Edit tour

Windows Analysis Report
04222025_Linebarger Goggan Blair &Sampson, LLP ATTORNEYS AT LAW .pdf

Overview

General Information

Sample name:	04222025_Linebarger Goggan Blair &Sampson, LLP ATTORNEYS AT LAW .pdf
Analysis ID:	1672202
MD5:	ef4577410ba9d113a77117c78066a97a
SHA1:	4b4664420604893dabc9afe640b2f950b9bdd2f1
SHA256:	6c643441fdea4c20ab80eb98141d66dca52d79e82f63b243fb6f6979a66099b3
Infos:

Detection

Score:	1
Range:	0 - 100
Confidence:	80%

Signatures

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 6936 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\04222025_Linebarger Goggan Blair &Sampson, LLP ATTORNEYS AT LAW .pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 3064 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 2860 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1636 --field-trial-handle=1580,i,5808780656140124304,218480992676511857,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• Software Vulnerabilities
• Networking
• System Summary
• Hooking and other Techniques for Hiding and Protection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic	DNS query: name: x1.i.lencr.org
Source: global traffic	DNS query: name: x1.i.lencr.org

Source: global traffic

TCP traffic: 192.168.2.6:49697 -> 23.202.57.36:80

Source: global traffic	TCP traffic: 192.168.2.6:49697 -> 23.202.57.36:80
Source: global traffic	TCP traffic: 23.202.57.36:80 -> 192.168.2.6:49697
Source: global traffic	TCP traffic: 192.168.2.6:49697 -> 23.202.57.36:80
Source: global traffic	TCP traffic: 192.168.2.6:49697 -> 23.202.57.36:80
Source: global traffic	TCP traffic: 23.202.57.36:80 -> 192.168.2.6:49697
Source: global traffic	TCP traffic: 23.202.57.36:80 -> 192.168.2.6:49697
Source: global traffic	TCP traffic: 23.202.57.36:80 -> 192.168.2.6:49697
Source: global traffic	TCP traffic: 192.168.2.6:49697 -> 23.202.57.36:80
Source: global traffic	TCP traffic: 192.168.2.6:49697 -> 23.202.57.36:80

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.dr	String found in binary or memory: http://x1.i.lencr.org/

Source: classification engine

Classification label: clean1.winPDF@15/47@2/1

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3008

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-23 11-19-40-553.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\04222025_Linebarger Goggan Blair &Sampson, LLP ATTORNEYS AT LAW .pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1636 --field-trial-handle=1580,i,5808780656140124304,218480992676511857,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1636 --field-trial-handle=1580,i,5808780656140124304,218480992676511857,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: 04222025_Linebarger Goggan Blair &Sampson, LLP ATTORNEYS AT LAW .pdf	Initial sample: PDF keyword /JS count = 0
Source: 04222025_Linebarger Goggan Blair &Sampson, LLP ATTORNEYS AT LAW .pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: 04222025_Linebarger Goggan Blair &Sampson, LLP ATTORNEYS AT LAW .pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	3 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	2 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	high
e8652.dscx.akamaiedge.net	23.202.57.36	true	false	high
x1.i.lencr.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.202.57.36	e8652.dscx.akamaiedge.net	United States		20940	AKAMAI-ASN1EU	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1672202
Start date and time:	2025-04-23 17:18:22 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	04222025_Linebarger Goggan Blair &Sampson, LLP ATTORNEYS AT LAW .pdf
Detection:	CLEAN
Classification:	clean1.winPDF@15/47@2/1
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.194.100.185, 3.219.243.226, 52.22.41.97, 52.6.155.20, 3.233.129.217, 162.159.61.3, 172.64.41.3, 199.232.214.172, 23.209.84.45, 23.209.84.77, 23.209.84.83, 23.209.84.4, 23.209.84.63, 23.209.84.31, 23.209.84.76, 23.209.84.67, 23.209.84.25, 23.209.84.46, 23.209.84.40, 23.209.84.11, 23.209.84.42, 23.209.84.12, 23.209.84.22, 20.12.23.50, 23.202.56.131, 23.194.102.106
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, c.pki.goog, wu-b-net.trafficmanager.net, storeedgefd.dsx.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

Time	Type	Description
11:19:50	API Interceptor	3x Sleep call for process: AcroCEF.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
23.202.57.36	https://u7990385.ct.sendgrid.net/ls/click?upn=u001.oZ6GXC16Ztdw1ob-2F3C5yow-2FsK2YC4S8s269h9OLgp-2FGcQesCtXDXKgCEAF90Sa3OFPfJy8qhvVgsO5dQAAP24WGldkufMMqzcJW5LrmEzhf7MJNa8o0pTZXNdzrWqe-2FYON1-2FboR-2Fm8cd8UXLsHw52vDRx-2B-2F8J5lF7sKJcvdITmxyVDslWyh4WO6Ky3LeUiyHAoP3nd2dqYjBtMO6HYnhPk8QJH6-2FLRsKtBc9XmbZzu-2FrQEfzZDR-2FnyXy1GL0rdKnxzjY_8yo6fXiJ3Hq0tMd90DsDouDuKJdlSsYwGCkFE-2Fx2oXeVdfwAxWFOiMhdU0RBk-2BtVpluKa3-2FNzoBTaAcr7mymuLLAortAsFMWVz8a-2BK9bZqzYU9q1ZWheI5zGs-2Bc9T0HPrWE-2FaNQPh3OHwVyx8mW31afAr3F0ikRIUv5V2T9XWXZv8m6puQccxm0ewzahM5ASdO4DaHMqzYII5Wwd1YmZrfHtqqNIrt7757GFAQHAjo8TXtgiX3F1puZtBWfZq1zwF4VmNfQDNiOK2u6shHXMzLR-2F4UXxqAZmmgcEqdykkjI5W7Tkt576XpNQm0D113Ts-2BqU8P6fm1RiEFH4w3DAA6a7alcC-2Fe6YCQz4UgKIcOiCS2xrQl5dq5kFHtFzWZmN0PSDK1CsgwAQlYIUutLAiiy5MFqABy7-2FoJCuEkqXf4IaLLm-2FuFKslNLURNzssIvYShTBKzM6kIHfLmRUvsqpAJsDCmSGKHssgNwzZLfeaKS01LjAV24LPHxaenwHBYYpwv4sCumxrh-2FbjCTFQhzkSVUSnTcpMsCbw16-2FWDGR918yaBeHPd8X0hAOEMqnRZnIFDrb79n3dv7BpRwnaAVa-2BoKH-2B4RICnLb99DlCPvXWgi-2BdgYeCsJVXjDu2Ohd3yhRsChbFlVpvJIY5nQy4JBVtBUXdLMXMK3jhaMzsrnuV0CoEBeNIkGv6Jt5jU55Dd0-2B-2Fgt7IMBqkcdRedPZJYb8GBm4TSL7UZ86clTQirfNs5FfDavyGZucnMvF-2BhvvjGXE4ofnHoz8u-2FbYKp0SV2esA9RDR-2B3tAynx-2FrLvRO9EncsvUSEycLLXuRKnrfSApcUxE-2B3eF7s0GWjzE6LWAZR5SbG7oubI3yoQSoXm4RMjme4WFNMb-2FfkHlj5MBnHVYzYtPR8JNOFLIX1eetNqOGtymJqxbswm8OPdkZ9b7lrL8VUIEkKvg3j8n9n4-2B2g7sffo7EV9MfKupp45UuHO9oMUS8WBlAp6NhUnVGT-2BWWm2Ec8I-3D	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/
23.202.57.36	-1718371016937431247.eml	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
e8652.dscx.akamaiedge.net	https://u7990385.ct.sendgrid.net/ls/click?upn=u001.oZ6GXC16Ztdw1ob-2F3C5yow-2FsK2YC4S8s269h9OLgp-2FGcQesCtXDXKgCEAF90Sa3OEF0chW-2Fo-2FTeiTWX-2FlV-2FccM974T9rXmrGU8RwawnnvqZNaiYuyLRuXREmSBxhFuJPEqkiaoR6orChXDLtkKZNc7Y4YlSU-2FxFCGnPisB-2BRU6OOTTc7GptBKXKGyiPdKMGxRnu8IjfyPTxl5a5qNHu0RPb2w5-2FIv5-2FmenrbOyFjNSpmrXs-2BLUoISOveHyyeaKQEs2vG_ZLaVF4Uye-2FMZNh-2FFBJkpj3RBqtIs12kQA7ykVrCRGfXHKXG5DnjXhIaYHa6NmY3tPpxQ4fKP-2F6VG7u6Pwp7Ly-2FxPld21OBf-2BkFFYLVQUPbLaVqHkB75UT22gQizm8jFF4uTYwoyEIjxW1-2BysX0meIg8z5NeNAn5i81hhcrWkAkxuKpcHVlPSpyjHi3mh6JIkEJlWWWX6YJ-2BDqgl4AZRevMtWpM2Li6XtObDCJlz7buTm43u2vZybN881Lut0-2FAgDsA7tBWUSgZEde6U-2Bcb7SXWLzIU8jGClJ1pSfig246O7jveHbif3ZZFizS8uCxC2rs-2FfJnToiBdK1l-2BrwN1pBVPOoF7uRQxzxvo-2FGBFVDE1b-2BpfBH6j9bZVu-2FC60oUwL0R36uoIiseOMPJGfZEbf5hK7Ue6JqDEV3MjROhU39S08kNJmk4TSmGNzwpX1E5SLVIx5HsyNF111g-2BwCPlG71p18-2Bz3nnZ-2FUC2j3DEWN3OL2iSa5H3cFd9o7IZQiSGEw6lwZKQXcN4X4OkX8G13KgHucCClt9iWFIHpSidhUdqceBV3zXolPzRtpIuDzWYCAjoW4VKhrD-2FuAo6suyC45UKRvZnH2KuSjaLsCfJcnk2tvZ1ZB-2BMFpjj0a6mV9mTO0YxGVWaYsHOE4FEfdRnLNio6S5wz8qP5eAAH6QL2t-2Fme7s71aBQjxC9SF8NydW2xtgyMlKLcR7P-2FnkCNPSGNHLNAcv6KU6brAAF3VyY9j2GG0LdTDjAmRah1NAqrqVLis9N-2Bo1Lhnf3Uofim6goLUEAhb83dwPUKhxMRAMsZiJ5XKXo-2FPwx66qlPtd-2F0JRpStXauy3TTCFpPfZHFD2u5Qtw-2FT5kthQ22wot0ndzq1cUqwoKl-2FenBDQcrAgtLxIIWUur3q8zbSX34SyhM4cXQw0UUBjKhIk7BDZTEdkPGAfSXNSTJ-2BPb6tcD9E-2F8w0nup6w3Jv43rJPGl7vy7EC8F-2Bjja-2BnQ8ehYqYg7lVGFhbENXw-3D	Get hash	malicious	Unknown	Browse	184.28.253.105
	GHI Contracts Holdings Ltd escanned document 555454565767675.pdf	Get hash	malicious	HTMLPhisher	Browse	184.28.253.105
	BECOMA bv.pdf	Get hash	malicious	Unknown	Browse	184.28.253.105
	2025-04-23 08.29.42.pdf	Get hash	malicious	HTMLPhisher	Browse	184.28.253.105
	Invoice002372.pdf	Get hash	malicious	RedLine	Browse	184.28.253.105
	https://u7990385.ct.sendgrid.net/ls/click?upn=u001.oZ6GXC16Ztdw1ob-2F3C5yow-2FsK2YC4S8s269h9OLgp-2FGcQesCtXDXKgCEAF90Sa3OFPfJy8qhvVgsO5dQAAP24WGldkufMMqzcJW5LrmEzhf7MJNa8o0pTZXNdzrWqe-2FYON1-2FboR-2Fm8cd8UXLsHw52vDRx-2B-2F8J5lF7sKJcvdITmxyVDslWyh4WO6Ky3LeUiyHAoP3nd2dqYjBtMO6HYnhPk8QJH6-2FLRsKtBc9XmbZzu-2FrQEfzZDR-2FnyXy1GL0rdKnxzjY_8yo6fXiJ3Hq0tMd90DsDouDuKJdlSsYwGCkFE-2Fx2oXeVdfwAxWFOiMhdU0RBk-2BtVpluKa3-2FNzoBTaAcr7mymuLLAortAsFMWVz8a-2BK9bZqzYU9q1ZWheI5zGs-2Bc9T0HPrWE-2FaNQPh3OHwVyx8mW31afAr3F0ikRIUv5V2T9XWXZv8m6puQccxm0ewzahM5ASdO4DaHMqzYII5Wwd1YmZrfHtqqNIrt7757GFAQHAjo8TXtgiX3F1puZtBWfZq1zwF4VmNfQDNiOK2u6shHXMzLR-2F4UXxqAZmmgcEqdykkjI5W7Tkt576XpNQm0D113Ts-2BqU8P6fm1RiEFH4w3DAA6a7alcC-2Fe6YCQz4UgKIcOiCS2xrQl5dq5kFHtFzWZmN0PSDK1CsgwAQlYIUutLAiiy5MFqABy7-2FoJCuEkqXf4IaLLm-2FuFKslNLURNzssIvYShTBKzM6kIHfLmRUvsqpAJsDCmSGKHssgNwzZLfeaKS01LjAV24LPHxaenwHBYYpwv4sCumxrh-2FbjCTFQhzkSVUSnTcpMsCbw16-2FWDGR918yaBeHPd8X0hAOEMqnRZnIFDrb79n3dv7BpRwnaAVa-2BoKH-2B4RICnLb99DlCPvXWgi-2BdgYeCsJVXjDu2Ohd3yhRsChbFlVpvJIY5nQy4JBVtBUXdLMXMK3jhaMzsrnuV0CoEBeNIkGv6Jt5jU55Dd0-2B-2Fgt7IMBqkcdRedPZJYb8GBm4TSL7UZ86clTQirfNs5FfDavyGZucnMvF-2BhvvjGXE4ofnHoz8u-2FbYKp0SV2esA9RDR-2B3tAynx-2FrLvRO9EncsvUSEycLLXuRKnrfSApcUxE-2B3eF7s0GWjzE6LWAZR5SbG7oubI3yoQSoXm4RMjme4WFNMb-2FfkHlj5MBnHVYzYtPR8JNOFLIX1eetNqOGtymJqxbswm8OPdkZ9b7lrL8VUIEkKvg3j8n9n4-2B2g7sffo7EV9MfKupp45UuHO9oMUS8WBlAp6NhUnVGT-2BWWm2Ec8I-3D	Get hash	malicious	Unknown	Browse	23.202.57.36
	https://app.plangrid.com/projects/86007b55-3778-e02c-c33b-b705fc295425/staple/4c0da4e3-66c9-46a3-b563-49cff2a42beb	Get hash	malicious	HTMLPhisher	Browse	184.28.253.105
	Driesmans en Co NV .pdf	Get hash	malicious	Unknown	Browse	184.28.253.105
	https://free.teambeam.de/api/skp/v1/download/4svgq9jpl86letap5e63e0ijrlulmjw5hperu180/0/Driesmans%20en%20Co%20NV%20.pdf	Get hash	malicious	Unknown	Browse	184.28.253.105
	Medbase Employee.pdf	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	184.28.253.105
bg.microsoft.map.fastly.net	https://u7990385.ct.sendgrid.net/ls/click?upn=u001.oZ6GXC16Ztdw1ob-2F3C5yow-2FsK2YC4S8s269h9OLgp-2FGcQesCtXDXKgCEAF90Sa3OEF0chW-2Fo-2FTeiTWX-2FlV-2FccM974T9rXmrGU8RwawnnvqZNaiYuyLRuXREmSBxhFuJPEqkiaoR6orChXDLtkKZNc7Y4YlSU-2FxFCGnPisB-2BRU6OOTTc7GptBKXKGyiPdKMGxRnu8IjfyPTxl5a5qNHu0RPb2w5-2FIv5-2FmenrbOyFjNSpmrXs-2BLUoISOveHyyeaKQEs2vG_ZLaVF4Uye-2FMZNh-2FFBJkpj3RBqtIs12kQA7ykVrCRGfXHKXG5DnjXhIaYHa6NmY3tPpxQ4fKP-2F6VG7u6Pwp7Ly-2FxPld21OBf-2BkFFYLVQUPbLaVqHkB75UT22gQizm8jFF4uTYwoyEIjxW1-2BysX0meIg8z5NeNAn5i81hhcrWkAkxuKpcHVlPSpyjHi3mh6JIkEJlWWWX6YJ-2BDqgl4AZRevMtWpM2Li6XtObDCJlz7buTm43u2vZybN881Lut0-2FAgDsA7tBWUSgZEde6U-2Bcb7SXWLzIU8jGClJ1pSfig246O7jveHbif3ZZFizS8uCxC2rs-2FfJnToiBdK1l-2BrwN1pBVPOoF7uRQxzxvo-2FGBFVDE1b-2BpfBH6j9bZVu-2FC60oUwL0R36uoIiseOMPJGfZEbf5hK7Ue6JqDEV3MjROhU39S08kNJmk4TSmGNzwpX1E5SLVIx5HsyNF111g-2BwCPlG71p18-2Bz3nnZ-2FUC2j3DEWN3OL2iSa5H3cFd9o7IZQiSGEw6lwZKQXcN4X4OkX8G13KgHucCClt9iWFIHpSidhUdqceBV3zXolPzRtpIuDzWYCAjoW4VKhrD-2FuAo6suyC45UKRvZnH2KuSjaLsCfJcnk2tvZ1ZB-2BMFpjj0a6mV9mTO0YxGVWaYsHOE4FEfdRnLNio6S5wz8qP5eAAH6QL2t-2Fme7s71aBQjxC9SF8NydW2xtgyMlKLcR7P-2FnkCNPSGNHLNAcv6KU6brAAF3VyY9j2GG0LdTDjAmRah1NAqrqVLis9N-2Bo1Lhnf3Uofim6goLUEAhb83dwPUKhxMRAMsZiJ5XKXo-2FPwx66qlPtd-2F0JRpStXauy3TTCFpPfZHFD2u5Qtw-2FT5kthQ22wot0ndzq1cUqwoKl-2FenBDQcrAgtLxIIWUur3q8zbSX34SyhM4cXQw0UUBjKhIk7BDZTEdkPGAfSXNSTJ-2BPb6tcD9E-2F8w0nup6w3Jv43rJPGl7vy7EC8F-2Bjja-2BnQ8ehYqYg7lVGFhbENXw-3D	Get hash	malicious	Unknown	Browse	199.232.214.172
	runner.dll	Get hash	malicious	Unknown	Browse	199.232.210.172
	Remittance Advice.one	Get hash	malicious	Unknown	Browse	199.232.210.172
	See on Blockchain.exe	Get hash	malicious	Unknown	Browse	199.232.214.172
	ViHSmMuFt9W5KFM.exe	Get hash	malicious	MSIL Logger, MassLogger RAT	Browse	199.232.210.172
	Air Waybill no 6979374150.pdf.exe	Get hash	malicious	Remcos	Browse	199.232.210.172
	SecuriteInfo.com.Trojan.MulDrop31.10006.25251.21183.exe	Get hash	malicious	Amadey, LummaC Stealer	Browse	199.232.214.172
	support.client.exe	Get hash	malicious	ScreenConnect Tool	Browse	199.232.210.172
	support.client.exe	Get hash	malicious	ScreenConnect Tool	Browse	199.232.214.172
	awb_fedex_documents_delivery_23_04_2025_0000000000000_doc.vbs	Get hash	malicious	GuLoader	Browse	199.232.214.172

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASN1EU	https://forms.office.com/e/cKTtUPrCQw	Get hash	malicious	Tycoon2FA	Browse	23.62.226.176
	https://lean-gander-5e8.notion.site/Magreesource-1de0bcafc256806c850fdb36c2831d0d	Get hash	malicious	Tycoon2FA	Browse	23.62.226.176
	Customer Invoice_118233_1745354495960.pdf	Get hash	malicious	Unknown	Browse	23.62.226.39
	https://arricameras.com/.dev	Get hash	malicious	Unknown	Browse	23.62.226.168
	https://post.spmailtechno.com/f/a/gUn-eB-q6U1mg0uLZVsLsA~~/AANlOxA~/zLEaaUNhpPEj5XKB5n3HJ5hRlEr-DAMxHSuywFISLgDNQs-qYkBWIOwgY9rZ9jX6l2onQK7Jc2Mxu2MrpbxydkHIQm2XGLmNwfgyQhJq6dM~	Get hash	malicious	Unknown	Browse	23.62.226.170
	https://post.spmailtechno.com/f/a/gUn-eB-q6U1mg0uLZVsLsA~~/AANlOxA~/zLEaaUNhpPEj5XKB5n3HJ5hRlEr-DAMxHSuywFISLgDNQs-qYkBWIOwgY9rZ9jX6l2onQK7Jc2Mxu2MrpbxydkHIQm2XGLmNwfgyQhJq6dM~	Get hash	malicious	Unknown	Browse	23.62.226.166
	2025.PDF J8TLBF6.9 KB .svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	23.62.226.164
	https://0889.org/monero/svip-1.sh	Get hash	malicious	Unknown	Browse	23.62.226.197
	http://linkin.bio/stadtwerke-pforzheim	Get hash	malicious	HTMLPhisher	Browse	23.62.226.164
	RFQ_GU0002-Materials-Specifications-Order-pdf.exe	Get hash	malicious	Phantom stealer	Browse	23.62.226.64

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	298
Entropy (8bit):	5.2397104986463905
Encrypted:	false
SSDEEP:	6:iOR9ZJM4q2PN72nKuAl9OmbnIFUtD9ZJ5JZmw99ZJ5DkwON72nKuAl9OmbjLJ:7R984vVaHAahFUtD9pJ/99pD5OaHAaSJ
MD5:	8B1712DED34D7475D82E8219FF369B23
SHA1:	D79CDC0704D86938495BDD673C30E5F98D39E6D5
SHA-256:	C8A45C818F906391BE876ADBC443A4C6D0EBCA067928994CBAADCF6BECB9500A
SHA-512:	4497490E5FE04ED9F2E111CBE152E90BB8D032DCF5EAC4EC8B28D2B9AA04B047AFD853ABBC549A871655B4DC1D3023E8A7B4CD30BA650590592D85C2ABA47178
Malicious:	false
Reputation:	low
Preview:	2025/04/23-11:19:38.718 14f4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/23-11:19:38.722 14f4 Recovering log #3.2025/04/23-11:19:38.722 14f4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	298
Entropy (8bit):	5.2397104986463905
Encrypted:	false
SSDEEP:	6:iOR9ZJM4q2PN72nKuAl9OmbnIFUtD9ZJ5JZmw99ZJ5DkwON72nKuAl9OmbjLJ:7R984vVaHAahFUtD9pJ/99pD5OaHAaSJ
MD5:	8B1712DED34D7475D82E8219FF369B23
SHA1:	D79CDC0704D86938495BDD673C30E5F98D39E6D5
SHA-256:	C8A45C818F906391BE876ADBC443A4C6D0EBCA067928994CBAADCF6BECB9500A
SHA-512:	4497490E5FE04ED9F2E111CBE152E90BB8D032DCF5EAC4EC8B28D2B9AA04B047AFD853ABBC549A871655B4DC1D3023E8A7B4CD30BA650590592D85C2ABA47178
Malicious:	false
Reputation:	low
Preview:	2025/04/23-11:19:38.718 14f4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/23-11:19:38.722 14f4 Recovering log #3.2025/04/23-11:19:38.722 14f4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.190603206475596
Encrypted:	false
SSDEEP:	6:iOR9ZJyR3+q2PN72nKuAl9Ombzo2jMGIFUtD9ZJy/ZZmw99ZJy/NVkwON72nKuAv:7R9xvVaHAa8uFUtD9Q/99Y5OaHAa8RJ
MD5:	B4238F1BC8513786DB270F7F3EE46DA0
SHA1:	494CFE78D8A542008B52B65B1E644210AC499D60
SHA-256:	0E506E3356D9DBDA579112C2E6B99C789DE1A0AA78CD4E8BC890EACC94C4C87E
SHA-512:	133144FAF86DCC2861348DACE5C088B8B62E2FD7B3A7773520CB817F3565731681F0953D7F12E60195E99804B4BC89E66F172E4C8C600A297C32DB30457C92A3
Malicious:	false
Reputation:	low
Preview:	2025/04/23-11:19:38.412 1a28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/23-11:19:38.416 1a28 Recovering log #3.2025/04/23-11:19:38.416 1a28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.190603206475596
Encrypted:	false
SSDEEP:	6:iOR9ZJyR3+q2PN72nKuAl9Ombzo2jMGIFUtD9ZJy/ZZmw99ZJy/NVkwON72nKuAv:7R9xvVaHAa8uFUtD9Q/99Y5OaHAa8RJ
MD5:	B4238F1BC8513786DB270F7F3EE46DA0
SHA1:	494CFE78D8A542008B52B65B1E644210AC499D60
SHA-256:	0E506E3356D9DBDA579112C2E6B99C789DE1A0AA78CD4E8BC890EACC94C4C87E
SHA-512:	133144FAF86DCC2861348DACE5C088B8B62E2FD7B3A7773520CB817F3565731681F0953D7F12E60195E99804B4BC89E66F172E4C8C600A297C32DB30457C92A3
Malicious:	false
Reputation:	low
Preview:	2025/04/23-11:19:38.412 1a28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/23-11:19:38.416 1a28 Recovering log #3.2025/04/23-11:19:38.416 1a28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\8900cd63-ef98-4410-ba2e-7696b152b072.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.974582614800249
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqr2sBdOg2H02caq3QYiubcP7E4T3y:Y2sRdsAbdMH0J3QYhbA7nby
MD5:	C394BED5766FCBC3E7ADD707A0AD3BDD
SHA1:	E1E265A8690BFD4B2A71CC1BAA97BA7DF4C8EF97
SHA-256:	E883C5F2D3FCE4F46A6ECA74E51818118170DB43C76D530E16141C9FFF03B109
SHA-512:	8BC6DFE634B9B757ABF1DCFE0C7E7AC8DF531619310B937789460F23A6B85150A464FB5A8E46EC503271B5939EB7398A978BD64D3C4CB117D3E623F75032E101
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389981590529767","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146165},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.974582614800249
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqr2sBdOg2H02caq3QYiubcP7E4T3y:Y2sRdsAbdMH0J3QYhbA7nby
MD5:	C394BED5766FCBC3E7ADD707A0AD3BDD
SHA1:	E1E265A8690BFD4B2A71CC1BAA97BA7DF4C8EF97
SHA-256:	E883C5F2D3FCE4F46A6ECA74E51818118170DB43C76D530E16141C9FFF03B109
SHA-512:	8BC6DFE634B9B757ABF1DCFE0C7E7AC8DF531619310B937789460F23A6B85150A464FB5A8E46EC503271B5939EB7398A978BD64D3C4CB117D3E623F75032E101
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389981590529767","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146165},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	5859
Entropy (8bit):	5.25919504042948
Encrypted:	false
SSDEEP:	96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7dbjmG:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhX
MD5:	FD570306CE66B1C54DE4250188CE943B
SHA1:	6EEBA45233F81538F3AD4E95074B331C59A67A68
SHA-256:	285834ED242BD0C3740281D61C7BDC68D4343445491E4A19E9E3EAB1D8DDDD58
SHA-512:	49B432B9ECAF1F7207E428B8EBB853D9073B649B79FE5326B0B55EC7FFF4349BDD92287072046A6A9718DE61C92EECBDBA1E4CB25FF2A6DF44740438773E13CF
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.181409548460867
Encrypted:	false
SSDEEP:	6:iOR9ZJ/+t+q2PN72nKuAl9OmbzNMxIFUtD9ZJNFZZmw99ZJp+tVkwON72nKuAl9c:7R9vPvVaHAa8jFUtD95/99Zu5OaHAa8E
MD5:	210CB8EE50F57F63037675FD36F7271B
SHA1:	510F5FD2F4E9E1A6DDA7EF4EDAB74C31E7DF7CA4
SHA-256:	CBB312AB617420CAB8F076F81F75491BF8CD64119E85F20A200C49DCB3B26CA7
SHA-512:	9829B44A4BEC379D2841ECD9157977D7F986C9355FB8B5756385D01825710E05ABA38BF2AD991B0C1D7522899BC50C580B6A55191169938441B65231851473F9
Malicious:	false
Reputation:	low
Preview:	2025/04/23-11:19:38.821 1a28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/23-11:19:38.824 1a28 Recovering log #3.2025/04/23-11:19:38.827 1a28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.181409548460867
Encrypted:	false
SSDEEP:	6:iOR9ZJ/+t+q2PN72nKuAl9OmbzNMxIFUtD9ZJNFZZmw99ZJp+tVkwON72nKuAl9c:7R9vPvVaHAa8jFUtD95/99Zu5OaHAa8E
MD5:	210CB8EE50F57F63037675FD36F7271B
SHA1:	510F5FD2F4E9E1A6DDA7EF4EDAB74C31E7DF7CA4
SHA-256:	CBB312AB617420CAB8F076F81F75491BF8CD64119E85F20A200C49DCB3B26CA7
SHA-512:	9829B44A4BEC379D2841ECD9157977D7F986C9355FB8B5756385D01825710E05ABA38BF2AD991B0C1D7522899BC50C580B6A55191169938441B65231851473F9
Malicious:	false
Reputation:	low
Preview:	2025/04/23-11:19:38.821 1a28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/23-11:19:38.824 1a28 Recovering log #3.2025/04/23-11:19:38.827 1a28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250423151942Z-161.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	3.11590435079092
Encrypted:	false
SSDEEP:	384:f/+j16pIU2sD6KA+J9UCTFQyt9QemHomzeOnNQmrg/w/H/10G2NcwY2itLZq0Ygb:OjIp5ZD/bTFQytdmOigwCcwY2itc01b
MD5:	92D509786A272C3AE858E454814E9C47
SHA1:	E0F89E84350648FFE3703AD256CB01D0F7090E85
SHA-256:	507A71B01513AA54EEDC90009AB9A4967CEB416796FB90CAB26D16E32150AB09
SHA-512:	976D8C975143A89A5777539311D2EA67DA9BF13E2161174E7C477C3988E239BC943B22C15D4ACB54B2CF799437A7F8709D8477FE6AE07EBE6CF8182D27C2652B
Malicious:	false
Reputation:	low
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.44497404788713
Encrypted:	false
SSDEEP:	384:ye6ci5tViBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:m+s3OazzU89UTTgUL
MD5:	1DBCA133650AA5D279128D7332E3E9E5
SHA1:	274D2061294458575C8F09E991108AC030C77FA9
SHA-256:	1FEFDA2C83B2E4B987AE3B8A72908408846292B32C5C398538D136F11CA884B7
SHA-512:	B86F98830309D8EE458C0E2283338404BF6DD40313145F6A84BD329E981E56E83F2B673668F300F92D8ACC6759780CA3A2075E6E18D87ACE8EB5B6F440760719
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	modified
Size (bytes):	8720
Entropy (8bit):	3.7714166846770003
Encrypted:	false
SSDEEP:	48:7MBJioyVTioy7oy1C7oy16oy1dKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1Of:7CJuTZUXjBilb9IVXEBodRBkS
MD5:	1341EBE311BE2951CD447B5B0E3C3B7B
SHA1:	445265B7A5B557EBB49BED13193A8425029C24F2
SHA-256:	A363746EFD5114026867778A512875CF8396CAA126F0042669B04946F90A8F46
SHA-512:	692243FC1E3F567A968C585158BDC7DD2DB2BA399C6100BD448B176C6C8EDE070E828358F5E307EDD3CF61ED5AF6C7F0AC672D3FD45C5614D18F169B7A97D25B
Malicious:	false
Preview:	.... .c........6...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	73305
Entropy (8bit):	7.996028107841645
Encrypted:	true
SSDEEP:	1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/
MD5:	83142242E97B8953C386F988AA694E4A
SHA1:	833ED12FC15B356136DCDD27C61A50F59C5C7D50
SHA-256:	D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
SHA-512:	BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
Malicious:	false
Preview:	MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH..M.KB."..rK.RQ..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j\|w...#.oU..Eq[..P..^..~.V...;..m...I\|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.\|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.764745823915414
Encrypted:	false
SSDEEP:	3:kkFklLYcCGb31fllXlE/HT8kuWNNX8RolJuRdxLlGB9lQRYwpDdt:kKrrT8eNMa8RdWBwRd
MD5:	9DD0DF04C21E89ED766F5E35AEB8DAD7
SHA1:	F2DCCEECC897A1D1FAC1E944EE72D7CB75411923
SHA-256:	39A1343121ED7493D05F49D9FFB4610B35DA469EC06C64FEC6945CDEC13A5AF3
SHA-512:	33B2FD328F7BDF3BE18AC7E2DE69D0088C7B62997DE11BB010127C10BC585BC4E1E683494A002E5490E05551E083D4A5237FB8C28C06D1D4BFFF2F9C621BA345
Malicious:	false
Preview:	p...... ........x..'c...(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	330
Entropy (8bit):	3.2685250519976075
Encrypted:	false
SSDEEP:	6:kKiM+EGmcQRnSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:6/EGmfZkPlE99SNxAhUeq8S
MD5:	6A81268DE3CAED6BF604E9EF787D61EA
SHA1:	07E6009AA826EDBCC8B332737A03D77A8A6A2EC3
SHA-256:	ECB782C6F97E61F164DC380B263CD9E1E878E901862D2253B345E3FC17F447A0
SHA-512:	A28753825E99312CDFE7AF039CF023F73B8AF0AEB6696254359F2E8E193DA1F7C82E60EE4FBA0776627DBC43656804BC76B29617C302C94DDE649A7B64A39EC9
Malicious:	false
Preview:	p...... ........)..Lc...(....................................................... ..................(....c*.....Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3008

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	227002
Entropy (8bit):	3.392780893644728
Encrypted:	false
SSDEEP:	1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn
MD5:	265E3E1166312A864FB63291EA661C6A
SHA1:	80DFF3187FF929596EB22E1DB9021BAD6F97178C
SHA-256:	C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728
SHA-512:	48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.352396110317209
Encrypted:	false
SSDEEP:	6:YEQXJ2HXqUgSfp2KGnZiQ0Y8moAvJM3g98kUwPeUkwRe9:YvXKXqTSRtGc5GMbLUkee9
MD5:	5C631AACE0842AC8202F8EF4104B3294
SHA1:	1F66366D17005333BE50DD276A35B3DDD0B30FBE
SHA-256:	15F6C058DFB5671A0ACEBE57BD4D0437B91ABBA62812F795B1664F51E4AF501C
SHA-512:	155548699804F3D9320EC15EA721B988DF644468D7C368ACCD1A06D892CF23D287A808C292547E06F74A80ACCB343BE84F155D171861F304234493E67F956468
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b4ed3031-9c8d-4f18-a136-a693f9a55221","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1745601150581,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.305547061405405
Encrypted:	false
SSDEEP:	6:YEQXJ2HXqUgSfp2KGnZiQ0Y8moAvJfBoTfXpnrPeUkwRe9:YvXKXqTSRtGc5GWTfXcUkee9
MD5:	F6B15DEE0655D51A3547F6C11DB12404
SHA1:	B9F171D1F809F8587E58F93A27FCAEA7441CF7D3
SHA-256:	082E402096ECABECB8AB56E4FBBE9E423ED3A7BB122EC814557CF511C7108857
SHA-512:	6A567943A2C909CC6F27BF7EFDACC9472127E38C2B54B484C14986752B4D4953DC0B1DE4BFAB67B3D22D2131774C279D303E18E3DD1B5D30CC1B749784764BE8
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b4ed3031-9c8d-4f18-a136-a693f9a55221","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1745601150581,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.284253275632283
Encrypted:	false
SSDEEP:	6:YEQXJ2HXqUgSfp2KGnZiQ0Y8moAvJfBD2G6UpnrPeUkwRe9:YvXKXqTSRtGc5GR22cUkee9
MD5:	6CC27BB63FD857B974B82556633193E5
SHA1:	DA319ADA7AC7A90DF315B6ECF63AF28AA8D063EB
SHA-256:	BF2CEE2B3B9CB4B9B5EEE3AE62F09495919647CC9309CED97489032F05F16ED0
SHA-512:	A8F6C25A4B1157D7A9946085E70BBE93AD770D0D64B4CDE80BD4BD7B49EC548557BABBD44377BF7D8619532CCF4163EDAEE5D40711EA21E4136F8F350656F939
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b4ed3031-9c8d-4f18-a136-a693f9a55221","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1745601150581,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.332033869279392
Encrypted:	false
SSDEEP:	6:YEQXJ2HXqUgSfp2KGnZiQ0Y8moAvJfPmwrPeUkwRe9:YvXKXqTSRtGc5GH56Ukee9
MD5:	FDE70F4D279DC9F24D2A1A320FE61815
SHA1:	E413B3A74780F600FDF5D5C625CFDB039A6A4A24
SHA-256:	BB7146DF4BE64A9489574B5BC02278C1E0BDFCA52CCA71E37092B0149A078847
SHA-512:	E715219D2A380F148B011346506B25C537EB51B1A6EE1D0086C50DCC502F404F162A23743E5D4351FA3141B053BCEAB915F0AA9ADA2176DBFBB9A53BE76014B0
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b4ed3031-9c8d-4f18-a136-a693f9a55221","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1745601150581,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2213
Entropy (8bit):	5.847750590268819
Encrypted:	false
SSDEEP:	24:Yv6XqTSTepLgEGycjycR84b0nNFmerISIedJGWQxiEDtbpEsrAr3IAHlO25FEEDL:Yvvuahgly48zFm/TWCt8KOP/nDi/VM
MD5:	23E90C54186C7B4139A68157BA0E6E04
SHA1:	13F683272EB29B7C53897C60DB359ACA9AE04CD3
SHA-256:	AED8A445F445F957EF12FA6A32EF585F465AD467C68C309B52F3452EB655A173
SHA-512:	FF2427E45F203719F4401F5BF1DB7363B17485DBFFE1ECFBF2539678A454D38D0748505841FE7C9B0153CC322C7603A36212D511519D105274C069ED86C90A98
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b4ed3031-9c8d-4f18-a136-a693f9a55221","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1745601150581,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfaWQiOiJlYjYyOWYwOC00YmZiLTRkYmEtYjQzNC01MzUyZTg1MGU4NWYiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZW

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.282084325623579
Encrypted:	false
SSDEEP:	6:YEQXJ2HXqUgSfp2KGnZiQ0Y8moAvJf8dPeUkwRe9:YvXKXqTSRtGc5GU8Ukee9
MD5:	34247C56CFE6DF31934A453A15A49225
SHA1:	ADDF5A2567F4AE6A2FE5CE07F447E03680D79A8E
SHA-256:	09CA3CF599A13CC5A6C40A77A4F21355BAC24386FA00BC20F0A4E37D9072E40F
SHA-512:	2827B1518AEAFE05D9EDA7824C52ACABEAF1B26FA534D1B1C8B95D9D9E10B33D248E8D6E686AC7A604CC885D8ABE0AB9B90123292FBEEE2DAEB0841E74859F9A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b4ed3031-9c8d-4f18-a136-a693f9a55221","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1745601150581,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.285502241704863
Encrypted:	false
SSDEEP:	6:YEQXJ2HXqUgSfp2KGnZiQ0Y8moAvJfQ1rPeUkwRe9:YvXKXqTSRtGc5GY16Ukee9
MD5:	22A89F372CF76BE06E385C132F552B65
SHA1:	82B23A54EAD0415ECDBE9AE6AF879C6D46BE0123
SHA-256:	A94204BDAC5A0C4CADE662FE6CAFEB115396F2A65D5DEB8A78FED77637A3BA17
SHA-512:	0FCF961C2F872A2CA4B546558B1F708544CAD2B738DFB9D58575707DBCF5E2014EE1188334047E7FEF33FC8F487BD88FC1FE03943D85FECCEFFF9E966A2EA2AC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b4ed3031-9c8d-4f18-a136-a693f9a55221","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1745601150581,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2160
Entropy (8bit):	5.831459305818886
Encrypted:	false
SSDEEP:	48:YvvuhogbN48uOQ/GiyL4TwKOkQJi+ohJM:Gng54nf/IQOkQJiFk
MD5:	9C23BDA6CC12BE403E3C27225BE1D78B
SHA1:	68242DBDC392ACAC6F41AD384D2E6A0D46C256D3
SHA-256:	4751F303B317E43B6F04A1C615F0FFAD6AEB40E1D937C1A55C9C494441931CAC
SHA-512:	94036AC8D36024A251D17E75F1DE08E114F18211316D04782826791A879C520DC20FECFD457583A2505058E0677275678164262A64C476D39C13BD3AE0550F2A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b4ed3031-9c8d-4f18-a136-a693f9a55221","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1745601150581,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfaWQiOiIzNzkzMGExNC1kOGMwLTRlZDYtYjI0Yi0zZGUzY2FlZjZlNjAiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.308651419764136
Encrypted:	false
SSDEEP:	6:YEQXJ2HXqUgSfp2KGnZiQ0Y8moAvJfzdPeUkwRe9:YvXKXqTSRtGc5Gb8Ukee9
MD5:	7E32AFB2E624702915667027ED194A5A
SHA1:	A67F5B209A720A6E10A57C54A3B4C3E41481E379
SHA-256:	36BB8C1F3FB21EF4A0861B527931F811ED55C63CF578B4DAC878276084AD9D25
SHA-512:	6388F21156454D3BAA882450F429E876A2BB195E6E15FA571124B406ECDF99B4746BCD48B281351C6AD54531632E3A69A577D80E11380B45BA13510FEC5BF0EC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b4ed3031-9c8d-4f18-a136-a693f9a55221","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1745601150581,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.289350241423062
Encrypted:	false
SSDEEP:	6:YEQXJ2HXqUgSfp2KGnZiQ0Y8moAvJfYdPeUkwRe9:YvXKXqTSRtGc5Gg8Ukee9
MD5:	AEAD197E9FE2B9A66A654EC614BD0A3B
SHA1:	09C5B0D9E23B8E1BE8EC034950D389E1EA42C705
SHA-256:	7317DECDE5E947E27E269F1A7E15B4FC6A0B13D7A20A7B124299604F907BCF28
SHA-512:	A07920EB64E3915917860DC3BE1531A01060C86EB338137DF5574AA65A75546BD4AE7348671608F3D5CA82974AD947FF36BFD59C164819E998313EA2DD8ECF01
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b4ed3031-9c8d-4f18-a136-a693f9a55221","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1745601150581,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	5.275213118496341
Encrypted:	false
SSDEEP:	6:YEQXJ2HXqUgSfp2KGnZiQ0Y8moAvJf+dPeUkwRe9:YvXKXqTSRtGc5G28Ukee9
MD5:	2D46B0D053637C1AADC34BFB0E5CF7BC
SHA1:	76D07C382615E50E05D09D791E1B582BD69F2B17
SHA-256:	6F127B680D1EF72F33A55DF73913358086819A584DA36F73DE1BEBBD04924694
SHA-512:	0D20BCA4E384DF4FC8B543165C6949BFCE851C6096138B37788D8248C1D671A71DEDD1EF06861E0E908C53E727A0E48C3E336E8CDAADDB3B908E411E80F117D0
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b4ed3031-9c8d-4f18-a136-a693f9a55221","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1745601150581,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.272970533313949
Encrypted:	false
SSDEEP:	6:YEQXJ2HXqUgSfp2KGnZiQ0Y8moAvJfbPtdPeUkwRe9:YvXKXqTSRtGc5GDV8Ukee9
MD5:	ADA04F59611D05C5063500F8A14C82A2
SHA1:	D73CCC878160DB92FFBA86CDBDB8E93E3A32D4BD
SHA-256:	566396DD12E806C5C7FC410258495CD255F9F742263378B2BB7400061B793B3A
SHA-512:	DC830C9535C470548D75467BAE5F5EF381CE965BEE53CEBB56FCFB2288A11AE8CACAC1D951E92C3475092E1FB17A4EBE02912F0632B084163ED6E50658A6F8F6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b4ed3031-9c8d-4f18-a136-a693f9a55221","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1745601150581,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.276500310651953
Encrypted:	false
SSDEEP:	6:YEQXJ2HXqUgSfp2KGnZiQ0Y8moAvJf21rPeUkwRe9:YvXKXqTSRtGc5G+16Ukee9
MD5:	70F709DBF016D1141D663575646F8A9C
SHA1:	7D991AF1454EF9DAD64D8B78FC777901431FB8AA
SHA-256:	F0F8F8C95EBE85A52C742C489694C6766332834513E35D9ACA34377AEA72CCE9
SHA-512:	BD6D373DC2F5E38089A9EDE2AE9F540285D23C1B03C6B6A5792F1385D17293F26BB498C68BEB1E83CB17E3FA2B0883218E417D918E3267B1D8943281EB1BB71D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b4ed3031-9c8d-4f18-a136-a693f9a55221","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1745601150581,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2112
Entropy (8bit):	5.8500828442453185
Encrypted:	false
SSDEEP:	24:Yv6XqTSTCamXayLgEdycgNaLcR84brvXJkoerISIQ1iyLVFgKy1N8IAHlOBJEEDN:YvvuIBgBG48kJko/SiyL4T0AFDA/VM
MD5:	3FE935C9697F020A746D6676A31C0688
SHA1:	60C4F2B5BD79DCB63D6887D995A652290609760D
SHA-256:	0CEAF7C117DEDD449B45871C4B1FBBA885FD77D16F25C72A2EBB329BE6E4846B
SHA-512:	F2D50BFB91B972DB2C3CE6A786833E6E4C46592B23E4548776AED06DFAA65A7D241D63D12CC30CEF9024EC052BCE04AFB043F53D2120880C53F0B54317EC6B97
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b4ed3031-9c8d-4f18-a136-a693f9a55221","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1745601150581,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfaWQiOiJkMDQzMmY0Yy1hNTM2LTRlMzktOGNkNS1jYThiYjRhZTY2YzIiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnV

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.252781526877379
Encrypted:	false
SSDEEP:	6:YEQXJ2HXqUgSfp2KGnZiQ0Y8moAvJfshHHrPeUkwRe9:YvXKXqTSRtGc5GUUUkee9
MD5:	82F1148AD5BEAF701B2F7C4542C73A97
SHA1:	8B72AA8CB8102F1860994353FD73F0B914459B83
SHA-256:	7E1147AD94CA2EA7E5454A1F122872394B827A59FE28AA83AAAB1A652F077EF8
SHA-512:	E788D5F7B50CAD1CA707DEFD38C0ED6E6E9430780F2B96E43BB9082FC6177118B510A8C7581DA67685C20645B713060D1910B2D31ACB8592A61CD56FC7C283A1
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b4ed3031-9c8d-4f18-a136-a693f9a55221","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1745601150581,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	282
Entropy (8bit):	5.259789536034967
Encrypted:	false
SSDEEP:	6:YEQXJ2HXqUgSfp2KGnZiQ0Y8moAvJTqgFCrPeUkwRe9:YvXKXqTSRtGc5GTq16Ukee9
MD5:	2C9DD3ABE614A78E8D49A36835C4665E
SHA1:	F5BB0FBF486C435A78EC6415ADEE13276E9F7DFF
SHA-256:	03107BDC2754078F677699ED061065666C2806F944A4AF0ED59750AC7936147C
SHA-512:	9B41F20F941AEFBAD71C97607FD445035262E782E09E0DE1DEA1051817A641521E4696A78A815AFA7A98F9657BDEABA5E2E2F248D3E9CF33A8B42F15154774DC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b4ed3031-9c8d-4f18-a136-a693f9a55221","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1745601150581,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2815
Entropy (8bit):	5.125979724696831
Encrypted:	false
SSDEEP:	24:YPvYEnoaXiayw5JDm+Uq28fqKoqBbEjWVsj0So+lM2gBP2LSyCE/3qdhb5bry9Cc:YnY85VWB8T9UE+dqHPIb/3qdlN+9Cc
MD5:	BBEB58D4443BA002151009E0650A5722
SHA1:	8BD76540DD8FAD62B4051ABD2D883401E0B14029
SHA-256:	E8F673640F05B5F36A19B5789A352DDB79AB235D94E6EB574C4167AC6A419D98
SHA-512:	CA7ACA8649DED98DE1A150B35D1C57A71AC5AE932F001CC407D0F113F951E481974313439FC1191C97E4539A0E351318CEE16B770B7527B1A01621D0C7001E77
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"2c7499c40b47511af17f4489227b0cb8","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1745421584000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"9aa6b5f270e4433f72fde0dc7406575d","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2112,"ts":1745421584000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"d0c83637d5fdeb190d178fb769504ae5","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2213,"ts":1745421584000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"612057ae435040a96539bd4a452723af","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2160,"ts":1745421584000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"b1edbe0e9db524240e5c9ff16c726a7e","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1745421584000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"d09b33b84101f8ebf9d0324312a70f11","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1460326862441497
Encrypted:	false
SSDEEP:	24:TLhx/XYKQvGJF7ursjRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcH6:TFl2GL7ms3Xc+XcGNFlRYIX2v3k6
MD5:	BD00C90AB49A230314051CF990840FC5
SHA1:	92E7C70D10B66BBE073A0606CBD0C3829ED38B9B
SHA-256:	BC292142B9CEF6F050AE28AF8D9EDF69866B0D5208A933866315FBD0EDCE4B5E
SHA-512:	5622BBD62348D2EAC6BCE4CF1C63AC8EE55761C17B99439A979D86979E070D74D2A32D9FFF7EE3F61CD0C0DE067CA5CAE285B632FE4A50CC191B5D203852D5A7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.550755377930684
Encrypted:	false
SSDEEP:	24:7+tBUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxOVnqLxx/XYv:7MSXc+XcGNFlRYIX2vXqVl2GL7msC
MD5:	7AFA3BBE9E6C4B057A208B2BD6B8D28D
SHA1:	BD4DD2BC5CD61A811B787EF05494163E1A28B9DF
SHA-256:	7B4D82D3CF9D960714FB15AA7BD3598762DA2A24E02115CA70DDAE7FA8E722D4
SHA-512:	806F2C778525A1F1143C343BF7F3BF0F311ACA6497FE74DD233ED4DA1E659B4449414D1B482608ACB875AC18859B0BF63E7A62842EDD6ADAC4516158D69ABBB3
Malicious:	false
Preview:	.... .c.......j..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b.b.b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI5f31c.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.53559722477471
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rkClETe:Qw946cPbiOxDlbYnuRKNi
MD5:	78BC1DE07FAB8086393BDA64ADF3E3AF
SHA1:	9066CFBAACB610709915B9E3F952FDB09968A924
SHA-256:	51804165267C357F903CF39E2A11F24B8A9462F1A0D41DCBE9635691FF1D461B
SHA-512:	6062956A792D16619F594770BCBC15024F5FAD44F222DCFAE653EA6512482902D0E776B51612EB7171554C6D3B8B43E82405EA755B51F41E2F88855D84CBFBCF
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.3./.0.4./.2.0.2.5. . .1.1.:.1.9.:.4.6. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-23 11-19-40-553.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.338264912747007
Encrypted:	false
SSDEEP:	384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
MD5:	128A51060103D95314048C2F32A15C66
SHA1:	EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
SHA-256:	601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
SHA-512:	55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
Malicious:	false
Preview:	SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.346438872326681
Encrypted:	false
SSDEEP:	384:DFfoHpLLEDKw5JDhz2uXeYjDOD6DtDoDPRNRxytiYmyI4i2WaQWVckz/PKVXaPRP:AI39
MD5:	FEDDA503142C08A2EBEC61B6302C0159
SHA1:	C752584432A208FAAADCD834DA13EF1CEE98F493
SHA-256:	F6A4CCB8757429275FCBCBC0F964075938E7BB037EABFD54CE52AE745C5ACDEE
SHA-512:	F9BAD16B10935A86A7A8F2763E806F42C9390C056BC95BDA5B6AF6850AB1D2E70DF0B30011A089C099FE060C195EE93ADFB8DBE52BFB50619447EA81ACA194A5
Malicious:	false
Preview:	SessionID=0f724b76-b765-461a-a8ed-ae1b70c548cd.1745421580568 Timestamp=2025-04-23T11:19:40:568-0400 ThreadID=7632 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=0f724b76-b765-461a-a8ed-ae1b70c548cd.1745421580568 Timestamp=2025-04-23T11:19:40:570-0400 ThreadID=7632 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=0f724b76-b765-461a-a8ed-ae1b70c548cd.1745421580568 Timestamp=2025-04-23T11:19:40:570-0400 ThreadID=7632 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=0f724b76-b765-461a-a8ed-ae1b70c548cd.1745421580568 Timestamp=2025-04-23T11:19:40:570-0400 ThreadID=7632 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=0f724b76-b765-461a-a8ed-ae1b70c548cd.1745421580568 Timestamp=2025-04-23T11:19:40:570-0400 ThreadID=7632 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.403795292329927
Encrypted:	false
SSDEEP:	192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbbcbqIsycbW:V3fOCIdJDemse
MD5:	4B25BC0ED800B63AEE2F7DE8749D828E
SHA1:	549D2FF8303B9B9345B653F4E2B9DC6A15ADE775
SHA-256:	B6D410DCFAF7668EF76EA02476F0B5C15A019BB7BC0AF6363827F9E0EDEBBEFE
SHA-512:	50C113DC3F04E92F78C5BA7104810D28B1E20B90E8C3FC0F6309CDCA1DD145188B53086A94AD14B92E60FC7DDB3114F09659CBC008A4FECD18E577D68E5470A9
Malicious:	false
Preview:	05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : *************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***********************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\0f84f906-ad6b-4b5d-a3f1-e34a76b47f7d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\50ca60c1-4854-4220-b39f-ce4d669096f4.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xTwYIGNPgeWL07oYGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JTwZG/WLxYGZN3mlind9i4ufFXpAXkru
MD5:	62F2E9F22B4021BA764763F066157442
SHA1:	0BBCDDCCA2B7342980503F1522E9249B077DED4C
SHA-256:	747B773557070E01063EDCDF20C3DA8DD01599EF5EE5E5320BA7328DFDB2E721
SHA-512:	0D58BA35B2BBE548612357D9252FD87DDDC939B346DC666778CCE2C44E60F4A58434A42FDA5BDC7DF9552999D29ACD35E2F77FC5BD3D423B336F224D157F00A6
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\742cae4c-f4a0-43a8-a89d-545d9fe983f4.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje
MD5:	716C2C392DCD15C95BBD760EEBABFCD0
SHA1:	4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
SHA-256:	DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
SHA-512:	E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\c69437b4-4d08-44ee-9724-8d5172307fa2.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

Static File Info

General

File type:	PDF document, version 1.7, 2 pages
Entropy (8bit):	7.531687515744696
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	04222025_Linebarger Goggan Blair &Sampson, LLP ATTORNEYS AT LAW .pdf
File size:	154'518 bytes
MD5:	ef4577410ba9d113a77117c78066a97a
SHA1:	4b4664420604893dabc9afe640b2f950b9bdd2f1
SHA256:	6c643441fdea4c20ab80eb98141d66dca52d79e82f63b243fb6f6979a66099b3
SHA512:	73b88cd728a8dff0bb9c15f3fda8c0f4cbf91014d3532da0d2204796f263dfe517c624b2631449511feb262a2673277efbc75cc2f347c01567a6bb09e7145d93
SSDEEP:	3072:WjO1kE/90ZC0lD3mkErGe3ArSczycg1ThMDBm+jbc/CKw4fxLo1xhrrJ5Tma:oEyZCW35Er/ArBoLMDzbUw4JE1xR15Tb
TLSH:	45E302930487948DCC1F8B42836937617A5B7C1039897CB9B97EBE84E271E42FC9E513
File Content Preview:	%PDF-1.7..%......13 0 obj..<<../Type /Page../Parent 3 0 R../Resources..<<../XObject << /im1 15 0 R >>..>>../MediaBox [ 0.0 0.0 608.04 787.32 ]../Contents 14 0 R..>>..endobj..14 0 obj.<<./Length 41.>>..stream.q..608.04 0 0 787.32 0 0 cm../im1 Do..Q....ends

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.531688
Total Bytes:	154518
Stream Entropy:	7.524614
Stream Bytes:	152722
Entropy outside Streams:	5.138316
Bytes outside Streams:	1796
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	9
endobj	9
stream	4
endstream	4
xref	1
trailer	1
startxref	1
/Page	2
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 7
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2025 17:19:51.408432961 CEST	49697	80	192.168.2.6	23.202.57.36
Apr 23, 2025 17:19:51.548222065 CEST	80	49697	23.202.57.36	192.168.2.6
Apr 23, 2025 17:19:51.548320055 CEST	49697	80	192.168.2.6	23.202.57.36
Apr 23, 2025 17:19:51.548450947 CEST	49697	80	192.168.2.6	23.202.57.36
Apr 23, 2025 17:19:51.690151930 CEST	80	49697	23.202.57.36	192.168.2.6
Apr 23, 2025 17:19:51.690232038 CEST	80	49697	23.202.57.36	192.168.2.6
Apr 23, 2025 17:19:51.690248013 CEST	80	49697	23.202.57.36	192.168.2.6
Apr 23, 2025 17:19:51.690304995 CEST	49697	80	192.168.2.6	23.202.57.36
Apr 23, 2025 17:20:01.906246901 CEST	49697	80	192.168.2.6	23.202.57.36

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2025 17:19:51.246012926 CEST	55974	53	192.168.2.6	1.1.1.1
Apr 23, 2025 17:19:51.404680014 CEST	53	55974	1.1.1.1	192.168.2.6
Apr 23, 2025 17:20:17.246457100 CEST	60790	53	192.168.2.6	1.1.1.1
Apr 23, 2025 17:20:17.393791914 CEST	53	60790	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 23, 2025 17:19:51.246012926 CEST	192.168.2.6	1.1.1.1	0xd59a	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false
Apr 23, 2025 17:20:17.246457100 CEST	192.168.2.6	1.1.1.1	0x4f07	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 23, 2025 17:19:49.709073067 CEST	1.1.1.1	192.168.2.6	0x8f3c	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 23, 2025 17:19:49.709073067 CEST	1.1.1.1	192.168.2.6	0x8f3c	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 23, 2025 17:19:51.404680014 CEST	1.1.1.1	192.168.2.6	0xd59a	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 23, 2025 17:19:51.404680014 CEST	1.1.1.1	192.168.2.6	0xd59a	No error (0)	crl.root-x1.letsencrypt.org.edgekey.net	e8652.dscx.akamaiedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 23, 2025 17:19:51.404680014 CEST	1.1.1.1	192.168.2.6	0xd59a	No error (0)	e8652.dscx.akamaiedge.net		23.202.57.36	A (IP address)	IN (0x0001)	false
Apr 23, 2025 17:20:17.393791914 CEST	1.1.1.1	192.168.2.6	0x4f07	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 23, 2025 17:20:17.393791914 CEST	1.1.1.1	192.168.2.6	0x4f07	No error (0)	crl.root-x1.letsencrypt.org.edgekey.net	e8652.dscx.akamaiedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 23, 2025 17:20:17.393791914 CEST	1.1.1.1	192.168.2.6	0x4f07	No error (0)	e8652.dscx.akamaiedge.net		23.202.57.36	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

x1.i.lencr.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49697	23.202.57.36	80	3064	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
Apr 23, 2025 17:19:51.548450947 CEST	115	OUT	GET / HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/10.0 Host: x1.i.lencr.org
Apr 23, 2025 17:19:51.690232038 CEST	1358	IN	HTTP/1.1 200 OK Server: nginx Content-Type: application/pkix-cert Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT ETag: "64cd6654-56f" Content-Disposition: attachment; filename="ISRG Root X1.der" Cache-Control: max-age=67275 Expires: Thu, 24 Apr 2025 10:01:06 GMT Date: Wed, 23 Apr 2025 15:19:51 GMT Content-Length: 1391 Connection: keep-alive Data Raw: 30 82 05 6b 30 82 03 53 a0 03 02 01 02 02 11 00 82 10 cf b0 d2 40 e3 59 44 63 e0 bb 63 82 8b 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 31 35 30 36 30 34 31 31 30 34 33 38 5a 17 0d 33 35 30 36 30 34 31 31 30 34 33 38 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 [TRUNCATED] Data Ascii: 0k0S@YDcc0H0O10UUS1)0'U Internet Security Research Group10UISRG Root X10150604110438Z350604110438Z0O10UUS1)0'U Internet Security Research Group10UISRG Root X10"0H0$s7+W(8n<WxujnO(hlDck1!~3<Hy!KqiJffl~<p)"K~G\|H#S8Oo.IWt/8{p!u0<cOK~w.{JL%p)S$J?aQcq.o[\4ylv;by/&676urIAv5/(ldwnG7Y^hrA)>Y>&$ZL@F:Qn;}rxY>Qx/>{JKsP\|Ctt0[q600\H;}`)A\|;FHvvj=8d+(B"']ypN:'Qnd3COB0@0U0U00UyY{sXn0*HUXPi ')au\ni/VKsY!~Lq`9!VPYYbEf\|o;'}~"+"
Apr 23, 2025 17:19:51.690248013 CEST	387	IN	Data Raw: 0e 8f f2 8a 34 5b 58 d8 fc 01 c9 54 b9 b8 26 cc 8a 88 33 89 4c 2d 84 3c 82 df ee 96 57 05 ba 2c bb f7 c4 b7 c7 4e 3b 82 be 31 c8 22 73 73 92 d1 c2 80 a4 39 39 10 33 23 82 4c 3c 9f 86 b2 55 98 1d be 29 86 8c 22 9b 9e e2 6b 3b 57 3a 82 70 4d dc 09 Data Ascii: 4[XT&3L-<W,N;1"ss993#L<U)"k;W:pMMl]+NEJ&rj,_(.{q{^FS\|7B*HL9GR+3S}MmBo@'5\(3#PylFn~:R-?[$

Statistics

Click to jump to process

Memory Usage

• Acrobat.exe
• AcroCEF.exe
• AcroCEF.exe

Click to jump to process

High Level Behavior Distribution

• File
• Registry

Click to dive into process behavior distribution

Behavior

• Acrobat.exe
• AcroCEF.exe
• AcroCEF.exe

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 6936, Parent PID: 496

Function Logs

General

Target ID:	0
Start time:	11:19:35
Start date:	23/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\04222025_Linebarger Goggan Blair &Sampson, LLP ATTORNEYS AT LAW .pdf"
Imagebase:	0x7ff6e3470000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

File Activities

File Opened

File Created

File Moved

File Read

Other File Operations

Volume Information Queried

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

Key Opened

Key Created

Key Deleted

Key Value Created

Key Value Deleted

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Mutex Activities

Mutex Created

Show Windows behavior

Process Activities

Process Created

Process Information Set

Show Windows behavior

Thread Activities

Thread Created

Thread Execution Resumed

Thread Terminated

Thread Information Set

Show Windows behavior

Memory Activities

Memory Read

Memory Written

Memory Usage Statistics

Show Windows behavior

System Activities

System Information Queried

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

Window Created

Window UI Found

Window UI Enumerated

Show Windows behavior

Process Token Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Object Security Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

LPC Port Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 3064, Parent PID: 6936

Function Logs

General

Target ID:	2
Start time:	11:19:37
Start date:	23/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff7014b0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

File Activities

File Opened

File Read

Other File Operations

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Mutex Activities

Mutex Created

Show Windows behavior

Process Activities

Process Created

Process Information Set

Process Terminated

Show Windows behavior

Thread Activities

Thread Created

Thread Terminated

Thread Information Set

Show Windows behavior

Memory Activities

Memory Read

Memory Written

Memory Usage Statistics

Show Windows behavior

System Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Object Security Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 2860, Parent PID: 3064

Function Logs

General

Target ID:	3
Start time:	11:19:38
Start date:	23/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1636 --field-trial-handle=1580,i,5808780656140124304,218480992676511857,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff7014b0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

Process Information Set

Show Windows behavior

Thread Activities

Thread Created

Thread Information Set

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Object Security Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 04222025_Linebarger Goggan Blair &Sampson, LLP ATTORNEYS AT LAW .pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\8900cd63-ef98-4410-ba2e-7696b152b072.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250423151942Z-161.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3008

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Windows Analysis Report
04222025_Linebarger Goggan Blair &Sampson, LLP ATTORNEYS AT LAW .pdf