Edit tour

Windows Analysis Report
5173893RI_1518138.pdf

Overview

General Information

Sample name:	5173893RI_1518138.pdf
Analysis ID:	1544791
MD5:	92f0367f486b9f25b0f887bb2378cb97
SHA1:	7c8877f7507631bd777088137069f4fbea7a9329
SHA256:	06f8d24ca56e2e8c671baefdf76cbdb756031ade1cd37dffd08e4fb04170f56e

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Classification

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 2860 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\5173893RI_1518138.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 3100 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 3416 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2060 --field-trial-handle=1592,i,4056437335574955262,12825995236133553984,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic

DNS query: name: x1.i.lencr.org

Source: global traffic	TCP traffic: 192.168.2.17:49711 -> 96.7.168.138:443
Source: global traffic	TCP traffic: 192.168.2.17:49711 -> 96.7.168.138:443
Source: global traffic	TCP traffic: 192.168.2.17:49711 -> 96.7.168.138:443
Source: global traffic	TCP traffic: 192.168.2.17:49711 -> 96.7.168.138:443
Source: global traffic	TCP traffic: 192.168.2.17:49711 -> 96.7.168.138:443
Source: global traffic	TCP traffic: 192.168.2.17:49711 -> 96.7.168.138:443
Source: global traffic	TCP traffic: 192.168.2.17:49711 -> 96.7.168.138:443
Source: global traffic	TCP traffic: 192.168.2.17:49711 -> 96.7.168.138:443
Source: global traffic	TCP traffic: 192.168.2.17:49711 -> 96.7.168.138:443
Source: global traffic	TCP traffic: 192.168.2.17:49711 -> 96.7.168.138:443
Source: global traffic	TCP traffic: 192.168.2.17:49711 -> 96.7.168.138:443

Source: global traffic	TCP traffic: 192.168.2.17:49711 -> 96.7.168.138:443
Source: global traffic	TCP traffic: 96.7.168.138:443 -> 192.168.2.17:49711
Source: global traffic	TCP traffic: 192.168.2.17:49711 -> 96.7.168.138:443
Source: global traffic	TCP traffic: 192.168.2.17:49711 -> 96.7.168.138:443
Source: global traffic	TCP traffic: 96.7.168.138:443 -> 192.168.2.17:49711
Source: global traffic	TCP traffic: 96.7.168.138:443 -> 192.168.2.17:49711
Source: global traffic	TCP traffic: 192.168.2.17:49711 -> 96.7.168.138:443
Source: global traffic	TCP traffic: 96.7.168.138:443 -> 192.168.2.17:49711
Source: global traffic	TCP traffic: 96.7.168.138:443 -> 192.168.2.17:49711
Source: global traffic	TCP traffic: 192.168.2.17:49711 -> 96.7.168.138:443
Source: global traffic	TCP traffic: 192.168.2.17:49711 -> 96.7.168.138:443
Source: global traffic	TCP traffic: 96.7.168.138:443 -> 192.168.2.17:49711
Source: global traffic	TCP traffic: 192.168.2.17:49711 -> 96.7.168.138:443
Source: global traffic	TCP traffic: 96.7.168.138:443 -> 192.168.2.17:49711
Source: global traffic	TCP traffic: 192.168.2.17:49711 -> 96.7.168.138:443
Source: global traffic	TCP traffic: 96.7.168.138:443 -> 192.168.2.17:49711
Source: global traffic	TCP traffic: 192.168.2.17:49711 -> 96.7.168.138:443
Source: global traffic	TCP traffic: 96.7.168.138:443 -> 192.168.2.17:49711
Source: global traffic	TCP traffic: 96.7.168.138:443 -> 192.168.2.17:49711
Source: global traffic	TCP traffic: 192.168.2.17:49711 -> 96.7.168.138:443
Source: global traffic	TCP traffic: 192.168.2.17:49711 -> 96.7.168.138:443
Source: global traffic	TCP traffic: 96.7.168.138:443 -> 192.168.2.17:49711

Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknown	TCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443

Source: classification engine

Classification label: clean1.winPDF@20/52@1/65

Source: 5173893RI_1518138.pdf

Initial sample: mailto:arcusto@compugen.com

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5480

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-29 13-51-02-606.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\5173893RI_1518138.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2060 --field-trial-handle=1592,i,4056437335574955262,12825995236133553984,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 2C2F77C6663B5C0EF06CF7D24CC411D1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2060 --field-trial-handle=1592,i,4056437335574955262,12825995236133553984,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown

Source: 5173893RI_1518138.pdf	Initial sample: PDF keyword /JS count = 0
Source: 5173893RI_1518138.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: 5173893RI_1518138.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	3 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false		unknown
x1.i.lencr.org	unknown	unknown	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
2.23.197.184	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
23.218.232.159	unknown	United States	24835	RAYA-ASEG	false
184.28.88.176	unknown	United States	16625	AKAMAI-ASUS	false
96.7.168.138	unknown	United States	262589	INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR	false
18.207.85.246	unknown	United States	14618	AMAZON-AESUS	false
199.232.210.172	bg.microsoft.map.fastly.net	United States	54113	FASTLYUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1544791
Start date and time:	2024-10-29 18:50:27 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	5173893RI_1518138.pdf
Detection:	CLEAN
Classification:	clean1.winPDF@20/52@1/65
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 18.207.85.246, 54.144.73.197, 107.22.247.231, 34.193.227.236, 162.159.61.3, 172.64.41.3, 199.232.210.172, 2.19.126.149, 2.19.126.143, 2.23.197.184
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: 5173893RI_1518138.pdf

LLM Input / Output

Input	Output
URL: PDF document Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "INVOICE/FACTURE", "prominent_button_name": "unknown", "text_input_field_labels": [ "DE COMMANDE ORDER NO.", "DATE DE COMMANDE ORDER DATE", "N DE CLIENT CUSTOMER NO.", "EXPDIE PAR SHIP VIA", "DATE DE LIVRAISON SHIP DATE" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: PDF document Model: claude-3-haiku-20240307	```json { "brands": [ "COMPUGEN" ] }
	```json { "brands": [ "COMPUGEN" ] }

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.2129982434295865
Encrypted:	false
SSDEEP:
MD5:	8F6DDD273D65A0ECFC902DC128D347C6
SHA1:	94B7B40337D52D96F625C9B801A55A95DD7F30F4
SHA-256:	C9393F97304C85054458C4AB7760AF56520904925B444B2EC28F6BA2B47D5516
SHA-512:	D658547F1EC04B17B3CF5BF68B7D56DB9A5EFEAF7546071A6311339D1EE63053D865062B83949F63F1122D9366AABB8BDEE700D95184EE9335AD8C94B118DD07
Malicious:	false
Reputation:	unknown
Preview:	2024/10/29-13:51:01.383 f6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/29-13:51:01.395 f6c Recovering log #3.2024/10/29-13:51:01.396 f6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.1270009178187035
Encrypted:	false
SSDEEP:
MD5:	A7797F55473B38BFD9B1D2EC1126860E
SHA1:	3AA0155CC5F9C2888A19E0867636FA7470390860
SHA-256:	19566B6039902D11DE32E7E6DAC6387A3A33E56A43DB4595477150DA6471BF49
SHA-512:	1E73D88323E19769DBAED6D0D995537538D0DC130B391ACF53B849CCA4AD732D4FF451DC8A3971131BEC8EAA58913EA0AB757F6AE27D6C1E53E6DD33C407186A
Malicious:	false
Reputation:	unknown
Preview:	2024/10/29-13:51:01.289 15a0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/29-13:51:01.292 15a0 Recovering log #3.2024/10/29-13:51:01.293 15a0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	6495
Entropy (8bit):	5.236650613737916
Encrypted:	false
SSDEEP:
MD5:	12D918C295F956FF2212AD97E1E5D053
SHA1:	A400A2366957F78FE8FC6372F378417AEFAFA493
SHA-256:	8042A0DC3527634370E65125CB3A620D0D844D4D50DD0060D68CDEEB45D578CE
SHA-512:	5CF3AC92A6AFF12C6C150776183C28D671791B57E8FCDCEC8875CD6A7BFB4ADE0384E84FF32F597828B4B2C0DB0A9D83544F7E73BC370CA3A15C6E8611CE7CD3
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-....o................next-map-id.1.Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/.0F...r................next-map-id.2.Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/.1.p..r................next-map-id.3.Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/.2....o................next-map-id.4.Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.3..).^...............Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/...^...............Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.{VUa...............Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/....a...............Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/yATuo................next-map-id.5.Pnamespace-eb3aef6d_d129_430c_a353_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.121742392104117
Encrypted:	false
SSDEEP:
MD5:	7ACA05DBC3D1126AAE681515031BC7EF
SHA1:	D021165F4B8D39189ED88E2A4D23FA5B1819BC42
SHA-256:	787F4574AC49E0A44FA86E236C48BFE8838147F4A12943E750E67FC48074059B
SHA-512:	A39ED27C00FC798A24D0E17CF2C839C1A82720C895B77A6CE47694C22D36B62D7B3FB82B8B2B6C0A4574A753F064924147A403D22C66599969F84F61A006AD18
Malicious:	false
Reputation:	unknown
Preview:	2024/10/29-13:51:01.439 15a0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/29-13:51:01.440 15a0 Recovering log #3.2024/10/29-13:51:01.442 15a0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	108
Entropy (8bit):	4.559364294414102
Encrypted:	false
SSDEEP:
MD5:	F484179334DE9F4E6B3A432B179CCA4D
SHA1:	12CD416F2A56D199A357E1BCE684CE7BA68CE86C
SHA-256:	50F5639E25962E7F0B9645058739A8C6BC1E1B984D01B315D9D6FFB634CFC1CD
SHA-512:	C306162CB8254BA318038CFD9E78EF65A678842838BA705EA85A2961666D9861A518EAEA996C3C0C4071449DB960625094908FE8AFF24061E10C40CB80F46893
Malicious:	false
Reputation:	unknown
Preview:	}KR7/................22_11\|360x240\|60........9..P..-yB.0../................22_11\|360x240\|60........9.....-yB

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.1982828802688905
Encrypted:	false
SSDEEP:
MD5:	48BDBC61FFB77261D17F0D0D70E20FF1
SHA1:	AD07F6242C5522EDC14E7FE279A823FC4F266916
SHA-256:	365528A6D0861C85C79DC7FAC351B52C2674BD280FE225B43B8CB089B816CF9F
SHA-512:	72315997650ED800B54F9AF376A43FC6970AA2B0C360D91B15772A5BAD28590EE2E5601016A07493748F7694B862529996354F285918870B4E042CB79D6A1F8F
Malicious:	false
Reputation:	unknown
Preview:	2024/10/29-13:53:31.899 1954 Creating DB C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db since it was missing..2024/10/29-13:53:31.911 1954 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db/MANIFEST-000001.

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000001.dbtmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Reputation:	unknown
Preview:	MANIFEST-000001.

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	126
Entropy (8bit):	3.6123534208443075
Encrypted:	false
SSDEEP:
MD5:	A05963DD9E2C7C3F13C18A9245AD5934
SHA1:	15A87493591860C6C22499DF3A705ACB3CB466BD
SHA-256:	F40B7EF0FE0B676871403B8DD21CE42AF8E482DC8B81F09D93CB2C48CCD112B4
SHA-512:	E67833950A3DB8D4C27FC851C7DF9AEBB85699024F805E98A2951E9E9FC3B606F10EAD23CE0A3B97484A18A9A52520540FB29787178BFEB9FBD8D46D0AA492A2
Malicious:	false
Reputation:	unknown
Preview:	.h.6.................__global... .t...................__global... ..7..................22_......u...................22_.....

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\CURRENT (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Reputation:	unknown
Preview:	MANIFEST-000001.

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	303
Entropy (8bit):	5.185986615605549
Encrypted:	false
SSDEEP:
MD5:	7EB68E5CAED604E105AB910942E3F031
SHA1:	741A13B510B1705F61AA536653C54985A3506856
SHA-256:	805034FD915510FB1C8F37180AE29684AA63A1718722BA8848F647EA32281F71
SHA-512:	06EDC4D001A97126FCF225E6B47DE724166FEEF523FB0700D303FF7B114B89DB8798751421A8EC108AE2EA22188EB9E82BC41495230E02252F60071CFE638992
Malicious:	false
Reputation:	unknown
Preview:	2024/10/29-13:53:31.885 1954 Creating DB C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata since it was missing..2024/10/29-13:53:31.895 1954 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata/MANIFEST-000001.

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\MANIFEST-000001

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Reputation:	unknown
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241029175105Z-208.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	2.1978818672387486
Encrypted:	false
SSDEEP:
MD5:	E4D6B0187BD9F1CB3B62DA6559BE26CD
SHA1:	510D4697CB41385EEE8918DC850AD4C31A19747E
SHA-256:	EB5FA2C31235976D30041048EACCDD6C18001A8E89A9DF047377D361A6247606
SHA-512:	32A377965991E0342B3E665F07522ACE937E2E3A79ACE67AC5843022AC642A0E2B9A3B3D5F82EC14ACEDE595F7623AA9A7B5C03DF2D10EC9DDB38FB77CBFBA9A
Malicious:	false
Reputation:	unknown
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 12, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 12
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.44478688479833
Encrypted:	false
SSDEEP:
MD5:	3F32289E5393DEC7C428F43575BD509E
SHA1:	2120B283751680A8EA531A11BDD743D8E9F30164
SHA-256:	0D4387182A30698198ADC834FE5677757DFB42DB44141E3D11DE06A5A81204B2
SHA-512:	CB6A8810EB73B18277EFDEBBB1CC84AA2B4ECEA8D45B2FD77D16B163CAD5B293E16B9C7B50A63149B9D80E28A15DB5DD818BCCA12A8EFFAD019F05AE1A290C79
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	2.2144972573435378
Encrypted:	false
SSDEEP:
MD5:	0170FFA63BC296A8B788E30AC1EA3014
SHA1:	77BD0A4FA62A31E64ADFDB154ED688D37C4F4CD5
SHA-256:	1A2BE8A2F4679EF6EB64E557F31C312664406CF57DB7054AAE93F337AF2B1B5C
SHA-512:	8EA94D76E3B7B7E6672B7BC7655E558CD64DB7D7D2A2C9304BD425C8B998252699C18508D15D4A0C5D2E59A09D9DF64AB63535FD872E3117C52A6C5FCF2479CE
Malicious:	false
Reputation:	unknown
Preview:	.... .c......[^.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Reputation:	unknown
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Reputation:	unknown
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.7895108629891827
Encrypted:	false
SSDEEP:
MD5:	38B080B56EEC5199CDEFD4DDB6C4A16F
SHA1:	32294EB86F4114A25B2860AA9A5F1F7B32E1AA40
SHA-256:	297B0E83B86D01F4F36C15206733910D24E9AA8181FA2E535B52FEA6EA1FB2C2
SHA-512:	34F85BBB8E5934DB50A391DDCBC5BF54FF3852809D81A56261A26580CB66F705CCD83656DCD4495723D8B19FF057AD1013CC49AB818EA2073647F32CAA17293F
Malicious:	false
Reputation:	unknown
Preview:	p...... .........>.%+*..(....................................................... ..........W....7$..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.247897867253901
Encrypted:	false
SSDEEP:
MD5:	0CB99F866ADD14DDAD10DF9034D2D338
SHA1:	F856C45E9231F44DB57B2E852A21ACAF2248901B
SHA-256:	DAF565C9072C79CDB0656F25760774B5F253199F127344FBACC4A6DB919D1F67
SHA-512:	CC68C0C1FC964DE7ACDE5C136B2F126DE51D2F6ACEB0A0C28A85F740A53ED75140739F99675C1BB4FA551512B92A7013E38005597B430B3C77681FB16760101C
Malicious:	false
Reputation:	unknown
Preview:	p...... .........Z.8+*..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5480

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.351522863387457
Encrypted:	false
SSDEEP:
MD5:	2D092D195C43E392E0FD653FABBBE3EE
SHA1:	37E992819B20B735F6E9DD37AF91549E6AB328EA
SHA-256:	EFE2732EADB65436458B1F5244E8DB61F846733EE3A95654B62375A47C625410
SHA-512:	DFD7D3088F661C51EBD6429090883421F9F38DD1AE001DE290EF6226B80955E5B00C98022228676E38076F900280B0265F2AFB82D399DDB097D480A7238B8BE1
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d101d095-7c84-4197-8d60-e9311b13069b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730400007751,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.302541923510613
Encrypted:	false
SSDEEP:
MD5:	FF07025C767C4E6EC3E8C5419B841798
SHA1:	000F6C86E0EF5B9587244085DDB7C77094F9E6C9
SHA-256:	A76EF8A868C15C2652EADE823C01A8D9EA7C90A12C3CC62341123EF3FEBD9B6E
SHA-512:	A5B6A3653A075DD3D8319B30F5778FA6CBB768D7330A819FCC8DDF77A3B779F4430097E149DF292EC88D4DC1435D6E0E454918B2612F3EE21742DE7FC53B7DDB
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d101d095-7c84-4197-8d60-e9311b13069b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730400007751,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.2812481377374905
Encrypted:	false
SSDEEP:
MD5:	C5457D113146375800D9313F7E78A052
SHA1:	6D5C0D65A5A27A34F3FB29D7B3730ADF5DA7816E
SHA-256:	CAED625266EA7008AFAB6674E9BAFE7F8B4A8383CF44E7F1491BDBC11C296123
SHA-512:	F4D33C62E5B741380092BBEC76B492FDEA79B00F413C21E16C8C6861F2266DE2E36FB51FEB0139D5AABD3F3C84BBF5135FB3B9D67E6CEF8B25A972B9A958E54B
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d101d095-7c84-4197-8d60-e9311b13069b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730400007751,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.337203890206057
Encrypted:	false
SSDEEP:
MD5:	3429437589A7FCA39AA421667EC41612
SHA1:	21DE23D505FCB81F600369D9E86BC5F6D9024DED
SHA-256:	9DF0966B233F550FBE8DC028E4379BAACBA60F77E1787D8CB685C6DE1250F0B1
SHA-512:	F03B2D1646E645B6390A4DA35E96750335FDB7B5AC0EE24BF3F9BDA86957009684592F7EA08BCBE5E9956141566608703CF53045266B7E6587D5DF5521FDC81B
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d101d095-7c84-4197-8d60-e9311b13069b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730400007751,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1055
Entropy (8bit):	5.6655443603483855
Encrypted:	false
SSDEEP:
MD5:	EC7A4B020130D406956A119273E57D18
SHA1:	A9714FFFC257204C90C680B36CDDA0C783680A9D
SHA-256:	2166B707C789462DC0AEF091FDEED7CE3DD465FBAA68C69871490B5A497EEC81
SHA-512:	134F3606F3E0E01C0B9905FB0C6FA4B480A0E3823A4DD71C7024505BFAA168ABCFA81E1094D72B05D90BFB4D7A70A5FD009FF35B480B2A68B9EAB27865C4785C
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d101d095-7c84-4197-8d60-e9311b13069b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730400007751,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_1","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"eb1a4bce-8215-46f1-b44c-154b21a85d60","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingScheme":tr

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.660451097110683
Encrypted:	false
SSDEEP:
MD5:	1AADB6055ED5622EB4FC2BB81D6E5E15
SHA1:	E3E8C3BFF59AAE1E13BF34B62B5E304837F42935
SHA-256:	3F359BD8D70B87F0A98EF510F613A0526EBA0DF4C1EF2A886BB1C6A138CD398B
SHA-512:	B742402FBA8E1E30CC801E2D424750CAB388C1B0DA891C23115CF758C5EDA0B17750C7FA80C7DC7FBCC267B812CD85C0D02950F00C846C6034BAC4196B78DCE5
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d101d095-7c84-4197-8d60-e9311b13069b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730400007751,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.289223104021644
Encrypted:	false
SSDEEP:
MD5:	2066DE95457E9EAB8A8160FFC13EA792
SHA1:	AADD4A3CA470578004B46E90BAFC495FC1E4A328
SHA-256:	3D93C3D25458FCF54B240A1392FE4F8AA12CF89B86D4D9016B346EF005851A27
SHA-512:	496C0F8F7ACBE445DEFC624B500EFD50C4864A7543BEEE708829249F535876C7F484139F9B8C80C85D7447E7F6A9DC852AE21B59933459749DA7DE12C8C7EB98
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d101d095-7c84-4197-8d60-e9311b13069b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730400007751,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1038
Entropy (8bit):	5.652269640474434
Encrypted:	false
SSDEEP:
MD5:	83FBD2DB13D96498D6FE1FEEFD503AB2
SHA1:	A584419CCEC029DF2071079E5DE95B8CE73193C4
SHA-256:	01851E77CF8F1F1295A12CC39B8DB9E3FFB9F53E44D3540C7486F3DB525FF9F8
SHA-512:	1DB9A0142B53D45157F0C9CA2C75512299C8EBFF8B8F6C8DB8A3F48E0E734ECD6ABA3AC5D9C0972F15707062C2739D01F5CCC82795547B72A0D5590F33DC7BCE
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d101d095-7c84-4197-8d60-e9311b13069b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730400007751,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.698178520786564
Encrypted:	false
SSDEEP:
MD5:	EEE30B2FAA11DDBD71C971824057F504
SHA1:	E5B4A222CFE7BFA9665F451AB90F3D21B6406F3F
SHA-256:	D8061779E49CB76E709392095BDA9D121252E5C6E277B2F73285EF412CE0E594
SHA-512:	40905D70EC013AD0B1F80C76FE59128A40325B678C577998F8E4A8F06DDC41DEF10DB038B6350AEBF1A80631C566F02690A2360B3A2FE23838391036153DE779
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d101d095-7c84-4197-8d60-e9311b13069b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730400007751,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.295189264151938
Encrypted:	false
SSDEEP:
MD5:	AF2F6465C00026063613E887EEB63143
SHA1:	F895FA04F292E420A766096544CE4ACD4275F601
SHA-256:	51FF8BD3E1F8C53D98BB496B9AE0CA71017D91AC5E577281BF04EE9D0C6627B4
SHA-512:	623A88D49DD82199B806AF12DD9A47CAC15737C1CC69D5D2EDAC12555621EB3E6AB5A3F610362FC201C7F82C8A8EE9437346853028F7D960BF3FD776027D5CFC
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d101d095-7c84-4197-8d60-e9311b13069b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730400007751,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.773250461140806
Encrypted:	false
SSDEEP:
MD5:	59E72D2A88FFC85615B3CC79C9436EB0
SHA1:	1DCC983E9823BEF680A0D4568A3C2A44579D7CB7
SHA-256:	D5A94D25776229AA630F80BAD67606A23E7BE07E3A281356C306F6D26887E69E
SHA-512:	A74F1D503A64CC980478FB3F634B8E7A19303457BAA681E25BE1C99CD44DACF1D9E2231D72A55363169A908FBE0DD7DDF7BB735E7E45FDBB14AA320E6FB89D42
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d101d095-7c84-4197-8d60-e9311b13069b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730400007751,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.27876942530242
Encrypted:	false
SSDEEP:
MD5:	D87AFBBD8EFB482A18124D4BD09D776F
SHA1:	850DD4BD3E438754865E661F722447E9D8483107
SHA-256:	1E75EB9258416A1C6F2DC85B40D488E5FBA18359835A11CEFAB76C88D717032F
SHA-512:	994EBF57380D56644565FF0D6AAE94B5F7B5076933E5DB6D2B76F35DCF5BD6981856195AE0671A6BCCD8E184233F9DE19AFE62270C50118DF9DE6AC68EF1D9C7
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d101d095-7c84-4197-8d60-e9311b13069b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730400007751,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.27972630672717
Encrypted:	false
SSDEEP:
MD5:	461232763C2435DB64043C4F9FC136A9
SHA1:	9D6D39CF6A6B593982956BF1F2E235118AEECBF9
SHA-256:	4BBBC992A79FBA6FD9DC9CF198203193A04866678D8C3B24E8B478BFE682B945
SHA-512:	864C016E5800652B56E19A8E848B44F4BCCD3B8EA0FE6B37A97E16D0158BB05D0532244E5633A9787A8E2DDFC8052B3FE514A9C1B95C75FE900E950FB002FA6A
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d101d095-7c84-4197-8d60-e9311b13069b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730400007751,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	5.635861288240812
Encrypted:	false
SSDEEP:
MD5:	E1F2A3025E53E5A36E18EF47E2746641
SHA1:	C5868A961C03630119F28CFCE909ABBE651668B2
SHA-256:	C00446D0C5A8E08D91C99E6FF15DAFC31CA9F02317C62C0E0322F8E04973152C
SHA-512:	16B3DEA5E52DA2F4497FC46A06192D6C644411953ED02FA5623A4FABEA3DF5F3F010123DAA64F1AA9E3E366E610E37EBF2497084E1EE56771870526C8C9E3EE8
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d101d095-7c84-4197-8d60-e9311b13069b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730400007751,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_0","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"6291f52b-6cb0-4d31-bc46-37ce85e9eb25","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1751323379000,"s

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.25484848378712
Encrypted:	false
SSDEEP:
MD5:	D1A27A8C19868F9C3F26DAC875EE7FC4
SHA1:	A2850D0AFDE9E2884A55E35A998458FF6359CE6F
SHA-256:	B1B74F9C0F0138BF9787B1534F2F7A295CDCE3855488534DC16073534735B76A
SHA-512:	CAEF2F7A070BCB18A47504ABD866E395091DC71BEAF2E27EC002AC0FE3DF7980ED63FD13C1281B5D0738CC4B52749F22E68E41DD82E9152E6B12E7E6B9438886
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d101d095-7c84-4197-8d60-e9311b13069b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730400007751,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.362611561198042
Encrypted:	false
SSDEEP:
MD5:	74F083876DCAB155CC1E293F94CB876C
SHA1:	DB8EE3F186A627966C529E05E7A132176CF0FB0C
SHA-256:	08779A63D12803495CDECB181807961887622D4208C7582E98DD810F5B5190B8
SHA-512:	81BF8440F44C04FF0DE76E31276D48FC6F870BE315AF23714AFFF70C486DBE96099C337AE5D5B0B03DD1E2FB15683BA73B72A68DB358DEA86DE67442B6F065FF
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"d101d095-7c84-4197-8d60-e9311b13069b","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730400007751,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1730224267786}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.138904637454568
Encrypted:	false
SSDEEP:
MD5:	097569FC4613410BE08CF3D650348248
SHA1:	85273685E4B639E4C081316048247CDC4BD37275
SHA-256:	3D3959E42CF4F59328003FEACDBEB87D16841109B8453B4C94810FCEA2274BAB
SHA-512:	DEEE9077E9CBE57ECD8CBDAD638A3C1045DBE1E9310C89649A3836972E8DE0C68742A0EA2BE736C03804B1E5D9581DB1310A049791694E1DA721C32EFEDED016
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"ae634ee57fd834681d203ce9b786ac49","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1730224267000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"84220b481c6a9a07427814fe46f350fd","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1730224267000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"497c55483f7092f896b9195e3e452230","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1026,"ts":1730224267000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"937cee14668fc4b832a54ca6e50eec80","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1055,"ts":1730224267000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"64394b383a2f387db4199f193852f4a7","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1730224267000},{"id":"Edit_InApp_Aug2020","info":{"dg":"8007290f1513483655cbb09cc5758283","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 23
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.3561877110257525
Encrypted:	false
SSDEEP:
MD5:	B7FE4977A30312CB8A5D0ED9B7E045E8
SHA1:	89338C4976B4BC3A15AC9359CEF48173509AD594
SHA-256:	B352C24444ED658C57C8AA78ECE90095D6A414C2BC87862A5C1522C577C0C0FC
SHA-512:	BC55D45784FFEA66AC33DA2FC8CDBF69C939089DEFA44756B2A0AD4531FEE4322C85ED0EB78FB73CEBAC5ABA1F437B29B93BF5A993EA62C6D135534F9B32E35D
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.829599186528112
Encrypted:	false
SSDEEP:
MD5:	2AD6E0EFA8ECE1292FCF74EA61EFFDE6
SHA1:	C2E885EDD5EE9556F103CBA65BCE1780996CF77C
SHA-256:	F21EE7F0AEE2D7137F562306CD46E037B33DC8774EBCC57C7B514757CA70006E
SHA-512:	26F3FA169389924D166A15FA0038BD980A59CAC61B8F85F0C6A8015C6410D36AD095E8927D497FD9D3E6323EE2A610651E692366ACDCF2AD98D2612AC37BD0C0
Malicious:	false
Reputation:	unknown
Preview:	.... .c......(........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././.-.-.-.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIc973.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5325285763919316
Encrypted:	false
SSDEEP:
MD5:	CF37FBEF245D9B751432505539A0644C
SHA1:	1BD83C81791625D25C8DEB20D65526E46D0710E0
SHA-256:	3551DEED1CC8B0772415435E670F22B4E9B3F366C6187DFA5D6141EC1BB0E90D
SHA-512:	BE8C25398598A57316298F35A12D65957C6451962B5E2733908E60C8FA98D91CF51AB089C8106530DF73A07DFDA61DCA19A131E681B23F28E5E714FF0F2B4EBC
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.9./.1.0./.2.0.2.4. . .1.3.:.5.1.:.0.8. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91avfdai_7ta77l_488.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	144514
Entropy (8bit):	7.992637131260696
Encrypted:	true
SSDEEP:
MD5:	BA1716D4FB435DA6C47CE77E3667E6A8
SHA1:	AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
SHA-256:	AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
SHA-512:	65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
Malicious:	false
Reputation:	unknown
Preview:	PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..\|....,.A.....Z..a<.C._..../G\|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.\|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r\|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?\|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-29 13-51-02-606.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.359827924713262
Encrypted:	false
SSDEEP:
MD5:	06DEAEDB81D09FD8FB5FF668D8E09CB2
SHA1:	28A02BCBD5975117B97A08AFB049F2C94F334726
SHA-256:	D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64
SHA-512:	948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936
Malicious:	false
Reputation:	unknown
Preview:	SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:755+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	35721
Entropy (8bit):	5.418746143284421
Encrypted:	false
SSDEEP:
MD5:	A16E8D3724416B6D973A67C41E5EBD64
SHA1:	B93273E7F4F9D74DE57A06B3B428C8F0BFDF2ACB
SHA-256:	7C60BE9FBA6DEAAC223143449081E643CE19248F6672349A0A02D50A46B40F02
SHA-512:	B09B4FBA43AA14DCCB026F4574438C2744FED1D8CC03319C435BCFF31594B7B5753A327EE315D1C4BAAF848B37622E9CA88623FF0E7107F3F33C6F5750EA1B10
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 11:44:59:.---2---..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 11:44:59:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\0235769e-c3da-41c3-bb09-99b49f1a7192.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\5ca10c1d-da14-429e-b5d8-e85a834e86b0.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 160932
Category:	dropped
Size (bytes):	543911
Entropy (8bit):	7.977303608379539
Encrypted:	false
SSDEEP:
MD5:	5B21A6981E55EF9576D169BBED44BCDB
SHA1:	B3A14100B7E7C2C01D61B010A54937952D111E20
SHA-256:	9555E661370D1DC26605DAE88BDBC1ABA68038C769BF6E354A256B1A1C4C110E
SHA-512:	FCA72A5131D8780A17DF65BBFF37FBA88DBEA3B7AE991C3D893B21B9E6C1EED44DC12945C8DA39DE471FAC5013BE71D43E5BBB892994742BC33EF5934469B1B1
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\ae56f4b8-85c5-4ecc-82b7-e945752b65db.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Reputation:	unknown
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\c04adbe7-4551-433b-996a-03187ea6e6e8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:
MD5:	AAAAB43627E96B02BC54A78F0EE8E32C
SHA1:	03808205C51BA031BF69F0DF07C9C80835098104
SHA-256:	B9ED5860C1528CAE5717E553381762D9C4ED093E546F7500F55B6B18B5C20CEA
SHA-512:	A476038C2BC9573AFA12D831678C0D2A6EFF0C1E065F7D214A0D5684E79AA7F02710DF30524DE0E6EC90CB660E581531DFA57F038EE1BC285B9BC3DAE17D133D
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\f92886bc-675a-41aa-98ec-e72f37b85762.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:
MD5:	716C2C392DCD15C95BBD760EEBABFCD0
SHA1:	4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
SHA-256:	DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
SHA-512:	E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	98682
Entropy (8bit):	6.445287254681573
Encrypted:	false
SSDEEP:
MD5:	7113425405A05E110DC458BBF93F608A
SHA1:	88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF
SHA-256:	7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46
SHA-512:	6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D
Malicious:	false
Reputation:	unknown
Preview:	0...u0...\...0....H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240807121815Z..240814121815Z0..~.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!... .}...\|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	737
Entropy (8bit):	7.501268097735403
Encrypted:	false
SSDEEP:
MD5:	5274D23C3AB7C3D5A4F3F86D4249A545
SHA1:	8A3778F5083169B281B610F2036E79AEA3020192
SHA-256:	8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97
SHA-512:	FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574
Malicious:	false
Reputation:	unknown
Preview:	0...0.....0....H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..240806194648Z..240827194648Z.00.0...U.#..0.......q]dL..g?....O0...U........0....H.............vz..@.Nm...6d...t;.Jx?....6...p...#.[.......o.q...;.........?......o...^p0R.......~....)....i.n;A.n.z..O~..%=..s..W.4.+........G...*..=....xen$_i"s..\...L..4../<.4...G.....L...c..k@.J.rC.4h.c.ck./.Q-r53..a#.8#......0.n......a.-'..S. .>..xAKo.k.....;.D>....sb '<..-o.KE...X!i.].c.....o~.q........D...`....N... W:{.3......a@....i....#./..eQ...e.......W.s..V:.38..U.H{.>.....#....?{.....bYAk'b0on..Gb..-..).."q2GO<S.C...FsY!D....x..]4.....X....Y...Rj.....I.96$.4ZQ&..$,hC..H.%..hE....

Static File Info

General

File type:	PDF document, version 1.4, 1 pages
Entropy (8bit):	7.437930812401106
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	5173893RI_1518138.pdf
File size:	61'064 bytes
MD5:	92f0367f486b9f25b0f887bb2378cb97
SHA1:	7c8877f7507631bd777088137069f4fbea7a9329
SHA256:	06f8d24ca56e2e8c671baefdf76cbdb756031ade1cd37dffd08e4fb04170f56e
SHA512:	0f2f15c55d45166d9744bbe86f7e6c0e70b29e5079e3b8b80b08207b1d9fee98f7c0b783c32a8230a1807afb71bad08a92c9379e0be51b2e61fcf623717bfe5f
SSDEEP:	768:z3tiH/j/kOHlR5LDzb7OSyX9W7w1KeQRdXM08MypVNJNFDSVsaNofiSu9B8f:z3tiH/AOHrtZyX9kw1KnXMzMypjX2T8f
TLSH:	6853591359098F97D468D3B57F131E5D2F9A3A0CA58636EE306F4E9B7B647200CAE80D
File Content Preview:	%PDF-1.4..5 0 obj..<<../Type /XObject../Subtype /Image../Filter /DCTDecode../Length 53712../Width 1623../Height 272../BitsPerComponent 8../ColorSpace /DeviceRGB..>>..stream........JFIF.....,.,......Exif..MM.*.......;.........J.i.........X.................

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.437931
Total Bytes:	61064
Stream Entropy:	7.427135
Stream Bytes:	58762
Entropy outside Streams:	5.117150
Bytes outside Streams:	2302
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	16
endobj	16
stream	3
endstream	3
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	4
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
5	01494ab49c922562	5b1cb4aee14942e4fe2428847c9e0afe

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 5173893RI_1518138.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000001.dbtmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\CURRENT (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\MANIFEST-000001

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241029175105Z-208.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5480

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Windows Analysis Report
5173893RI_1518138.pdf