Edit tour

Windows Analysis Report
E73P Associate Consultant Profile.pdf

Overview

General Information

Sample name:	E73P Associate Consultant Profile.pdf
Analysis ID:	1672168
MD5:	88f9e5e046bd9172f1a425740e1df301
SHA1:	df7aff544b8a42f0c56b2115202cabc3f14da897
SHA256:	43d8057b6ab0bac53058fcbfc91f27c5f3fdbd3f72af0f0208c8d397a58753d7
Infos:

Detection

Score:	1
Range:	0 - 100
Confidence:	80%

Signatures

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 6984 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\E73P Associate Consultant Profile.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 3068 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6688 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1620 --field-trial-handle=1568,i,7724765043965009783,18234976314626046857,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• Software Vulnerabilities
• Networking
• System Summary
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic

DNS query: name: x1.i.lencr.org

Source: global traffic

TCP traffic: 192.168.2.9:49690 -> 23.202.57.36:80

Source: global traffic	TCP traffic: 192.168.2.9:49690 -> 23.202.57.36:80
Source: global traffic	TCP traffic: 23.202.57.36:80 -> 192.168.2.9:49690
Source: global traffic	TCP traffic: 192.168.2.9:49690 -> 23.202.57.36:80
Source: global traffic	TCP traffic: 192.168.2.9:49690 -> 23.202.57.36:80
Source: global traffic	TCP traffic: 23.202.57.36:80 -> 192.168.2.9:49690
Source: global traffic	TCP traffic: 23.202.57.36:80 -> 192.168.2.9:49690
Source: global traffic	TCP traffic: 23.202.57.36:80 -> 192.168.2.9:49690
Source: global traffic	TCP traffic: 192.168.2.9:49690 -> 23.202.57.36:80
Source: global traffic	TCP traffic: 192.168.2.9:49690 -> 23.202.57.36:80

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: ReaderMessages.0.dr	String found in binary or memory: https://www.adobe.co

Source: classification engine

Classification label: clean1.winPDF@16/47@1/1

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7072

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-23 10-37-41-348.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\E73P Associate Consultant Profile.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1620 --field-trial-handle=1568,i,7724765043965009783,18234976314626046857,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1620 --field-trial-handle=1568,i,7724765043965009783,18234976314626046857,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: E73P Associate Consultant Profile.pdf	Initial sample: PDF keyword /JS count = 0
Source: E73P Associate Consultant Profile.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: E73P Associate Consultant Profile.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	3 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	2 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	2 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	high
e8652.dscx.akamaiedge.net	23.202.57.36	true	false	high
x1.i.lencr.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.adobe.co	ReaderMessages.0.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.202.57.36	e8652.dscx.akamaiedge.net	United States		20940	AKAMAI-ASN1EU	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1672168
Start date and time:	2025-04-23 16:36:39 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	E73P Associate Consultant Profile.pdf
Detection:	CLEAN
Classification:	clean1.winPDF@16/47@1/1
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.194.100.185, 52.6.155.20, 3.233.129.217, 52.22.41.97, 3.219.243.226, 172.64.41.3, 162.159.61.3, 23.209.84.14, 23.209.84.40, 23.209.84.22, 23.209.84.64, 23.209.84.76, 23.209.84.32, 23.209.84.12, 23.209.84.51, 23.209.84.45, 23.220.73.19, 23.220.73.6, 23.209.84.16, 23.209.84.58, 23.209.84.68, 23.209.84.77, 23.209.84.47, 23.209.84.67, 23.209.84.31, 23.209.84.46, 23.209.84.63, 20.12.23.50, 23.202.56.131, 184.29.183.29, 2.23.227.208
Excluded domains from analysis (whitelisted): www.bing.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, a767.dspw65.akamai.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, c.pki.goog, wu-b-net.trafficmanager.net
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

Time	Type	Description
10:37:51	API Interceptor	3x Sleep call for process: AcroCEF.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
23.202.57.36	https://u7990385.ct.sendgrid.net/ls/click?upn=u001.oZ6GXC16Ztdw1ob-2F3C5yow-2FsK2YC4S8s269h9OLgp-2FGcQesCtXDXKgCEAF90Sa3OFPfJy8qhvVgsO5dQAAP24WGldkufMMqzcJW5LrmEzhf7MJNa8o0pTZXNdzrWqe-2FYON1-2FboR-2Fm8cd8UXLsHw52vDRx-2B-2F8J5lF7sKJcvdITmxyVDslWyh4WO6Ky3LeUiyHAoP3nd2dqYjBtMO6HYnhPk8QJH6-2FLRsKtBc9XmbZzu-2FrQEfzZDR-2FnyXy1GL0rdKnxzjY_8yo6fXiJ3Hq0tMd90DsDouDuKJdlSsYwGCkFE-2Fx2oXeVdfwAxWFOiMhdU0RBk-2BtVpluKa3-2FNzoBTaAcr7mymuLLAortAsFMWVz8a-2BK9bZqzYU9q1ZWheI5zGs-2Bc9T0HPrWE-2FaNQPh3OHwVyx8mW31afAr3F0ikRIUv5V2T9XWXZv8m6puQccxm0ewzahM5ASdO4DaHMqzYII5Wwd1YmZrfHtqqNIrt7757GFAQHAjo8TXtgiX3F1puZtBWfZq1zwF4VmNfQDNiOK2u6shHXMzLR-2F4UXxqAZmmgcEqdykkjI5W7Tkt576XpNQm0D113Ts-2BqU8P6fm1RiEFH4w3DAA6a7alcC-2Fe6YCQz4UgKIcOiCS2xrQl5dq5kFHtFzWZmN0PSDK1CsgwAQlYIUutLAiiy5MFqABy7-2FoJCuEkqXf4IaLLm-2FuFKslNLURNzssIvYShTBKzM6kIHfLmRUvsqpAJsDCmSGKHssgNwzZLfeaKS01LjAV24LPHxaenwHBYYpwv4sCumxrh-2FbjCTFQhzkSVUSnTcpMsCbw16-2FWDGR918yaBeHPd8X0hAOEMqnRZnIFDrb79n3dv7BpRwnaAVa-2BoKH-2B4RICnLb99DlCPvXWgi-2BdgYeCsJVXjDu2Ohd3yhRsChbFlVpvJIY5nQy4JBVtBUXdLMXMK3jhaMzsrnuV0CoEBeNIkGv6Jt5jU55Dd0-2B-2Fgt7IMBqkcdRedPZJYb8GBm4TSL7UZ86clTQirfNs5FfDavyGZucnMvF-2BhvvjGXE4ofnHoz8u-2FbYKp0SV2esA9RDR-2B3tAynx-2FrLvRO9EncsvUSEycLLXuRKnrfSApcUxE-2B3eF7s0GWjzE6LWAZR5SbG7oubI3yoQSoXm4RMjme4WFNMb-2FfkHlj5MBnHVYzYtPR8JNOFLIX1eetNqOGtymJqxbswm8OPdkZ9b7lrL8VUIEkKvg3j8n9n4-2B2g7sffo7EV9MfKupp45UuHO9oMUS8WBlAp6NhUnVGT-2BWWm2Ec8I-3D	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/
23.202.57.36	-1718371016937431247.eml	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
bg.microsoft.map.fastly.net	https://u7990385.ct.sendgrid.net/ls/click?upn=u001.oZ6GXC16Ztdw1ob-2F3C5yow-2FsK2YC4S8s269h9OLgp-2FGcQesCtXDXKgCEAF90Sa3OEF0chW-2Fo-2FTeiTWX-2FlV-2FccM974T9rXmrGU8RwawnnvqZNaiYuyLRuXREmSBxhFuJPEqkiaoR6orChXDLtkKZNc7Y4YlSU-2FxFCGnPisB-2BRU6OOTTc7GptBKXKGyiPdKMGxRnu8IjfyPTxl5a5qNHu0RPb2w5-2FIv5-2FmenrbOyFjNSpmrXs-2BLUoISOveHyyeaKQEs2vG_ZLaVF4Uye-2FMZNh-2FFBJkpj3RBqtIs12kQA7ykVrCRGfXHKXG5DnjXhIaYHa6NmY3tPpxQ4fKP-2F6VG7u6Pwp7Ly-2FxPld21OBf-2BkFFYLVQUPbLaVqHkB75UT22gQizm8jFF4uTYwoyEIjxW1-2BysX0meIg8z5NeNAn5i81hhcrWkAkxuKpcHVlPSpyjHi3mh6JIkEJlWWWX6YJ-2BDqgl4AZRevMtWpM2Li6XtObDCJlz7buTm43u2vZybN881Lut0-2FAgDsA7tBWUSgZEde6U-2Bcb7SXWLzIU8jGClJ1pSfig246O7jveHbif3ZZFizS8uCxC2rs-2FfJnToiBdK1l-2BrwN1pBVPOoF7uRQxzxvo-2FGBFVDE1b-2BpfBH6j9bZVu-2FC60oUwL0R36uoIiseOMPJGfZEbf5hK7Ue6JqDEV3MjROhU39S08kNJmk4TSmGNzwpX1E5SLVIx5HsyNF111g-2BwCPlG71p18-2Bz3nnZ-2FUC2j3DEWN3OL2iSa5H3cFd9o7IZQiSGEw6lwZKQXcN4X4OkX8G13KgHucCClt9iWFIHpSidhUdqceBV3zXolPzRtpIuDzWYCAjoW4VKhrD-2FuAo6suyC45UKRvZnH2KuSjaLsCfJcnk2tvZ1ZB-2BMFpjj0a6mV9mTO0YxGVWaYsHOE4FEfdRnLNio6S5wz8qP5eAAH6QL2t-2Fme7s71aBQjxC9SF8NydW2xtgyMlKLcR7P-2FnkCNPSGNHLNAcv6KU6brAAF3VyY9j2GG0LdTDjAmRah1NAqrqVLis9N-2Bo1Lhnf3Uofim6goLUEAhb83dwPUKhxMRAMsZiJ5XKXo-2FPwx66qlPtd-2F0JRpStXauy3TTCFpPfZHFD2u5Qtw-2FT5kthQ22wot0ndzq1cUqwoKl-2FenBDQcrAgtLxIIWUur3q8zbSX34SyhM4cXQw0UUBjKhIk7BDZTEdkPGAfSXNSTJ-2BPb6tcD9E-2F8w0nup6w3Jv43rJPGl7vy7EC8F-2Bjja-2BnQ8ehYqYg7lVGFhbENXw-3D	Get hash	malicious	Unknown	Browse	199.232.214.172
	runner.dll	Get hash	malicious	Unknown	Browse	199.232.210.172
	Remittance Advice.one	Get hash	malicious	Unknown	Browse	199.232.210.172
	See on Blockchain.exe	Get hash	malicious	Unknown	Browse	199.232.214.172
	ViHSmMuFt9W5KFM.exe	Get hash	malicious	MSIL Logger, MassLogger RAT	Browse	199.232.210.172
	Air Waybill no 6979374150.pdf.exe	Get hash	malicious	Remcos	Browse	199.232.210.172
	SecuriteInfo.com.Trojan.MulDrop31.10006.25251.21183.exe	Get hash	malicious	Amadey, LummaC Stealer	Browse	199.232.214.172
	support.client.exe	Get hash	malicious	ScreenConnect Tool	Browse	199.232.210.172
	support.client.exe	Get hash	malicious	ScreenConnect Tool	Browse	199.232.214.172
	awb_fedex_documents_delivery_23_04_2025_0000000000000_doc.vbs	Get hash	malicious	GuLoader	Browse	199.232.214.172
e8652.dscx.akamaiedge.net	https://u7990385.ct.sendgrid.net/ls/click?upn=u001.oZ6GXC16Ztdw1ob-2F3C5yow-2FsK2YC4S8s269h9OLgp-2FGcQesCtXDXKgCEAF90Sa3OEF0chW-2Fo-2FTeiTWX-2FlV-2FccM974T9rXmrGU8RwawnnvqZNaiYuyLRuXREmSBxhFuJPEqkiaoR6orChXDLtkKZNc7Y4YlSU-2FxFCGnPisB-2BRU6OOTTc7GptBKXKGyiPdKMGxRnu8IjfyPTxl5a5qNHu0RPb2w5-2FIv5-2FmenrbOyFjNSpmrXs-2BLUoISOveHyyeaKQEs2vG_ZLaVF4Uye-2FMZNh-2FFBJkpj3RBqtIs12kQA7ykVrCRGfXHKXG5DnjXhIaYHa6NmY3tPpxQ4fKP-2F6VG7u6Pwp7Ly-2FxPld21OBf-2BkFFYLVQUPbLaVqHkB75UT22gQizm8jFF4uTYwoyEIjxW1-2BysX0meIg8z5NeNAn5i81hhcrWkAkxuKpcHVlPSpyjHi3mh6JIkEJlWWWX6YJ-2BDqgl4AZRevMtWpM2Li6XtObDCJlz7buTm43u2vZybN881Lut0-2FAgDsA7tBWUSgZEde6U-2Bcb7SXWLzIU8jGClJ1pSfig246O7jveHbif3ZZFizS8uCxC2rs-2FfJnToiBdK1l-2BrwN1pBVPOoF7uRQxzxvo-2FGBFVDE1b-2BpfBH6j9bZVu-2FC60oUwL0R36uoIiseOMPJGfZEbf5hK7Ue6JqDEV3MjROhU39S08kNJmk4TSmGNzwpX1E5SLVIx5HsyNF111g-2BwCPlG71p18-2Bz3nnZ-2FUC2j3DEWN3OL2iSa5H3cFd9o7IZQiSGEw6lwZKQXcN4X4OkX8G13KgHucCClt9iWFIHpSidhUdqceBV3zXolPzRtpIuDzWYCAjoW4VKhrD-2FuAo6suyC45UKRvZnH2KuSjaLsCfJcnk2tvZ1ZB-2BMFpjj0a6mV9mTO0YxGVWaYsHOE4FEfdRnLNio6S5wz8qP5eAAH6QL2t-2Fme7s71aBQjxC9SF8NydW2xtgyMlKLcR7P-2FnkCNPSGNHLNAcv6KU6brAAF3VyY9j2GG0LdTDjAmRah1NAqrqVLis9N-2Bo1Lhnf3Uofim6goLUEAhb83dwPUKhxMRAMsZiJ5XKXo-2FPwx66qlPtd-2F0JRpStXauy3TTCFpPfZHFD2u5Qtw-2FT5kthQ22wot0ndzq1cUqwoKl-2FenBDQcrAgtLxIIWUur3q8zbSX34SyhM4cXQw0UUBjKhIk7BDZTEdkPGAfSXNSTJ-2BPb6tcD9E-2F8w0nup6w3Jv43rJPGl7vy7EC8F-2Bjja-2BnQ8ehYqYg7lVGFhbENXw-3D	Get hash	malicious	Unknown	Browse	184.28.253.105
	GHI Contracts Holdings Ltd escanned document 555454565767675.pdf	Get hash	malicious	HTMLPhisher	Browse	184.28.253.105
	BECOMA bv.pdf	Get hash	malicious	Unknown	Browse	184.28.253.105
	2025-04-23 08.29.42.pdf	Get hash	malicious	HTMLPhisher	Browse	184.28.253.105
	Invoice002372.pdf	Get hash	malicious	RedLine	Browse	184.28.253.105
	https://u7990385.ct.sendgrid.net/ls/click?upn=u001.oZ6GXC16Ztdw1ob-2F3C5yow-2FsK2YC4S8s269h9OLgp-2FGcQesCtXDXKgCEAF90Sa3OFPfJy8qhvVgsO5dQAAP24WGldkufMMqzcJW5LrmEzhf7MJNa8o0pTZXNdzrWqe-2FYON1-2FboR-2Fm8cd8UXLsHw52vDRx-2B-2F8J5lF7sKJcvdITmxyVDslWyh4WO6Ky3LeUiyHAoP3nd2dqYjBtMO6HYnhPk8QJH6-2FLRsKtBc9XmbZzu-2FrQEfzZDR-2FnyXy1GL0rdKnxzjY_8yo6fXiJ3Hq0tMd90DsDouDuKJdlSsYwGCkFE-2Fx2oXeVdfwAxWFOiMhdU0RBk-2BtVpluKa3-2FNzoBTaAcr7mymuLLAortAsFMWVz8a-2BK9bZqzYU9q1ZWheI5zGs-2Bc9T0HPrWE-2FaNQPh3OHwVyx8mW31afAr3F0ikRIUv5V2T9XWXZv8m6puQccxm0ewzahM5ASdO4DaHMqzYII5Wwd1YmZrfHtqqNIrt7757GFAQHAjo8TXtgiX3F1puZtBWfZq1zwF4VmNfQDNiOK2u6shHXMzLR-2F4UXxqAZmmgcEqdykkjI5W7Tkt576XpNQm0D113Ts-2BqU8P6fm1RiEFH4w3DAA6a7alcC-2Fe6YCQz4UgKIcOiCS2xrQl5dq5kFHtFzWZmN0PSDK1CsgwAQlYIUutLAiiy5MFqABy7-2FoJCuEkqXf4IaLLm-2FuFKslNLURNzssIvYShTBKzM6kIHfLmRUvsqpAJsDCmSGKHssgNwzZLfeaKS01LjAV24LPHxaenwHBYYpwv4sCumxrh-2FbjCTFQhzkSVUSnTcpMsCbw16-2FWDGR918yaBeHPd8X0hAOEMqnRZnIFDrb79n3dv7BpRwnaAVa-2BoKH-2B4RICnLb99DlCPvXWgi-2BdgYeCsJVXjDu2Ohd3yhRsChbFlVpvJIY5nQy4JBVtBUXdLMXMK3jhaMzsrnuV0CoEBeNIkGv6Jt5jU55Dd0-2B-2Fgt7IMBqkcdRedPZJYb8GBm4TSL7UZ86clTQirfNs5FfDavyGZucnMvF-2BhvvjGXE4ofnHoz8u-2FbYKp0SV2esA9RDR-2B3tAynx-2FrLvRO9EncsvUSEycLLXuRKnrfSApcUxE-2B3eF7s0GWjzE6LWAZR5SbG7oubI3yoQSoXm4RMjme4WFNMb-2FfkHlj5MBnHVYzYtPR8JNOFLIX1eetNqOGtymJqxbswm8OPdkZ9b7lrL8VUIEkKvg3j8n9n4-2B2g7sffo7EV9MfKupp45UuHO9oMUS8WBlAp6NhUnVGT-2BWWm2Ec8I-3D	Get hash	malicious	Unknown	Browse	23.202.57.36
	https://app.plangrid.com/projects/86007b55-3778-e02c-c33b-b705fc295425/staple/4c0da4e3-66c9-46a3-b563-49cff2a42beb	Get hash	malicious	HTMLPhisher	Browse	184.28.253.105
	Driesmans en Co NV .pdf	Get hash	malicious	Unknown	Browse	184.28.253.105
	https://free.teambeam.de/api/skp/v1/download/4svgq9jpl86letap5e63e0ijrlulmjw5hperu180/0/Driesmans%20en%20Co%20NV%20.pdf	Get hash	malicious	Unknown	Browse	184.28.253.105
	Medbase Employee.pdf	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	184.28.253.105

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASN1EU	https://lean-gander-5e8.notion.site/Magreesource-1de0bcafc256806c850fdb36c2831d0d	Get hash	malicious	Tycoon2FA	Browse	23.62.226.176
	Customer Invoice_118233_1745354495960.pdf	Get hash	malicious	Unknown	Browse	23.62.226.39
	https://arricameras.com/.dev	Get hash	malicious	Unknown	Browse	23.62.226.168
	https://post.spmailtechno.com/f/a/gUn-eB-q6U1mg0uLZVsLsA~~/AANlOxA~/zLEaaUNhpPEj5XKB5n3HJ5hRlEr-DAMxHSuywFISLgDNQs-qYkBWIOwgY9rZ9jX6l2onQK7Jc2Mxu2MrpbxydkHIQm2XGLmNwfgyQhJq6dM~	Get hash	malicious	Unknown	Browse	23.62.226.170
	https://post.spmailtechno.com/f/a/gUn-eB-q6U1mg0uLZVsLsA~~/AANlOxA~/zLEaaUNhpPEj5XKB5n3HJ5hRlEr-DAMxHSuywFISLgDNQs-qYkBWIOwgY9rZ9jX6l2onQK7Jc2Mxu2MrpbxydkHIQm2XGLmNwfgyQhJq6dM~	Get hash	malicious	Unknown	Browse	23.62.226.166
	2025.PDF J8TLBF6.9 KB .svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	23.62.226.164
	https://0889.org/monero/svip-1.sh	Get hash	malicious	Unknown	Browse	23.62.226.197
	http://linkin.bio/stadtwerke-pforzheim	Get hash	malicious	HTMLPhisher	Browse	23.62.226.164
	RFQ_GU0002-Materials-Specifications-Order-pdf.exe	Get hash	malicious	Phantom stealer	Browse	23.62.226.64
	GHI Contracts Holdings Ltd escanned document 555454565767675.pdf	Get hash	malicious	HTMLPhisher	Browse	23.62.226.164

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.279142634870615
Encrypted:	false
SSDEEP:	6:iORLfTWSe3cM+q2PqLTwi2nKuAl9OmbnIFUtDLfTFJZmw9LfTFcMVkwOqLTwi2nC:7RuZMM+v8wZHAahFUtDn/9aMV5TwZHAR
MD5:	4F7B9ED22B8A4540F465401956A93FD0
SHA1:	D35CEA849C9368B11B8BCAD24C367C8253B02D48
SHA-256:	01F95386B29E3B30FFF11629BDCC9C089D4AE890A2A88096CA0E70F00042ED31
SHA-512:	9D02489607DD9DB60A6ED31C23BBEBBFB057942B394303BF2C9C5B27A3524BD41B57B4242452E344B8F921D487C59BD48EE1D02BAF321F523AF3C5904AF12023
Malicious:	false
Reputation:	low
Preview:	2025/04/23-10:37:39.953 186c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/23-10:37:39.956 186c Recovering log #3.2025/04/23-10:37:39.956 186c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.279142634870615
Encrypted:	false
SSDEEP:	6:iORLfTWSe3cM+q2PqLTwi2nKuAl9OmbnIFUtDLfTFJZmw9LfTFcMVkwOqLTwi2nC:7RuZMM+v8wZHAahFUtDn/9aMV5TwZHAR
MD5:	4F7B9ED22B8A4540F465401956A93FD0
SHA1:	D35CEA849C9368B11B8BCAD24C367C8253B02D48
SHA-256:	01F95386B29E3B30FFF11629BDCC9C089D4AE890A2A88096CA0E70F00042ED31
SHA-512:	9D02489607DD9DB60A6ED31C23BBEBBFB057942B394303BF2C9C5B27A3524BD41B57B4242452E344B8F921D487C59BD48EE1D02BAF321F523AF3C5904AF12023
Malicious:	false
Reputation:	low
Preview:	2025/04/23-10:37:39.953 186c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/23-10:37:39.956 186c Recovering log #3.2025/04/23-10:37:39.956 186c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.225191759250685
Encrypted:	false
SSDEEP:	6:iORLf89+q2PqLTwi2nKuAl9Ombzo2jMGIFUtDLfTyZmw9LfTzFNVkwOqLTwi2nK3:7RLv8wZHAa8uFUtDS/9TF5TwZHAa8RJ
MD5:	4B79EADAB13D0FF5209E6E64F4608936
SHA1:	67A247D08954E5CE2B10038EFB36D3ED3FCDAE16
SHA-256:	96C1070D78E2F7D44220213458750143C725575337F937EA0265521874D0E01D
SHA-512:	6462B95C5C1A1A19FF1C884448CAD7CBB88DCDBE73E99F51D384CF8A66DA17AF7A52AD365E325A5CE59CAE5099D5EB6551F9A3D2BF0404C44C8617BB6F4BA008
Malicious:	false
Reputation:	low
Preview:	2025/04/23-10:37:39.768 1a28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/23-10:37:39.773 1a28 Recovering log #3.2025/04/23-10:37:39.774 1a28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.225191759250685
Encrypted:	false
SSDEEP:	6:iORLf89+q2PqLTwi2nKuAl9Ombzo2jMGIFUtDLfTyZmw9LfTzFNVkwOqLTwi2nK3:7RLv8wZHAa8uFUtDS/9TF5TwZHAa8RJ
MD5:	4B79EADAB13D0FF5209E6E64F4608936
SHA1:	67A247D08954E5CE2B10038EFB36D3ED3FCDAE16
SHA-256:	96C1070D78E2F7D44220213458750143C725575337F937EA0265521874D0E01D
SHA-512:	6462B95C5C1A1A19FF1C884448CAD7CBB88DCDBE73E99F51D384CF8A66DA17AF7A52AD365E325A5CE59CAE5099D5EB6551F9A3D2BF0404C44C8617BB6F4BA008
Malicious:	false
Reputation:	low
Preview:	2025/04/23-10:37:39.768 1a28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/23-10:37:39.773 1a28 Recovering log #3.2025/04/23-10:37:39.774 1a28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\33722493-594b-4cc0-96a6-2e76c73a6322.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.963662423205105
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqR9sBdOg2HMgcaq3QYiub5P7E4T3y:Y2sRdsY+dMHML3QYhbt7nby
MD5:	AE7B29B9E9BEDD9C0C0EDFCB7D89B170
SHA1:	9AA931EB72C75FD94C3C60C142E52BBD4C18FE5C
SHA-256:	561371BEC57B419F8265FD5F4202E63E13AEABC31A7341886A7805D156C8EE55
SHA-512:	C57B04A36D2BF49114EE91010279B09615BE3E6CF2D49A0FF45324649D2E64AE430E92172F175A399480FFA24039866FDAB704A54A5B9571EEF12254234C4A89
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389979071406110","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144194},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.9","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.963662423205105
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqR9sBdOg2HMgcaq3QYiub5P7E4T3y:Y2sRdsY+dMHML3QYhbt7nby
MD5:	AE7B29B9E9BEDD9C0C0EDFCB7D89B170
SHA1:	9AA931EB72C75FD94C3C60C142E52BBD4C18FE5C
SHA-256:	561371BEC57B419F8265FD5F4202E63E13AEABC31A7341886A7805D156C8EE55
SHA-512:	C57B04A36D2BF49114EE91010279B09615BE3E6CF2D49A0FF45324649D2E64AE430E92172F175A399480FFA24039866FDAB704A54A5B9571EEF12254234C4A89
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389979071406110","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144194},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.9","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4288
Entropy (8bit):	5.223998783390799
Encrypted:	false
SSDEEP:	96:GICD8SBCmPAi8j0/8qbGNSwPgGYPx8xRqhm068OzzmKVZJBVZ:1CDLCmPj8j0/8qKgwPHYPx8xemT8Ozzx
MD5:	231BD57C7193E8142EE7FE7FFFF68878
SHA1:	0264CCAD84E464D0D2D55927B1B8A8D88EA37D05
SHA-256:	33FFD2EDC5E24128F4FCFAB5803BD2843A9E7CDAD0769B3E73A35E9EF98ADA7A
SHA-512:	B6278BBC6BB24C0D8F5AB37D5E083E6750EFE7E79F9F512B39615AEBC54B3634A6999436A31CF538BA2B25690745DA621E16933BD8C870D8A7E1864BA5C58199
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-W...o................next-map-id.1.Pnamespace-ed11ed50_1515_4296_b27c_721e1e1acdec-https://rna-resource.acrobat.com/.0.w..r................next-map-id.2.Snamespace-f62cae74_b031_4dd2_8c7b_e9ef3858dbf9-https://rna-v2-resource.acrobat.com/.1:M4.r................next-map-id.3.Snamespace-2a2b5482_c0ce_4c74_9fbc_8a8daf6ed72d-https://rna-v2-resource.acrobat.com/.2IE..o................next-map-id.4.Pnamespace-b58dfce7_364b_43da_946b_3d7546a793e5-https://rna-resource.acrobat.com/.3KQ..^...............Pnamespace-ed11ed50_1515_4296_b27c_721e1e1acdec-https://rna-resource.acrobat.com/.xK.^...............Pnamespace-b58dfce7_364b_43da_946b_3d7546a793e5-https://rna-resource.acrobat.com/.i.+a...............Snamespace-f62cae74_b031_4dd2_8c7b_e9ef3858dbf9-https://rna-v2-resource.acrobat.com/Tz.qa...............Snamespace-2a2b5482_c0ce_4c74_9fbc_8a8daf6ed72d-https://rna-v2-resource.acrobat.com/"_.o................next-map-id.5.Pnamespace-7c898a99_566e_4628_b4ec_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.153899077273513
Encrypted:	false
SSDEEP:	6:iORLfNVn+q2PqLTwi2nKuAl9OmbzNMxIFUtDLfNVXdFZZmw9LfNVwmNVkwOqLTw9:7RKv8wZHAa8jFUtDD5/9cu5TwZHAa84J
MD5:	DF95C8F9CD474A0D382A47330470F65A
SHA1:	3CB9BF3BBF74D54B9C5B407038EDD0CA77283A72
SHA-256:	32084C6BC70092E24EBAC84A3E5DCAB76D065350961A9F15F6F60A6F7226EAF7
SHA-512:	85EA28F1D1B1FD14313E63A612DD7463A5B776A3E76635A083DF28CBF96C17AB2F0FD6148217804792E518891A2FDFD1A176A7412695BFE9B22F8F8DE466EA86
Malicious:	false
Reputation:	low
Preview:	2025/04/23-10:37:40.002 1a28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/23-10:37:40.004 1a28 Recovering log #3.2025/04/23-10:37:40.006 1a28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.153899077273513
Encrypted:	false
SSDEEP:	6:iORLfNVn+q2PqLTwi2nKuAl9OmbzNMxIFUtDLfNVXdFZZmw9LfNVwmNVkwOqLTw9:7RKv8wZHAa8jFUtDD5/9cu5TwZHAa84J
MD5:	DF95C8F9CD474A0D382A47330470F65A
SHA1:	3CB9BF3BBF74D54B9C5B407038EDD0CA77283A72
SHA-256:	32084C6BC70092E24EBAC84A3E5DCAB76D065350961A9F15F6F60A6F7226EAF7
SHA-512:	85EA28F1D1B1FD14313E63A612DD7463A5B776A3E76635A083DF28CBF96C17AB2F0FD6148217804792E518891A2FDFD1A176A7412695BFE9B22F8F8DE466EA86
Malicious:	false
Reputation:	low
Preview:	2025/04/23-10:37:40.002 1a28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/23-10:37:40.004 1a28 Recovering log #3.2025/04/23-10:37:40.006 1a28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250423143743Z-177.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	1.6272631545545948
Encrypted:	false
SSDEEP:	96:WMXsW4MOIX0OOIOvOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOEkHZJ/yCj90WOW3:tsW4SRU93kh3uIi9bHRjs8TG
MD5:	AAF53BCC206AF5F1261F1097691AFB0D
SHA1:	38048F89F27DE5F043775466A48E9C84C05DF317
SHA-256:	AE827301C22325F8F652178FD2C0793E82C6A53C5CF59ADB4443992E2BDFF576
SHA-512:	1CDE0FDD7C35677A3F6545AAAD79B9B38A2B061EFCE9A2B276EA2D2A218255E2ABFB8845A3C57F99EFC23078AD41FBBD860EA9DC44D8CE1E85E7CFAD3FBABD13
Malicious:	false
Reputation:	low
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.438457030188331
Encrypted:	false
SSDEEP:	384:ye+ci5GhiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:pturVgazUpUTTGt
MD5:	3D1E0105972D2C163D1FE7B277C33568
SHA1:	B28C1882DB60683EFAD815ECE96394843A0AAC51
SHA-256:	01CB1784C5DE2B39E094F0CB608C18A7A6D620133DE91E4D72971CC8B0B49476
SHA-512:	994856DA3F0C51D9D995D38510E3FB5A9E4A2F7C2BE89FB2AB3C5AB4B99246248286E3929E0E11131132DA06305E65E6CD01D4F315A27DA4632324987CD766BC
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.7696840388943786
Encrypted:	false
SSDEEP:	48:7MEJioyV0ioyuoy1C7oy16oy1yKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1OH:7PJu06tXjBiub9IVXEBodRBkf
MD5:	29751CF8848342594DF7503827B6046D
SHA1:	B6D06AE8C52EF15D71B04C419C644BBA2194FE08
SHA-256:	624F243CAD9498B9F3A072349C9A66B7C47D194AEB37C308BC5A64DD7D832B73
SHA-512:	5814706AFC4999C6DC343668639DFF38D957A2AC114FAD2CDBF5225F22ADCA5A8E3D0E8B4635C38DAAC37393B1F60CD20F93D9DB9830B55D0F53B7984E39048C
Malicious:	false
Preview:	.... .c.......%...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	73305
Entropy (8bit):	7.996028107841645
Encrypted:	true
SSDEEP:	1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/
MD5:	83142242E97B8953C386F988AA694E4A
SHA1:	833ED12FC15B356136DCDD27C61A50F59C5C7D50
SHA-256:	D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
SHA-512:	BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
Malicious:	false
Preview:	MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH..M.KB."..rK.RQ..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j\|w...#.oU..Eq[..P..^..~.V...;..m...I\|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.\|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.7582608629891823
Encrypted:	false
SSDEEP:	3:kkFkl1ikfllXlE/HT8k3XNNX8RolJuRdxLlGB9lQRYwpDdt:kKV9T8+NMa8RdWBwRd
MD5:	0BD9F4E460A541DC1488933EF4B26A81
SHA1:	8AEDAF1226DFA011E91C1FB41D34766B571BB493
SHA-256:	026D4CCF9F78149299A6103ADBB93F9C20931265B6D4E27901609ADF7FD026D9
SHA-512:	F60BC41915AFA61899B64EB148719726EF20AEB97872F6FE686E790BD09A71E40FAF1A3BC7F35B1F4BFCFD10AF957D8616E92C96E4882B9F2F078DFB4C05470E
Malicious:	false
Preview:	p...... ........FhiJ]...(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	330
Entropy (8bit):	3.1677572806614367
Encrypted:	false
SSDEEP:	6:kKn0GmcvSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:v0GmCkPlE99SNxAhUeq8S
MD5:	AB2315E58550038C2732FD3944A634C3
SHA1:	D45912424892782E6AB75FDDA1383E42296D7447
SHA-256:	9249E528748567C97285D7CC8999598324151FEEAF03A57A77C156FC49191BF3
SHA-512:	B68C86418FA106E67010CD67E53D3543A5D7C3D06A064B593E698F2FFA44E88959C283E63B28FAEA443D651BC44705120A656C96436A6684F92ADB7BA2528985
Malicious:	false
Preview:	p...... ..........n]...(....................................................... ..................(...........Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7072

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	227002
Entropy (8bit):	3.392780893644728
Encrypted:	false
SSDEEP:	1536:WKPC4iyzDtrh1cK3XEiv07VK/3AYvYwgF/rRoL+sn:DPCaL/3AYvYwglFoL+sn
MD5:	11F2FC7F8C64BEAE994575ECEF93CFFF
SHA1:	75014E1BF55814F00BDD25BB8D290A2FFE881A3A
SHA-256:	962CBFB11B6666C900037518E4F69ACA3B2633A3A522D2BFB830A4868EA366CB
SHA-512:	ECE2F0B04DB5A01316ED75FFD2AB381EC035636B758A20E58C355AEEB4E5032102A279EB97FBC0CC8617BCC47DBF7ECBB3BE15994342CC5B56B4C56999956975
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.363567504742899
Encrypted:	false
SSDEEP:	6:YEQXJ2HXH0gEiDnmSg1c2LjcWkHvR0Y7r2ieoAvJM3g98kUwPeUkwRe9:YvXKXUzrT5LjIPDjVGMbLUkee9
MD5:	FDB1F5CBF1074760FFB519269EC968E9
SHA1:	F07A501E73548806F8FB4D38E700F40290B9E1FE
SHA-256:	100048B9B9C7B97820D4551BCC6A09B6E8ACC062694ED8DE689F493619C90353
SHA-512:	2C3FB87D416596DF04B97A31D82681E814B9A0B87AEB26402477DCA2F1FE382A8470260166E7554BA7EEFBA7D58FA7CBE886925CA9ACF52E1553B66149B97AC8
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"04568880-550c-4637-9a22-1898c1e70bfc","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1745594476430,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.317297668072327
Encrypted:	false
SSDEEP:	6:YEQXJ2HXH0gEiDnmSg1c2LjcWkHvR0Y7r2ieoAvJfBoTfXpnrPeUkwRe9:YvXKXUzrT5LjIPDjVGWTfXcUkee9
MD5:	B913D98A515ACAE077C427533CA20B75
SHA1:	10F3F8B00A20267A8B96D548D68CF99508F94C9E
SHA-256:	B7026C24203742AFEE73AC52643872EEEA12E5CA6A028DF72C9320B06A934677
SHA-512:	E1CA212F73CBA0F6CE243FF5EC707706A84A7C01080D7A1B6F8EA5D55AD1DF05D886E69601E6FF51FB803C76326FD3102F9355AFA2FA7BA864EDF17C3E1EDA43
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"04568880-550c-4637-9a22-1898c1e70bfc","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1745594476430,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.295147761649397
Encrypted:	false
SSDEEP:	6:YEQXJ2HXH0gEiDnmSg1c2LjcWkHvR0Y7r2ieoAvJfBD2G6UpnrPeUkwRe9:YvXKXUzrT5LjIPDjVGR22cUkee9
MD5:	515A0F5F4257EE817D30064446358616
SHA1:	D18B43E5D8750937E28E799D37C9AE3E72BBF780
SHA-256:	3CBBAA78E0AAD6160E5C3D286FC8D5C48D76DE66CF74F149E1B11E5FA3F70B62
SHA-512:	1DEA76C651CCAC8134837FD9C35622888CEAA76F55EC3DF6C272E0CCF59A2D9D6FC510774A448562EA80EB92DEC55C8ABA0C1136253C78B8266A9B2B3E3FF187
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"04568880-550c-4637-9a22-1898c1e70bfc","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1745594476430,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.344576699351665
Encrypted:	false
SSDEEP:	6:YEQXJ2HXH0gEiDnmSg1c2LjcWkHvR0Y7r2ieoAvJfPmwrPeUkwRe9:YvXKXUzrT5LjIPDjVGH56Ukee9
MD5:	139BB977628D7239DD2232DEC4456E77
SHA1:	4B46A4B635ABB2E744F645293926E9AD198D5A18
SHA-256:	0A51E167B002A4681F4EBBB9B7432CBFBC8AB6E32BEDA876A880DE0D55C41F34
SHA-512:	7BC5C730B0A79438FFDF26B836E206B911F981BD5D35CDB11B8C62ADE2419F1DDBDB9B542450B7BD207F3D33106B7FD10AA54E4BDFA967F3CE925E2C53E4AF99
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"04568880-550c-4637-9a22-1898c1e70bfc","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1745594476430,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2213
Entropy (8bit):	5.849765208626091
Encrypted:	false
SSDEEP:	24:Yv6XAT5XILj6pLgEGycjycR84b0nNFmerISIedJGWQxiEDtbpEsrAr3IAHlO25Ff:YvtXrhgly48zFm/TWCt8KOP/nDi/VU
MD5:	18AB1F59CEBD8AFDDC10B32F6EE0D0B2
SHA1:	B22432C219B0E6EF622FC0CC7F4092A3A80EC140
SHA-256:	61C9E158F4DA2E659B4D8133B7BD09D1798EE9F7A853B2DB22C8F983D8545B7B
SHA-512:	5D02DA165617706CBB4F9D365FBD2AC0763FD412EF87880227EBE24CE40F9773B6D36CE1C566ACA8F3945AF0E7C01DF0C5CE1CE6DE37499452226D7A7F5CBAEA
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"04568880-550c-4637-9a22-1898c1e70bfc","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1745594476430,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfaWQiOiJlYjYyOWYwOC00YmZiLTRkYmEtYjQzNC01MzUyZTg1MGU4NWYiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZW

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.319610048302866
Encrypted:	false
SSDEEP:	6:YEQXJ2HXH0gEiDnmSg1c2LjcWkHvR0Y7r2ieoAvJf8dPeUkwRe9:YvXKXUzrT5LjIPDjVGU8Ukee9
MD5:	F69B78333CD44874581D2CF7F1EB8E45
SHA1:	2BD385F939DD2ECE4D4CC288205F07185EFC15A4
SHA-256:	8BFBE09FF3605EC37E9B3A3080D6FBA48FB50B0D3295BA945E0C0DC8D3073DE5
SHA-512:	4D8E5E0123522326EA18436786D50E28A8AE2A1A7E1F3810892D2BEC84F9F41D2EDC26382428CF5A3497D79DCF82907AA6D8C2FACCD4837BC1DE75390280F181
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"04568880-550c-4637-9a22-1898c1e70bfc","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1745594476430,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.310929230395425
Encrypted:	false
SSDEEP:	6:YEQXJ2HXH0gEiDnmSg1c2LjcWkHvR0Y7r2ieoAvJfQ1rPeUkwRe9:YvXKXUzrT5LjIPDjVGY16Ukee9
MD5:	637B76B400EB4415FBFA5870EF74970C
SHA1:	4620A823D2A3ABA9459D5D5262A2C4B053A63E44
SHA-256:	E7600540107994511D813781BE5E1C0ECE1DB52BB63A9CA750C65FF18C449F73
SHA-512:	C03C5156C340D3251A0CE13CA7D98D874897F97FA9C696A0BC87E9627DF646B9A69F5C89ECA691FE8971B66D9E2B0E0B9B8F7F52C5BD79DE2A31DD4E18BAB143
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"04568880-550c-4637-9a22-1898c1e70bfc","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1745594476430,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2160
Entropy (8bit):	5.836134473295373
Encrypted:	false
SSDEEP:	48:YvtX2ogbN48uOQ/GiyL4TwKOkQJi+ohJU:GPg54nf/IQOkQJiFs
MD5:	AD2BFE1676B8F394B9B64B2407A41FDD
SHA1:	E3C7726F4ADE505E70CB8744FD8A343E5584851A
SHA-256:	EDE4E9FBD394B721531112BD98360866D85F4AA50270ACB9D0AED4EC056A9B6F
SHA-512:	6EACFA4A685F5C6FF779C5176524EDBBA0C26A284A3975EB860ABEDC29AFF983AF5A07A26ED1A432EDDB06A8A9A9BD2C470A2FA5B9C254B21650A8C8E1638F0A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"04568880-550c-4637-9a22-1898c1e70bfc","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1745594476430,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfaWQiOiIzNzkzMGExNC1kOGMwLTRlZDYtYjI0Yi0zZGUzY2FlZjZlNjAiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.346364143924689
Encrypted:	false
SSDEEP:	6:YEQXJ2HXH0gEiDnmSg1c2LjcWkHvR0Y7r2ieoAvJfzdPeUkwRe9:YvXKXUzrT5LjIPDjVGb8Ukee9
MD5:	02BDCC5C0CE86C6D9AE8C7F535C82F8A
SHA1:	45FE00F669A4AA48FF9C9491086F654976C17A6F
SHA-256:	F1AECE258663D0BC75A05E20B641767124F2A7CE772EC7756ED7E010B7904B45
SHA-512:	090ECFE87C159F923F1F95D676E24826E2BD41475F038BBCD06648AD31033D833DF267E1540F01BCC44DF3903A3ADD8165C3E974889589BACC8B127696082107
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"04568880-550c-4637-9a22-1898c1e70bfc","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1745594476430,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.327274633115631
Encrypted:	false
SSDEEP:	6:YEQXJ2HXH0gEiDnmSg1c2LjcWkHvR0Y7r2ieoAvJfYdPeUkwRe9:YvXKXUzrT5LjIPDjVGg8Ukee9
MD5:	72F68E8773B52B02590489670FFEC75B
SHA1:	A4CA445FF623BD75B964EA35CA7E9AA1E90C0383
SHA-256:	26E09BC25895D47CEA8C5A2B0AD0F42FFBBE182DD88D458FA5D2038980767B96
SHA-512:	7D60B46F2EA7B63BAE74F75BB8D4E6ABE63870AF3E30BAFE971F89BE8E2D1075D17707F6E8A1A95E59935053850722FF0CA1CD093D05FF1E438B145EE8A6500A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"04568880-550c-4637-9a22-1898c1e70bfc","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1745594476430,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	5.3138051931412456
Encrypted:	false
SSDEEP:	6:YEQXJ2HXH0gEiDnmSg1c2LjcWkHvR0Y7r2ieoAvJf+dPeUkwRe9:YvXKXUzrT5LjIPDjVG28Ukee9
MD5:	41B3A7D57B4D586C58AA8C48DBA93352
SHA1:	E13D364A2F2E6DC4F87A3D28ADB7A04EF665E136
SHA-256:	7198D8A70B36E76F3A229F42A7505825995085C14DD84A2E2C5CB73CBFDE8E04
SHA-512:	23A82CE39F7F13BB1301DF34DF46F6DEDBDE753D0D3140684A5FB618473E2B71DE07BC669638279F6411652DB0BEFEFBBBE9188D228D169BCBC7FDF9C8140158
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"04568880-550c-4637-9a22-1898c1e70bfc","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1745594476430,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.310634276266364
Encrypted:	false
SSDEEP:	6:YEQXJ2HXH0gEiDnmSg1c2LjcWkHvR0Y7r2ieoAvJfbPtdPeUkwRe9:YvXKXUzrT5LjIPDjVGDV8Ukee9
MD5:	1CE8B317ECBB2225D9609244371B4FEA
SHA1:	BE7214AF545B16C262439C3587263C46E5B069FA
SHA-256:	E2B6E8AA1B2A61BC3E8D708552A2CFDB49062864FBCB20246A771629593FD96A
SHA-512:	6FB94A566DA986ED90F8D11469CB3F1C492B23B77A0F67754DD178360B990BBF7EAB08776990DBA64BDEC7AB76D81C37C6577F5F72CFD0D56C4500928FA93C0C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"04568880-550c-4637-9a22-1898c1e70bfc","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1745594476430,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.302771725434122
Encrypted:	false
SSDEEP:	6:YEQXJ2HXH0gEiDnmSg1c2LjcWkHvR0Y7r2ieoAvJf21rPeUkwRe9:YvXKXUzrT5LjIPDjVG+16Ukee9
MD5:	80DA97ABF35075A18A64EF470F8A5787
SHA1:	B49E4BC9029326B5CB23ABB8CB48D1C8BDDA2469
SHA-256:	07F1A7ABAAFCEBFFAE1DB1706380BA034F44DDA38E2FC7383FEE2AFEF652D2CE
SHA-512:	FFF2847C2106FA538BD0B604950989195E7576A1D4D7BB7AC7D426CBFAF7A0E5D93AD451D7138665BDE39DDEDC06360F1B1E678A44F5E618504AB31C9562B812
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"04568880-550c-4637-9a22-1898c1e70bfc","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1745594476430,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2112
Entropy (8bit):	5.853355567840228
Encrypted:	false
SSDEEP:	24:Yv6XAT5XILjmamXayLgEdycgNaLcR84brvXJkoerISIQ1iyLVFgKy1N8IAHlOBJ5:YvtXbBgBG48kJko/SiyL4T0AFDA/VU
MD5:	5BEA00ECA13F0344203D6D54A1F88AAF
SHA1:	5FCEDC4B0052EAB728ECD35BF4AE6E1BB84FF4B3
SHA-256:	F0DA01A108311E3E204E544C459ED4BA724079189E21ABAEE779CD48806A0405
SHA-512:	27C259680C4469E2D6F8AFB4056D2FAC499F3E5C18F50051976206997322E6F46CC800CA848864C4AA7977444BE7AA6C8B9D21F43FD9BA52247354F2F5C67890
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"04568880-550c-4637-9a22-1898c1e70bfc","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1745594476430,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfaWQiOiJkMDQzMmY0Yy1hNTM2LTRlMzktOGNkNS1jYThiYjRhZTY2YzIiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnV

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.278912512126086
Encrypted:	false
SSDEEP:	6:YEQXJ2HXH0gEiDnmSg1c2LjcWkHvR0Y7r2ieoAvJfshHHrPeUkwRe9:YvXKXUzrT5LjIPDjVGUUUkee9
MD5:	EEF0AC6CAF7C0C22CFEE33368DD303F0
SHA1:	427B29EEEC164365475DC94656175F5D14BCE21E
SHA-256:	E6156B9EBC5D43C704CB61F6BB3AF8F46E94B18B95CFB1AA1BB346C1529716E0
SHA-512:	F95AA669522342717B66B85CE74AD8C0CFA29C41F6F760AF7F7925E44285EA266862D00453189D06321A59586FC0502227DB3196246877898A1A0132C684DCA6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"04568880-550c-4637-9a22-1898c1e70bfc","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1745594476430,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	282
Entropy (8bit):	5.2786499932756845
Encrypted:	false
SSDEEP:	6:YEQXJ2HXH0gEiDnmSg1c2LjcWkHvR0Y7r2ieoAvJTqgFCrPeUkwRe9:YvXKXUzrT5LjIPDjVGTq16Ukee9
MD5:	E57F091A2775A7B2478378621E50ADD0
SHA1:	FCB32890EBAF5A27BAFDF8ADC9E873D990C6D99B
SHA-256:	79F773D0FDD5D017C0B31565E54FE04ED388CD3C9D7D2EA93FBD662FC9319E09
SHA-512:	6F01E09DE532BC6B67C8C0EF6BF068C4F965A5A29C455804C66910876C6AB91714AF98AA283416A98403297CAACF07CF9B436F2A90D0E3F39358607BC8C5D5C0
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"04568880-550c-4637-9a22-1898c1e70bfc","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1745594476430,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2815
Entropy (8bit):	5.136633296343993
Encrypted:	false
SSDEEP:	24:YFi2as6EHayqOkP2GDlsBHk/8Bk2WjW8Q7j0SupX22A73WBP2LSgCzRzDyMV95EZ:YFb6EWejZOfMXhH7WP6URzeMv49eQ
MD5:	1B04901E22C9DD2DF4E4E32648F6D58A
SHA1:	5040009103ED51C0C43A98C47C7E476137627D06
SHA-256:	4DC9006CCB308492C8CFC08FD50E2419501AC8EDB1E48FEF4304422AFD79DC62
SHA-512:	3B6B53704A612D01873081EF11C1F75EA96D1AC005E719E7BED0B1B5E8A3800FCF74FD4C0B7EF9F7B449D55E8FD09E850B1B9EA89CD019DA755039714DBCE19E
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"629737b4d5f247c7cae2b0c03b761a77","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1745419066000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"76442627c626624b87dea0ec85210b90","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2112,"ts":1745419066000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"b22a2963eb3a46f0775a949c1b6cbff6","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2213,"ts":1745419066000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"adab81bbf667c84867c6805a8f4053c0","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2160,"ts":1745419066000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"3a975f8fe9b2da07ad81fd39d87a3cbc","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1745419066000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"f1e31d53e21df0971751aa293d76cdbb","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 26, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 26
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.3660659339281835
Encrypted:	false
SSDEEP:	24:TLBx/XYKQvGJF7urs9S6bqyKn6ylSTofcNqDuh3ZyXKdqEKfS8EKfM1baJ3ZyF:Tll2GL7msMcKTlS8fcsuhvfIJc
MD5:	64D4128A31F70DB07BA7B8C7B4B058F4
SHA1:	BDDC2258268C39BF49BA5B6FBAC683E5A6FD46CD
SHA-256:	BAAF52B9018A0C403BE9A99D97C23EA8FF4FC718CD829E22EF68D0EEB5E95535
SHA-512:	4907BAC839FB371035521CA70FA52213B93892573D9C096CC214D3B200A2F3AB31DE4373BD2DB78BAA9416747EBC3A619AA315C05A1F2C7E5C331E4E63B68C1E
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.8417354536415864
Encrypted:	false
SSDEEP:	24:7+tjZ6bqyKn6ylSTofcNqDuh3Zy+KdqEKfS8EKfM1banbq+qLKufx/XYKQvGJF7N:7MFcKTlS8fcsuhqfI3qGufl2GL7msp
MD5:	9BC4A0800C91DBE27DB96B27B793B319
SHA1:	BFE852687ED691B91E878F9F0322169694508EA2
SHA-256:	7BD51FC2994A304A4E65038188E9086BBE0558656920F00B78C96DF6DFC23528
SHA-512:	31FD2EB1087D652765AA28CDAD21608002A8124EF58B6A8B4A07F14DB50CD6652447EAAC2213ECDFA8AA26BAFB1213879C51E25EE4F267DAC4E32F6313A5751E
Malicious:	false
Preview:	.... .c......b.Z..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^..^.^.^.^.^.^.^.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI7ca11.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.536003181970279
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rkClEdNxue:Qw946cPbiOxDlbYnuRKNx
MD5:	C82CE0FC73740BC3E4A252646E13A359
SHA1:	FE3EBB9F9C12E45F907F1E2A92CFEC5115C90E3C
SHA-256:	CF4C8332CC8B929412164BF94436A4932EFCAB673B1B0C6072BA6687E5B7CAD9
SHA-512:	6C1FC4941B638B93705BE0F99C0C027AABF1C6B0BF9F45635F24ACEA67B2E76F4AD039CE66BE5A0E5DFAD78E956FDFFDDCDFFB5146995792E79144F65F745CEC
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.3./.0.4./.2.0.2.5. . .1.0.:.3.7.:.4.6. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-23 10-37-41-348.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.330589339471305
Encrypted:	false
SSDEEP:	384:usQfQQjZyDzISMjg0svDBjA49Y0/sQHpMVhrSWD0Wny6WxIWd44mJmtaEKHvMMwh:Ink
MD5:	5BC0A308794F062FEC40F3016568DF9F
SHA1:	14149448191AB45E99011CBBEF39F2A9A03A0D15
SHA-256:	00D910C49F2885F6810F4019A916EFA52F12881CBF1525853D0C184E1B796473
SHA-512:	CF12E0787C1C2A129BE61C4572CF8A28FC48039B2ADFD1816E58078D8DD900771442F210C545AD9B3F4EAEC23F6F1480F7BBF262B6A631160B20D0785BC17242
Malicious:	false
Preview:	SessionID=eddad23d-dbc6-40b3-ba9e-21a55d862f0a.1696497318171 Timestamp=2023-10-05T10:15:18:171+0100 ThreadID=7060 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=eddad23d-dbc6-40b3-ba9e-21a55d862f0a.1696497318171 Timestamp=2023-10-05T10:15:18:172+0100 ThreadID=7060 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=eddad23d-dbc6-40b3-ba9e-21a55d862f0a.1696497318171 Timestamp=2023-10-05T10:15:18:172+0100 ThreadID=7060 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=eddad23d-dbc6-40b3-ba9e-21a55d862f0a.1696497318171 Timestamp=2023-10-05T10:15:18:172+0100 ThreadID=7060 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=eddad23d-dbc6-40b3-ba9e-21a55d862f0a.1696497318171 Timestamp=2023-10-05T10:15:18:172+0100 ThreadID=7060 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.374537900351382
Encrypted:	false
SSDEEP:	384:ejxi54PNqXKwfvRc6fm2VH+nzE9R0euyzQxztW47+OYOu4nFvm8pfKFE5yMINKiC:YyBy
MD5:	AD7502850F9784B6E09BB4E967ABFFB8
SHA1:	5A8BE9C83B5878BFB4AF2BBA1ED183C114C2501E
SHA-256:	0D5F61F7036137B9F6E380B0C5D66A673D50FBABB2B14EB94C2884007348172A
SHA-512:	08CEB68936FA9A952ACC9000F23BB41C2681A2EE8E97F9563CE4FDF465B87FA91021821D60E54353F46F0388B459C0EAAFB213405F0D9DEB64E1F4C5B0EC5493
Malicious:	false
Preview:	SessionID=4bd281cf-54cb-4fdd-8b87-a8bdaedb392c.1745419061361 Timestamp=2025-04-23T10:37:41:361-0400 ThreadID=7160 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=4bd281cf-54cb-4fdd-8b87-a8bdaedb392c.1745419061361 Timestamp=2025-04-23T10:37:41:363-0400 ThreadID=7160 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=4bd281cf-54cb-4fdd-8b87-a8bdaedb392c.1745419061361 Timestamp=2025-04-23T10:37:41:363-0400 ThreadID=7160 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=4bd281cf-54cb-4fdd-8b87-a8bdaedb392c.1745419061361 Timestamp=2025-04-23T10:37:41:363-0400 ThreadID=7160 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=4bd281cf-54cb-4fdd-8b87-a8bdaedb392c.1745419061361 Timestamp=2025-04-23T10:37:41:363-0400 ThreadID=7160 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.384739535151962
Encrypted:	false
SSDEEP:	192:icbENIn5cbqlcbgIpLcbJcb4I5jcbKcbQIrxcbmKcbKInRcbO:8qnXopZ50rPnX
MD5:	457326152D98CC6DB2E67B0C9A45DADA
SHA1:	6D7C04E9FD2F76A0D58D69EA63E238074B4068C8
SHA-256:	FBCA41A51907F01D46509A7ABEDD8EA74D022A3D60B9D6C9EABEADE846A98AB9
SHA-512:	41C18CD5270DF5C1C1A01F1C9154235B162760A6FEB935F05FBD7D2E6074645CEE6EDB517885BF1FC69C7254F7B66321BD2D8F9192069795BF2D3FCF30492CC9
Malicious:	false
Preview:	05-10-2023 10:01:02:.---2---..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : *************************************..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : ***********************************..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 10:01:02:.Closing File..05-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\6287dee9-3a51-49c8-aa93-52b7dcb2d5fa.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\76d311cd-a633-4ea1-9273-9459a02a5860.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\c4a8fc22-a716-4cd0-9f21-feef159898f7.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/nZXYIGNPpeWL07oYGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:fZXZGeWLxYGZN3mlind9i4ufFXpAXkru
MD5:	8B9A388440CFE3BFA95587E34B7BE149
SHA1:	64B74497856A696252797E130D819CB147870A77
SHA-256:	63DE1DC0683CEFDE940AE3FD2970C7BB91A507B13EC28F75F9C51039831CB82D
SHA-512:	6B21038A24D4AAFCBB371D84CF0B76019ACD6A9F70E5D30E9FD491989DF2999C884E0C49273B66C1D6D6E2C369FF28A04F9805079B025B0D77CD857DCA61457B
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\ce42f870-88ff-47f4-91af-f3dbcb10791d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

Static File Info

General

File type:	PDF document, version 1.3, 4 pages
Entropy (8bit):	7.965146978917971
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	E73P Associate Consultant Profile.pdf
File size:	568'549 bytes
MD5:	88f9e5e046bd9172f1a425740e1df301
SHA1:	df7aff544b8a42f0c56b2115202cabc3f14da897
SHA256:	43d8057b6ab0bac53058fcbfc91f27c5f3fdbd3f72af0f0208c8d397a58753d7
SHA512:	0376dfc7f6f6b61b24f20c4d35d436013cabe3c08b235c12303ec80e366d22bd706f6718de1c2bc8ffd67b0d84c91055653527f17470cda4e4dfa1900112ff30
SSDEEP:	12288:MSZUrwvXP/ZjxnZH5nhGm+25fEfpcUf1sQo:Y8vXX1rJhGm+2gpcUfm
TLSH:	E5C4F1A0AE64C913C6B66135638042F497763B39614CDC2D2DF3DAD77A00878FDE299B
File Content Preview:	%PDF-1.3.%............3 0 obj.<< /Filter /FlateDecode /Length 9607 >>.stream.x..]i.$.q.....as{..f....I+R.:-.k..F.p0....m....{y.....^....* .H..D....W....f:M.<...>.MU.....\|.......8.....]...g...n._.f..y?.k.n.}.....Qj\|..?...?......\|......V..}....4/...;.}.....

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.3
Total Entropy:	7.965147
Total Bytes:	568549
Stream Entropy:	7.967075
Stream Bytes:	560999
Entropy outside Streams:	5.079820
Bytes outside Streams:	7550
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	44
endobj	44
stream	20
endstream	20
xref	1
trailer	1
startxref	1
/Page	4
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
5	0000000000000000	c90f17996c6d8b9bacb3776a38b40843
21	0000000000000000	57e6b9c1e38595429816309575d80b02
25	0000000000000000	98410710c5e065cce230a646f5b9684a

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 6
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2025 16:37:51.135215998 CEST	49690	80	192.168.2.9	23.202.57.36
Apr 23, 2025 16:37:51.274988890 CEST	80	49690	23.202.57.36	192.168.2.9
Apr 23, 2025 16:37:51.275064945 CEST	49690	80	192.168.2.9	23.202.57.36
Apr 23, 2025 16:37:51.275244951 CEST	49690	80	192.168.2.9	23.202.57.36
Apr 23, 2025 16:37:51.414941072 CEST	80	49690	23.202.57.36	192.168.2.9
Apr 23, 2025 16:37:51.415899038 CEST	80	49690	23.202.57.36	192.168.2.9
Apr 23, 2025 16:37:51.415940046 CEST	80	49690	23.202.57.36	192.168.2.9
Apr 23, 2025 16:37:51.415987015 CEST	49690	80	192.168.2.9	23.202.57.36
Apr 23, 2025 16:38:37.279990911 CEST	49690	80	192.168.2.9	23.202.57.36

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2025 16:37:50.981059074 CEST	61160	53	192.168.2.9	1.1.1.1
Apr 23, 2025 16:37:51.127551079 CEST	53	61160	1.1.1.1	192.168.2.9

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 23, 2025 16:37:50.981059074 CEST	192.168.2.9	1.1.1.1	0x6b48	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 23, 2025 16:37:51.127551079 CEST	1.1.1.1	192.168.2.9	0x6b48	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 23, 2025 16:37:51.127551079 CEST	1.1.1.1	192.168.2.9	0x6b48	No error (0)	crl.root-x1.letsencrypt.org.edgekey.net	e8652.dscx.akamaiedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 23, 2025 16:37:51.127551079 CEST	1.1.1.1	192.168.2.9	0x6b48	No error (0)	e8652.dscx.akamaiedge.net		23.202.57.36	A (IP address)	IN (0x0001)	false
Apr 23, 2025 16:38:04.983856916 CEST	1.1.1.1	192.168.2.9	0x9156	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 23, 2025 16:38:04.983856916 CEST	1.1.1.1	192.168.2.9	0x9156	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

x1.i.lencr.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.9	49690	23.202.57.36	80	3068	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
Apr 23, 2025 16:37:51.275244951 CEST	115	OUT	GET / HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/10.0 Host: x1.i.lencr.org
Apr 23, 2025 16:37:51.415899038 CEST	1358	IN	HTTP/1.1 200 OK Server: nginx Content-Type: application/pkix-cert Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT ETag: "64cd6654-56f" Content-Disposition: attachment; filename="ISRG Root X1.der" Cache-Control: max-age=69869 Expires: Thu, 24 Apr 2025 10:02:20 GMT Date: Wed, 23 Apr 2025 14:37:51 GMT Content-Length: 1391 Connection: keep-alive Data Raw: 30 82 05 6b 30 82 03 53 a0 03 02 01 02 02 11 00 82 10 cf b0 d2 40 e3 59 44 63 e0 bb 63 82 8b 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 31 35 30 36 30 34 31 31 30 34 33 38 5a 17 0d 33 35 30 36 30 34 31 31 30 34 33 38 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 [TRUNCATED] Data Ascii: 0k0S@YDcc0H0O10UUS1)0'U Internet Security Research Group10UISRG Root X10150604110438Z350604110438Z0O10UUS1)0'U Internet Security Research Group10UISRG Root X10"0H0$s7+W(8n<WxujnO(hlDck1!~3<Hy!KqiJffl~<p)"K~G\|H#S8Oo.IWt/8{p!u0<cOK~w.{JL%p)S$J?aQcq.o[\4ylv;by/&676urIAv5/(ldwnG7Y^hrA)>Y>&$ZL@F:Qn;}rxY>Qx/>{JKsP\|Ctt0[q600\H;}`)A\|;FHvvj=8d+(B"']ypN:'Qnd3COB0@0U0U00UyY{sXn0*HUXPi ')au\ni/VKsY!~Lq`9!VPYYbEf\|o;'}~"+"
Apr 23, 2025 16:37:51.415940046 CEST	387	IN	Data Raw: 0e 8f f2 8a 34 5b 58 d8 fc 01 c9 54 b9 b8 26 cc 8a 88 33 89 4c 2d 84 3c 82 df ee 96 57 05 ba 2c bb f7 c4 b7 c7 4e 3b 82 be 31 c8 22 73 73 92 d1 c2 80 a4 39 39 10 33 23 82 4c 3c 9f 86 b2 55 98 1d be 29 86 8c 22 9b 9e e2 6b 3b 57 3a 82 70 4d dc 09 Data Ascii: 4[XT&3L-<W,N;1"ss993#L<U)"k;W:pMMl]+NEJ&rj,_(.{q{^FS\|7B*HL9GR+3S}MmBo@'5\(3#PylFn~:R-?[$

Statistics

Click to jump to process

Memory Usage

• Acrobat.exe
• AcroCEF.exe
• AcroCEF.exe

Click to jump to process

High Level Behavior Distribution

• File
• Registry

Click to dive into process behavior distribution

Behavior

• Acrobat.exe
• AcroCEF.exe
• AcroCEF.exe

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 6984, Parent PID: 4040

Function Logs

General

Target ID:	0
Start time:	10:37:37
Start date:	23/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\E73P Associate Consultant Profile.pdf"
Imagebase:	0x7ff7d3470000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

File Activities

File Opened

File Created

File Moved

File Read

Other File Operations

Volume Information Queried

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

Key Opened

Key Created

Key Deleted

Key Value Created

Key Value Deleted

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Mutex Activities

Mutex Created

Show Windows behavior

Process Activities

Process Created

Process Information Set

Show Windows behavior

Thread Activities

Thread Created

Thread Execution Resumed

Thread Terminated

Thread Information Set

Show Windows behavior

Memory Activities

Memory Read

Memory Written

Memory Usage Statistics

Show Windows behavior

System Activities

System Information Queried

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

Window Created

Window UI Found

Window UI Enumerated

Show Windows behavior

Process Token Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Object Security Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

LPC Port Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 3068, Parent PID: 6984

Function Logs

General

Target ID:	1
Start time:	10:37:38
Start date:	23/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff6b4730000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

File Activities

File Opened

File Read

Other File Operations

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Mutex Activities

Mutex Created

Show Windows behavior

Process Activities

Process Created

Process Information Set

Process Terminated

Show Windows behavior

Thread Activities

Thread Created

Thread Terminated

Thread Information Set

Show Windows behavior

Memory Activities

Memory Read

Memory Written

Memory Usage Statistics

Show Windows behavior

System Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Object Security Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 6688, Parent PID: 3068

Function Logs

General

Target ID:	2
Start time:	10:37:39
Start date:	23/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1620 --field-trial-handle=1568,i,7724765043965009783,18234976314626046857,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff6b4730000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

Process Information Set

Show Windows behavior

Thread Activities

Thread Created

Thread Information Set

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Object Security Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report E73P Associate Consultant Profile.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\33722493-594b-4cc0-96a6-2e76c73a6322.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250423143743Z-177.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7072

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Windows Analysis Report
E73P Associate Consultant Profile.pdf