3B05374F98AA07092B4C3A092F63FCE2A4676195CA7A22AE6EECCC9B5D010D8A896FD75CD45F3E4877
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374360694451279","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":248412},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.96586900324779
Encrypted:	false
SSDEEP:	12:YH/um3RA8sq2oksBdOg2Hfcaq3QYiubInP7E4T3y:Y2sRdsqdMHu3QYhbG7nby
MD5:	BEC71DB103EC6BF65E8BBF75BCC5118C
SHA1:	0062712A1F9D35EDFFD7B98D1FC56425BA4832A9
SHA-256:	F026C1D687F4879196A4558B53F6831185B656B62363F16DBB4EC737956C1DE8
SHA-512:	DAAAC939D9DC01822720271FC34F2CFC89502B6450107A3B05374F98AA07092B4C3A092F63FCE2A4676195CA7A22AE6EECCC9B5D010D8A896FD75CD45F3E4877
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374360694451279","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":248412},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.257258109645963
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7B8Cq8zZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goj
MD5:	4057D0A3CB6F0270AE6BC7DF8D71240B
SHA1:	A4276175B6E8E6C6A1BF3D2AB4EF1DDE1E19411E
SHA-256:	07D2882F334638F512AB03B77C0F3B7FBF6D531FB7B1AC1B63AE641A96AE56D4
SHA-512:	3AE90A078C8847D9672AB96F223470EA2743DF122E0E450BC8F4061ADCD398FA9B25CEC9DB31EC01F09FE7AC5EEA770C86C3CEFAF3A3FEA9E4F370A8870F1862
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.192554154026603
Encrypted:	false
SSDEEP:	6:+7dLT9pQ+q2Pwkn2nKuAl9OmbzNMxIFUt8t7dLToDdWZmw+t7dLTNQVkwOwkn2nv:qJT9i+vYfHAa8jFUt85JToBW/+5JTmVj
MD5:	DEF75AAAE1C4A0403A2648737D1FBF12
SHA1:	F372F1CF7232EBE1424167CA15550F314F868E3A
SHA-256:	EA81B95ABC42E0BB0A09FD944C12870173FFD87189761812FEC445A0FA865477
SHA-512:	A4A1BA048C8729CF2FDD180BF0BBF7D18CEB66F9DFB7B69F32B14DA66383666BCB728EEBC91F168B7FFAEE840DB69102B89E081D9572D68FC07872B804AB20DD
Malicious:	false
Preview:	2024/10/24-16:11:28.674 1c3c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/24-16:11:28.686 1c3c Recovering log #3.2024/10/24-16:11:28.687 1c3c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.192554154026603
Encrypted:	false
SSDEEP:	6:+7dLT9pQ+q2Pwkn2nKuAl9OmbzNMxIFUt8t7dLToDdWZmw+t7dLTNQVkwOwkn2nv:qJT9i+vYfHAa8jFUt85JToBW/+5JTmVj
MD5:	DEF75AAAE1C4A0403A2648737D1FBF12
SHA1:	F372F1CF7232EBE1424167CA15550F314F868E3A
SHA-256:	EA81B95ABC42E0BB0A09FD944C12870173FFD87189761812FEC445A0FA865477
SHA-512:	A4A1BA048C8729CF2FDD180BF0BBF7D18CEB66F9DFB7B69F32B14DA66383666BCB728EEBC91F168B7FFAEE840DB69102B89E081D9572D68FC07872B804AB20DD
Malicious:	false
Preview:	2024/10/24-16:11:28.674 1c3c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/24-16:11:28.686 1c3c Recovering log #3.2024/10/24-16:11:28.687 1c3c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241024201132Z-156.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.5143351103833318
Encrypted:	false
SSDEEP:	192:nS1ZvoJkSAZoJMQWXRvhiBnMK0379lVB11J9:nS1ZvS5KXK037H
MD5:	BC87322686D05A9C1C926D24C0A8FB47
SHA1:	0D5D94CDC708CFEA12F0141F13493AA744402A0A
SHA-256:	B630F807A27D97E5E980FCFA82AAD2F3983F83F9F975DC4F114C88A8C1678EFE
SHA-512:	385D862898556FD838D601545B5AD975558B7B0C2B4305B599A8173601FAE425CBC4A3B5C67F93F765BC94C10869690D7D8606CCCF674B89AC4FCD7EA6923B51
Malicious:	false
Preview:	BM........6...(...u...h..... .........................".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".".................................................................................................................................................................................................................................................................................................................................................................................................................................................................................".".......

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.444999517308639
Encrypted:	false
SSDEEP:	384:yezci5twiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rHs3OazzU89UTTgUL
MD5:	AAF65760E52DFE8DB26000305E107AE7
SHA1:	48144AA82C2EBD0A2ACD6A00441453D178044754
SHA-256:	74DB7DC0A7FF34826E85AFC043B73DC688FF68357F3C774AAF83CD2E1C4ECCFE
SHA-512:	9514F9F4853FFBBB668B5B4D0B278DD068E7B75404A15FDE6D445FEE3EEC64AC31BDE39E5199EDB1A33E086CD19395887F2AD31C2DE980C7E72D5F8797EE50DB
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.7720384002218945
Encrypted:	false
SSDEEP:	48:7MTp/E2ioyViioy9oWoy1Cwoy1OKOioy1noy1AYoy1Wioy1hioybioy0oy1noy1B:78pjuiFpXKQF2b9IVXEBodRBkm
MD5:	912CDFBBB1568C13B5353762EFB2C0DB
SHA1:	B0A445B3EC7C29FE1F3FE0A10BE8FEA8E843B3D4
SHA-256:	8502BD0CBDEE1C26C06EFCDF67A263911A06DE832F81B7E779E05A2C633B7AA5
SHA-512:	178EDB3CA66471410BB1FF20145EF37654470063579FB9C20DD4688D0602541E7716FD7F9DAB13E1E6B5EBA4C2135696124937E002FD447D128EC331B0B40171
Malicious:	false
Preview:	.... .c...../..6...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.7895108629891827
Encrypted:	false
SSDEEP:	3:kkFkl4EkZtfllXlE/HT8kdtNNX8RolJuRdxLlGB9lQRYwpDdt:kKhleT8KTNMa8RdWBwRd
MD5:	B2D1B22EF95066EF3DD2E730652A487E
SHA1:	6384CE09BDE6C2F53C5EC72CB5D9D768424669D2
SHA-256:	762B352FE244136719A061CEA4C9D0AF83FEFC6E7589B2E8056EC68C87BE6809
SHA-512:	0DC3DD4AC55BE942CABB3DE97AFFE60787AA491036AE57CFBEEB949D4AFB266E86358B6F1983FAFD11D0FE8A99429AD83D44B7ACF056F373F4CF530A775AF6A6
Malicious:	false
Preview:	p...... ........Ka..P&..(....................................................... ..........W.....<..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.2334012590155985
Encrypted:	false
SSDEEP:	6:kKPL9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:yDImsLNkPlE99SNxAhUe/3
MD5:	1016938ADA38ABBEC70CA93959B0E099
SHA1:	B62C5BDFF36317BBDF0AFA5048D0DADA59A0DD70
SHA-256:	253173C8B1EAA20777ED750BADE70BF33D0FBA8EAA41365292FF71F9369F66AB
SHA-512:	8A947C4B70949E7EABCD349BF6359C577DA5BC24FD59975562D2F3B0930FE7FDA2C96B7B15AFECC7D88D6903AA3C529FFC1DC23EF7406DAC19A89B77AD3F8699
Malicious:	false
Preview:	p...... ........h...Q&..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	243196
Entropy (8bit):	3.3450692389394283
Encrypted:	false
SSDEEP:	1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
MD5:	F5567C4FF4AB049B696D3BE0DD72A793
SHA1:	EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
SHA-256:	D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
SHA-512:	E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.347278228946609
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFMQDIo74BQGp9VoZcg1vRcR0YH/CKoAvJM3g98kUwPeUkwRe9:YvXKXFMQDIp7EZc0vYgGMbLUkee9
MD5:	5E3B6227E02D19E51BE4A6B7955107F5
SHA1:	F5B8BA233DEE0BF786AADA7FD7FEFBB59EBF631C
SHA-256:	71B00A9B0ECC42EC67BD021738C47CE7038717231678DF90D27C23453C2810E6
SHA-512:	ACC17B96D7AEC3A725A8BDB51146370F2E6061442C09104778EC54006F245CD979E96E06DB75AFB096F5C9388E5D80C0B2EFE7669C0F491973176C199B851A0F
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c6cc17e-dcbf-48ed-9226-2707dc1c9e23","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729973974918,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.294789210663441
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFMQDIo74BQGp9VoZcg1vRcR0YH/CKoAvJfBoTfXpnrPeUkwRe9:YvXKXFMQDIp7EZc0vYgGWTfXcUkee9
MD5:	3CE90A055B843837208D9C4E2CF5159C
SHA1:	1DB61D7A7949A2477B1C719E58F15820A05CAC69
SHA-256:	3EF2185D8E48601F2064CA666838CB8C43418CCEBAF6F3BF39E136782062B377
SHA-512:	1ABBBE7193B02DA239C989F13AB0B73ACFD7F066C7197BCE6515254BAE695E3C58FB603FCC3BCDC52E4F61826522B7EDA9D8865F383D7536DE50D523C4FCE445
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c6cc17e-dcbf-48ed-9226-2707dc1c9e23","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729973974918,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.2721448474021395
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFMQDIo74BQGp9VoZcg1vRcR0YH/CKoAvJfBD2G6UpnrPeUkwRe9:YvXKXFMQDIp7EZc0vYgGR22cUkee9
MD5:	18623AE7644C7D7B532536788C1CF532
SHA1:	B82F69DE66D2B52116808D4149243BC63861897E
SHA-256:	B11A86F82C2EA5AEC355DA024EE879708CE1FD35EFADBF737BEB2D6C13C6FAAB
SHA-512:	79B6886B6425CFDA2C654200661984605EA3D57EFE75582A286AAEF7A6F931E2946184A5DFAE3408625A055EBD933FE05B558C958EC195DF140A0B22E96515C8
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c6cc17e-dcbf-48ed-9226-2707dc1c9e23","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729973974918,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.3337243436550805
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFMQDIo74BQGp9VoZcg1vRcR0YH/CKoAvJfPmwrPeUkwRe9:YvXKXFMQDIp7EZc0vYgGH56Ukee9
MD5:	D5ADC321A397A98627B4E87DA1E87CF0
SHA1:	B29D919DE62290DE5EC3EEEFE29DA8100396A316
SHA-256:	2E8D15E0E4D9A709DB881424D03DF45F62E9215D5F40ACFE768A132D3A65D139
SHA-512:	09599FB108FB264C9DD1ACCB23E6A36AF741085878C3A2DB0C51A605F7ECA49E44C217522B256DF8C48A188C4AC1EFA61FBECC2C65C2165D460313FDC7B54A01
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c6cc17e-dcbf-48ed-9226-2707dc1c9e23","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729973974918,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1055
Entropy (8bit):	5.656932685895578
Encrypted:	false
SSDEEP:	24:Yv6XrzvY9pLgEscLf7nnl0RCmK8czOCCSh:Yv8QhgGzaAh8cv/h
MD5:	2F20B4C8069F7B1E96BCCBA76354D796
SHA1:	D9F130BE59D99BE89D5C57C0F05AD2472D4B4984
SHA-256:	33CD7B75C90CC288C342E8171DC3FA4231BFBA29CBA3F0C34F829619D80CFE52
SHA-512:	400975EF9C08C37848695CA316DF81C7E0D1DF52F64606EFA1FE8DD990B9C922A83A1EB8AAAC8638EBFD2203B071777FEDECDBB248CF88E2574A49375B9FEC59
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c6cc17e-dcbf-48ed-9226-2707dc1c9e23","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729973974918,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_1","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"eb1a4bce-8215-46f1-b44c-154b21a85d60","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingScheme":tr

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.650978284263448
Encrypted:	false
SSDEEP:	24:Yv6XrzvYhVLgEF0c7sbnl0RCmK8czOCYHflEpwiVo:Yv8CFg6sGAh8cvYHWpwh
MD5:	80F5CD9D00F29F7040163FB279280BD9
SHA1:	A581FDF87243C8F16F1B6C153DC6C540CB64EB7A
SHA-256:	A5C26EF0C8C38769D5A94341DDA51B6203A55DA6FD842ECE12D150098A781EC8
SHA-512:	A7C062D0C6F67C16F779A8218AB6A37516D588ABFFA465474726D8AE1C638ADE9B6FDCF53BE26F00008B5E55C1A00AD471C9E01166AED54EEE0C2BCF435393D3
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c6cc17e-dcbf-48ed-9226-2707dc1c9e23","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729973974918,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.280699653216001
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFMQDIo74BQGp9VoZcg1vRcR0YH/CKoAvJfQ1rPeUkwRe9:YvXKXFMQDIp7EZc0vYgGY16Ukee9
MD5:	0217FB254903A812BF974AC225550399
SHA1:	E65523C0C33A1690031E48F64A16628726376F42
SHA-256:	1B9A69BFD4AC52FDD9AE937B201E25C819106F73AE03219C74E893E8B51065B5
SHA-512:	659ECF891D4B2F8CC2172D6FAB5106B37CD98E45C9139210860017949C70933D72E69DE5B3A6A9BEDD4603DBEC0CD59BFCEA2B831BB7D0D6CBE43432F0D04C41
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c6cc17e-dcbf-48ed-9226-2707dc1c9e23","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729973974918,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1038
Entropy (8bit):	5.643519989050632
Encrypted:	false
SSDEEP:	24:Yv6XrzvYQ2LgEF7cciAXs0nl0RCmK8czOCAPtciBo:Yv8vogc8hAh8cvAm
MD5:	583BB1DAD4F5A58DE475FDB55913C76A
SHA1:	4C01E1F96C273AC9217C50812A76846E6607C8AD
SHA-256:	5E2F0D448B99AAF6F68A4CEA3CC74E6A9B634AA56891A8D9DE1D5D9566949041
SHA-512:	54DD7946A0FB4B802A8D9090814CD91C4C8EDFD79E33825659E663759580970BAB434058D6A3986E925F11E5EDB6F2799965C533BB286A30AAD1DB7B56E5D301
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c6cc17e-dcbf-48ed-9226-2707dc1c9e23","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729973974918,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.695914686069947
Encrypted:	false
SSDEEP:	24:Yv6XrzvYYKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5o:Yv8DEgqprtrS5OZjSlwTmAfSK6
MD5:	4E216577C19D2BA6CF1971DA1D10B16A
SHA1:	4D7E37AE05B7EBEBFB910B9E148B1705362C7721
SHA-256:	0BF2D621A648A5DF288A82AAEC36FE8BBB47922077033205365BBD5805B09511
SHA-512:	DCDEC4D34D8B7891DEA78D51AA54CE8E2686F3767F4136ED7D640D2C4F49F9BF7F954BC612186D52940C21E39A680960348D1495CDC25BF4A15015ADD5FC88BC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c6cc17e-dcbf-48ed-9226-2707dc1c9e23","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729973974918,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.285106302264477
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFMQDIo74BQGp9VoZcg1vRcR0YH/CKoAvJfYdPeUkwRe9:YvXKXFMQDIp7EZc0vYgGg8Ukee9
MD5:	78FCE8032E51CAB0F29103CE1F908A0A
SHA1:	5C995C5B1DF4ABA8385071211BF2460B520C3744
SHA-256:	74E8345AE72C95CC99AC7B4B298E3F0913A0E06F6D150CC85F3AE2564B35E3B4
SHA-512:	E846076261A12BEA18A6F3FE9824D26305F204698DD6658BDD2D1842ECF4AA5D8EE79D4475B8550E7F65440C730B1F2BB1B94EE053982312F8C4A677FA2787A8
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c6cc17e-dcbf-48ed-9226-2707dc1c9e23","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729973974918,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.770517206451976
Encrypted:	false
SSDEEP:	24:Yv6XrzvY3rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNw:Yv8eHgDv3W2aYQfgB5OUupHrQ9FJ6
MD5:	DB841587DCE98BBDAFC3C39A125D0B68
SHA1:	5C6C3E9BF8691573A17254A14BBC163C834FB695
SHA-256:	C9F6C5FE8F007A3C8B204770E482F8B21D3B701B90EF75C00BA9C2D4DC9DC5DB
SHA-512:	2DC2EFC35A61F8EB128B8BB9EB8E06F7B7E4D63EE7C6C75B5F09E6B18676290926CDCE0B900C7254A8E2778A834EAD09ACAE001B056A9BFEFE9D74B0BB2C8BA4
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c6cc17e-dcbf-48ed-9226-2707dc1c9e23","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729973974918,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.2687557621220895
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFMQDIo74BQGp9VoZcg1vRcR0YH/CKoAvJfbPtdPeUkwRe9:YvXKXFMQDIp7EZc0vYgGDV8Ukee9
MD5:	E7DB1AD3FD0E71A8734109481B31825C
SHA1:	B0BA3AD1C6423CD51BF3470EDCE1090F63DD5309
SHA-256:	99F41EDAC650136A9084A704E6B90A097B67642070CB39FE90909ED47883B1A2
SHA-512:	26051F0D05033A90B3A5587D2135691C1B39D3FDAC82DD0C49BC90B4A8C0BE94A034EBADDF1858A47E8EDBA4DA9FD9AE8F7E1DB9C4F19DC928E4FF2A82400761
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c6cc17e-dcbf-48ed-9226-2707dc1c9e23","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729973974918,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.2725513136498074
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFMQDIo74BQGp9VoZcg1vRcR0YH/CKoAvJf21rPeUkwRe9:YvXKXFMQDIp7EZc0vYgG+16Ukee9
MD5:	7460F49A38E8A8D8987DB646340D3A44
SHA1:	88CA81750D38A6B5C40924024DE46EF7DC647672
SHA-256:	06293D57661C2C4D645F08F6BAE903754920CA5B9566D21C34F23E4849D14950
SHA-512:	B7211EAABF929CAF0B23908DF996365D8D6C7D3C8FB5A9B98620A7EBDE071018952C3D82BC35959164D78D89D0E2508270ECAB78E4EB9634D4FCCCCFD59A929A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c6cc17e-dcbf-48ed-9226-2707dc1c9e23","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729973974918,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	5.6269059231230285
Encrypted:	false
SSDEEP:	24:Yv6XrzvYFamXayLgE7cMCBNaqnl0RCmK8czOC/BSh:Yv8SBgACBOAh8cvMh
MD5:	E968F6C5442386DCD22F438CDF20FC09
SHA1:	D42354787DAA50C51C9214AC31FE805460D60902
SHA-256:	58C1FD4DBA2FD41C7DC7787874797D914B0285FB7140BDB23B41EAF0304BFF13
SHA-512:	A5BB107D4E89C7467619464EE9E1324822C0E19A43705E5023FC6E7542176AEF87B4E543C4CFBB416D330EC670B9B2F1D44731E5B5DFAC675E09E4CD7A037803
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c6cc17e-dcbf-48ed-9226-2707dc1c9e23","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729973974918,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_0","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"6291f52b-6cb0-4d31-bc46-37ce85e9eb25","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1751323379000,"s

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.248225691531901
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFMQDIo74BQGp9VoZcg1vRcR0YH/CKoAvJfshHHrPeUkwRe9:YvXKXFMQDIp7EZc0vYgGUUUkee9
MD5:	206A8D92E013B7BBD83D2850921DD5CE
SHA1:	6F4F43EEF1E00E812A128A685AB6B8915E8C0CED
SHA-256:	3B36357E20D0BDBFE215ECEE4924A526F16AE17EAE5403ED8DE12290690623C3
SHA-512:	CA38A375A8ED588ADCC28E690343FFB2999996AF3C784C938A12F7DA3F147145F3B457438CF78C4EA585B56F05C70655192EBFEC1B049177B92E8A838BF43898
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c6cc17e-dcbf-48ed-9226-2707dc1c9e23","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729973974918,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.3560976383421774
Encrypted:	false
SSDEEP:	12:YvXKXFMQDIp7EZc0vYgGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWUN:Yv6XrzvYW168CgEXX5kcIfANhh
MD5:	9C474325A8B7055262FEE191AA5AEF7D
SHA1:	FA4922363A8671A27586483E40D82A815DD05C3C
SHA-256:	E18283A41E8FC92C70E2C14ABE6195A0955947C93ABE8F6612ECE126A5F3F159
SHA-512:	D9C2F913DD0C61FFA18F6C9303921CC7EA72BCFE67A9D58CF6BF103C47881ADED1CAFA0CB686113529E97E96892BC849C1858155B4B962F18E3E5E1884B463EC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"2c6cc17e-dcbf-48ed-9226-2707dc1c9e23","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729973974918,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1729800694951}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.126899979738831
Encrypted:	false
SSDEEP:	48:YwH/rmrkSsCEqNXqqPRhYzqPsbD7cZXf9DzA:tiX7nNXqihiqPM7snA
MD5:	03AEF9B02AD3CA2D3B6588A3F093393C
SHA1:	6E6EE3BCE1A5C8C797F1463E29CDABFA7677BF79
SHA-256:	8898C43C0BE81F4A5CB07DD01B6FD1A33B6F87399A30CD79FECC054ADF9EF048
SHA-512:	0CD7A0AB130849062C3C231E3485159ACA0D0EE9338EAE7D9735D1EAA094F3D91D27E2D7D666AEF629AA0F106F053BDFD65086CBFFA6CF0C3330E6C1585D2431
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"7e0979ca703d8928ed63853b3dad1294","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1729800694000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"4b2fb567b008a9522446e7b08e60a39b","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1729800694000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"4867d826dfb736712f67ac3f356ac54f","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1026,"ts":1729800694000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"599ef9842283b7d9a765d7ca49338b87","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1055,"ts":1729800694000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"4ce9ef8b6b7bfa774098bf9ee7a2b611","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1729800694000},{"id":"Edit_InApp_Aug2020","info":{"dg":"87a67b750dff85da5c8ef0b1251077da","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.18898177946003
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUUahSvR9H9vxFGiDIAEkGVvpuF:lNVmswUUUUUUUU++FGSItY
MD5:	7312C706D93055F178DCE72E68ACF40C
SHA1:	B37812BE833C2FCA686CFD6515A3745E105346CE
SHA-256:	5308D368CACBC01F957B5576305B4EF546AF6E20820EDF871FDB4472429A8E7B
SHA-512:	94099536358E0B436DA6CA5A6A4D7DCA1D473E5C42CF6C1A2D0595A122B33979D9D897C3A786E0D5A174C8B79B5F8E5004677AB0645ED021D5E66FAA6A18D5B8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.6081270478335372
Encrypted:	false
SSDEEP:	48:7MJKUUUUUUUUUUapvR9H9vxFGiDIAEkGVvNqFl2GL7msa6:7nUUUUUUUUUUcFGSItzKVmsa6
MD5:	2BD21277AD4AA3F76DC8236FD63C0907
SHA1:	00DF9A917335581ECC61F0B43860900E50157DF2
SHA-256:	063D08823B8EC69609FE3706E95EF65052FB64D805DA9FCB569083FFE19F55FF
SHA-512:	6E7A81E93B9BC1CF7FA7CD51A72037581F8EBE15D8D564433536C4047C9C00A6A22D7830892C1A95561207274AF1DF471C1A8864B6E1BCD6D43E92E51E358D8A
Malicious:	false
Preview:	.... .c.....Dw.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI487f6.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.51161293806784
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8cjqrNFIwle:Qw946cPbiOxDlbYnuRKHANFIww
MD5:	A0A1B75C55F185DD947D400E1959DD8D
SHA1:	409EC1E95E9A68799E7D4DD4EB6557E8D89CE191
SHA-256:	E46A02BDE5E8FAFDCAA28CF18185F138940951BE6394EA5E70536893D5934253
SHA-512:	BB63E0629AB9DE2E675A2C8D3C3A6CB876E788222EF226A6D2A2F1662DA8EA4FF8B520EE7EBA927CA395795FF045C8C376F89722607D08535C0EE3A14B56286D
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.1.0./.2.0.2.4. . .1.6.:.1.1.:.3.6. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9vxzc8l_1akvxlu_3sc.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.0643820708701455
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOkbn1gRIhnSkbn1gRIFCSyAAO:IngVMre9T0HQIDmy9g06JXUTGRIhRTGG
MD5:	2DD8492CEA2EF0DE8ED2D12B4A7287B8
SHA1:	18AA7D47B59B8594EB2F519FAA2CF299D0B194A5
SHA-256:	3FBAB12D6C67B93C91FC3948810881CAAA10BA6219CAFA27AE4137B3B1D30764
SHA-512:	05B3BFBDDC2CD5FA4680402663341F659E2FC59AC0F5DF0D99469E47C8E9B278AB29C43D22C1A7F7FD9673FF1E6D67A6DA89089B59F355419020BDF3E2DB1D1B
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<88B75B9963B4F943B19E6E65E0295C9C><88B75B9963B4F943B19E6E65E0295C9C>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-24 16-11-30-816.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15111
Entropy (8bit):	5.352646054007952
Encrypted:	false
SSDEEP:	384:0T3zyGx+1FRy8emuX9XcRnoVViRWrnDGSJIxP7xzZVV0Kp2V7KCGW7WLug2yHskk:dNC
MD5:	EFEEB94F8FE368A162F972EEC849B7AA
SHA1:	2BC641DEE32F9E24DFAE9632F9EAAC7AF4E9ED96
SHA-256:	AC65609E311D1E799A184C7E67CFFD70F02C0E7342D64E743030AE51707F16F8
SHA-512:	C3211E469C4B1363683C9E0E346E89C8D86BACFC6289F9A79B28752F657747E70837019D23D324D5EF8A99E3244FCDF3584D68B51E800456CED51A40D7B5A4BB
Malicious:	false
Preview:	SessionID=b6bea8e4-a642-42f7-955c-69f84b6d9971.1729800690826 Timestamp=2024-10-24T16:11:30:826-0400 ThreadID=2304 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=b6bea8e4-a642-42f7-955c-69f84b6d9971.1729800690826 Timestamp=2024-10-24T16:11:30:836-0400 ThreadID=2304 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=b6bea8e4-a642-42f7-955c-69f84b6d9971.1729800690826 Timestamp=2024-10-24T16:11:30:836-0400 ThreadID=2304 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=b6bea8e4-a642-42f7-955c-69f84b6d9971.1729800690826 Timestamp=2024-10-24T16:11:30:837-0400 ThreadID=2304 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=b6bea8e4-a642-42f7-955c-69f84b6d9971.1729800690826 Timestamp=2024-10-24T16:11:30:837-0400 ThreadID=2304 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.3824631433221475
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rV:qa
MD5:	7CEDFA99678365F5D131DA42A8A9E03E
SHA1:	92B9BE09F925BD91B16D37C1631D0E3451E5FCA4
SHA-256:	3A3F1BC3B34684C12F694E8EFCFC24765C7657A925DFFA2BA87E32272DAC9B48
SHA-512:	850A3E111CFB4AD7C0BE6E51D6DEE182B44D608595B6116C8980D9A127479607BC4222B18C19E3678B88F3F775975ED6E411BB77FA8B3F6B062C4392F738A2D2
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\468a5638-3abe-4458-91c0-a850d0d1c64b.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\6c6e1b9d-3de5-47f5-9b66-3742508a446d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\800bb79d-3362-4a84-b5d7-fd400410da04.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57837
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7owWLaGZDwYIGNPJxdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07c:JVwWLaGZDwZGV3mlind9i4ufFXpAXkrj
MD5:	96E2EE6506759519A5E3E5E550F28388
SHA1:	477522A699526F3EC2270AD0B3D3B8D6609F8BBB
SHA-256:	D135FEF8231B87D1F758B3D31FC5467BC933321F7E8EACB316F933DBA36474D5
SHA-512:	C84E93CB72ABC0742C44BF13608472EDD30BE64358C0DA350D9D54C0A88EC45931D48CE1DA823FC527E5134E7277B16AFE0521F2716C067A519FDD390DB315CC
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\b234c623-5824-408d-bccc-e9a15d0fbcec.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

Static File Info

General

File type:	PDF document, version 1.4, 1 pages
Entropy (8bit):	7.4977528400987925
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	890353636349.pdf
File size:	31'804 bytes
MD5:	d7926c13cb57a7bd08e7be4ebf4a10e1
SHA1:	a1e0a7e7a48a8b84c51b88cb49a2b5a0a7b0db76
SHA256:	b286998e7c90022c57177d63fc758f67d78048d9b38fafdf6e88aaea0fdece03
SHA512:	9bffec5ef04af81baa30bb4e8802b11caba90b77f3c680f8a1124c77c6065e0d0b57950669195c8b8c9cd668f8988bbad73709a17eb195947fb663cb7daa31be
SSDEEP:	768:hQAsMridoqSASBS9kOfOJU3wN3+d1zry5HnuIOXNFkHaWpLvncWj7vQOvpdiRtQU:/sS0oUyX7OsHZCWklt8W
TLSH:	70E22924F58E4C8CF843EBAE816D348B4E5DF4DB66CD7485006D0A5AF502D9BEB63287
File Content Preview:	%PDF-1.4.%.....1 0 obj.<</Title (about:blank)./Creator (Mozilla/5.0 $X11; Linux x86_64$ AppleWebKit/537.36 $KHTML, like Gecko$ HeadlessChrome/127.0.0.0 Safari/537.36)./Producer (Skia/PDF m127)./CreationDate (D:20241024143501+00'00')./ModDate (D:202410

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.497753
Total Bytes:	31804
Stream Entropy:	7.987423
Stream Bytes:	20136
Entropy outside Streams:	5.083509
Bytes outside Streams:	11668
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	65
endobj	65
stream	5
endstream	5
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Network Behavior

Network Port Distribution

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 22:11:41.573121071 CEST	50378	53	192.168.2.4	1.1.1.1

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 24, 2024 22:11:41.573121071 CEST	192.168.2.4	1.1.1.1	0x3e3f	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 24, 2024 22:11:41.949419975 CEST	1.1.1.1	192.168.2.4	0x3e3f	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 24, 2024 22:11:42.841263056 CEST	1.1.1.1	192.168.2.4	0x362a	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 24, 2024 22:11:42.841263056 CEST	1.1.1.1	192.168.2.4	0x362a	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 7000, Parent PID: 2580

General

Target ID:	0
Start time:	16:11:27
Start date:	24/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\890353636349.pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 2312, Parent PID: 7000

General

Target ID:	1
Start time:	16:11:28
Start date:	24/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7196, Parent PID: 2312

General

Target ID:	3
Start time:	16:11:28
Start date:	24/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1644,i,16379480728050368061,9106298892841580487,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 890353636349.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\94904b28-2c39-4174-a2a1-ef1bbf5918df.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241024201132Z-156.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Windows Analysis Report
890353636349.pdf