Edit tour

Windows Analysis Report
Session_74085.pdf

Overview

General Information

Sample name:	Session_74085.pdf
Analysis ID:	1500127
MD5:	b457e0bb0d2136c36f275833b76830c4
SHA1:	cc21ef5e3e2948ac8e909a3eb4cfa1ff5a87a247
SHA256:	4fdf086638b8015ec11ac712f2377af9355b66bf53a058ffeeb5a688387ec5b5
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

IP address seen in connection with other malware

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 7588 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Session_74085.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7776 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7976 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1552,i,8772915315826890772,8538083150746886622,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Joe Sandbox View

IP Address: 104.78.188.188 104.78.188.188

Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.1.dr	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab

Source: classification engine

Classification label: clean0.winPDF@14/51@0/1

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-27 17-15-37-470.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Session_74085.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1552,i,8772915315826890772,8538083150746886622,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1552,i,8772915315826890772,8538083150746886622,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Session_74085.pdf	Initial sample: PDF keyword /JS count = 0
Source: Session_74085.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A9ys6g9z_tua8u3_5x4.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A9ys6g9z_tua8u3_5x4.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: Session_74085.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.78.188.188	unknown	United States		16625	AKAMAI-ASUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1500127
Start date and time:	2024-08-27 23:14:45 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 55s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Session_74085.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/51@0/1
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 2.19.126.143, 2.19.126.142, 162.159.61.3, 172.64.41.3, 23.22.254.206, 54.227.187.23, 52.202.204.11, 52.5.13.197, 192.168.2.4, 2.16.202.123, 95.101.54.210, 217.20.57.38, 23.219.161.132
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, identrust.edgesuite.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, a1952.dscq.akamai.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, apps.identrust.com, wu-b-net.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: Session_74085.pdf

Simulations

Behavior and APIs

Time	Type	Description
17:15:48	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
104.78.188.188	DOC-80697077.pdf	Get hash	malicious	HTMLPhisher	Browse
	San Xavier District of the Tohono O#U2019odham Nation.pdf	Get hash	malicious	Unknown	Browse
	Murexltd Mail Security Update Required For gjohnson@murexltd.com.msg	Get hash	malicious	HTMLPhisher	Browse
	Secured Doc-[aAO-49313]-2.pdf	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse
	Aging Report-429053.pdf	Get hash	malicious	HTMLPhisher	Browse
	Integra Lifesciences Open Benefits Enrollment.pdf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	file.exe	Get hash	malicious	LummaC, Vidar	Browse	23.192.247.89
	DOC-80697077.pdf	Get hash	malicious	HTMLPhisher	Browse	104.78.188.188
	San Xavier District of the Tohono O#U2019odham Nation.pdf	Get hash	malicious	Unknown	Browse	104.78.188.188
	San Xavier District of the Tohono O#U2019odham Nation.pdf	Get hash	malicious	Unknown	Browse	2.16.184.207
	https://aka.ms/LearnAboutSenderIdentification	Get hash	malicious	HTMLPhisher	Browse	23.211.9.234
	Madisonwellsmedia546.pdf	Get hash	malicious	HTMLPhisher	Browse	23.203.104.175
	https://12dec6c2-3c78-e425-b87e-b20197f5da10.powerappsportals.com/	Get hash	malicious	Unknown	Browse	23.38.98.96
	Madisonwellsmedia546.pdf	Get hash	malicious	Unknown	Browse	23.56.162.185
	signature.pdf	Get hash	malicious	Unknown	Browse	23.56.162.185
	phish_alert_iocp_v1.4.48 (38).eml	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.251021122479032
Encrypted:	false
SSDEEP:	6:N70jMIq2Pwkn2nKuAl9OmbnIFUt88702ZZmw+870pxkwOwkn2nKuAl9OmbjLJ:N70QIvYfHAahFUt88702Z/+870px5JfC
MD5:	4B0813226AA6ABEF59C073166BAF119D
SHA1:	2B6FCA79DEA3F36E92B7D39CC27B2CC39C00A3A5
SHA-256:	35491ED81221CFA4F8AD2B0B30B7D9B8E19E290090985E7E8D51A3577D79EACF
SHA-512:	66E058736DA4A57AE0F2A1C2DEAD19C6A0E1353A77E240FD9A8CCB8CE8F89364B778E27AA1D50B730451AC8FC930F8E2D53C8F8A3F1166A199A26C2D2D261262
Malicious:	false
Reputation:	low
Preview:	2024/08/27-17:15:35.304 1e90 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/08/27-17:15:35.306 1e90 Recovering log #3.2024/08/27-17:15:35.307 1e90 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.251021122479032
Encrypted:	false
SSDEEP:	6:N70jMIq2Pwkn2nKuAl9OmbnIFUt88702ZZmw+870pxkwOwkn2nKuAl9OmbjLJ:N70QIvYfHAahFUt88702Z/+870px5JfC
MD5:	4B0813226AA6ABEF59C073166BAF119D
SHA1:	2B6FCA79DEA3F36E92B7D39CC27B2CC39C00A3A5
SHA-256:	35491ED81221CFA4F8AD2B0B30B7D9B8E19E290090985E7E8D51A3577D79EACF
SHA-512:	66E058736DA4A57AE0F2A1C2DEAD19C6A0E1353A77E240FD9A8CCB8CE8F89364B778E27AA1D50B730451AC8FC930F8E2D53C8F8A3F1166A199A26C2D2D261262
Malicious:	false
Reputation:	low
Preview:	2024/08/27-17:15:35.304 1e90 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/08/27-17:15:35.306 1e90 Recovering log #3.2024/08/27-17:15:35.307 1e90 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.229517691539044
Encrypted:	false
SSDEEP:	6:N75a3+q2Pwkn2nKuAl9Ombzo2jMGIFUt887u0Zmw+87SVkwOwkn2nKuAl9Ombzos:N783+vYfHAa8uFUt887u0/+87SV5JfHA
MD5:	D9A2B56A1144E68085F0E7C04E4EB704
SHA1:	A0C8CF81C2B3EA25520CC361CB66CDC3253D773B
SHA-256:	5518C9537845478E8563AB67B62FCCAB9718FD4A41A39A3FCB7638F1D3E9112F
SHA-512:	8C5BE4F1C0E80FB3872DF675CCEED198532B13D5B3A4E4E56D7782D5F13D645AD5ADDF4BA0D84C463A576CC441FE61627150F08369BDE507078572D64B5A0AC9
Malicious:	false
Reputation:	low
Preview:	2024/08/27-17:15:35.402 1f7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/08/27-17:15:35.434 1f7c Recovering log #3.2024/08/27-17:15:35.435 1f7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.229517691539044
Encrypted:	false
SSDEEP:	6:N75a3+q2Pwkn2nKuAl9Ombzo2jMGIFUt887u0Zmw+87SVkwOwkn2nKuAl9Ombzos:N783+vYfHAa8uFUt887u0/+87SV5JfHA
MD5:	D9A2B56A1144E68085F0E7C04E4EB704
SHA1:	A0C8CF81C2B3EA25520CC361CB66CDC3253D773B
SHA-256:	5518C9537845478E8563AB67B62FCCAB9718FD4A41A39A3FCB7638F1D3E9112F
SHA-512:	8C5BE4F1C0E80FB3872DF675CCEED198532B13D5B3A4E4E56D7782D5F13D645AD5ADDF4BA0D84C463A576CC441FE61627150F08369BDE507078572D64B5A0AC9
Malicious:	false
Reputation:	low
Preview:	2024/08/27-17:15:35.402 1f7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/08/27-17:15:35.434 1f7c Recovering log #3.2024/08/27-17:15:35.435 1f7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.957570101121775
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqrhsBdOg2HMcaq3QYiubInP7E4T3y:Y2sRds3dMHv3QYhbG7nby
MD5:	A51F6C00B6C8FEC534F70B104789BECB
SHA1:	B873548C0FEF3D3B96137370EE7C7DB1881752B2
SHA-256:	25163B271ADEBEEF596001A0DA5CA4D63B4DFC3B0F1776BC384832E342EED32B
SHA-512:	C70437B43676D95DC53971730C577E459720700C4BAC998E77DEB176EE18F7F371B44E99708266647B30514810295B9012B32EEB54E43B13BF9F2263E77C7201
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369353347425784","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":242497},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f39db160-1837-4a71-9411-953386254915.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.957570101121775
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqrhsBdOg2HMcaq3QYiubInP7E4T3y:Y2sRds3dMHv3QYhbG7nby
MD5:	A51F6C00B6C8FEC534F70B104789BECB
SHA1:	B873548C0FEF3D3B96137370EE7C7DB1881752B2
SHA-256:	25163B271ADEBEEF596001A0DA5CA4D63B4DFC3B0F1776BC384832E342EED32B
SHA-512:	C70437B43676D95DC53971730C577E459720700C4BAC998E77DEB176EE18F7F371B44E99708266647B30514810295B9012B32EEB54E43B13BF9F2263E77C7201
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369353347425784","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":242497},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.252097266587524
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7k50mpPj4eX0mGPZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goD
MD5:	41850A000D3156763E1DF251A0C4EC4C
SHA1:	295EC4043BDFCECC50DFE078F4D260E53DDA90EA
SHA-256:	432D0B820FC04BDA46037EA795AE69B40D8DF35FD8C48ACC3A35CEEF0059C6C6
SHA-512:	1EEE3DB7E8E9F66C112A10FF6CE9426FDA6273DBEC633C8FB3A0DA585BA2DDD4EE80309F1968CCDA6744629212046937547B541B0BB8D41565EAA94B762B9176
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.254307862075553
Encrypted:	false
SSDEEP:	6:N7/tJ+q2Pwkn2nKuAl9OmbzNMxIFUt887xZmw+87yNVkwOwkn2nKuAl9OmbzNMFd:N7//+vYfHAa8jFUt887x/+87yNV5JfHP
MD5:	FA74C7EB33EEF3729B423D511921FFA3
SHA1:	C1CC925FC69618B4A58B13EBC2EFE307934DA94A
SHA-256:	A631AFD7960ECB1DABA3387ABD670A84D531077B887E2DF619BF8DBF4FA2F8E3
SHA-512:	9C05C4175A90CF7A3EF5753FE76C8130407DFE1DD4A25E4341DEE6A71CFBF98D2E776CDBB633A7A061F0B64BAA2FE6C27B239CF2A69989148884A45A9E89EC0F
Malicious:	false
Reputation:	low
Preview:	2024/08/27-17:15:35.469 1f7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/08/27-17:15:35.470 1f7c Recovering log #3.2024/08/27-17:15:35.471 1f7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.254307862075553
Encrypted:	false
SSDEEP:	6:N7/tJ+q2Pwkn2nKuAl9OmbzNMxIFUt887xZmw+87yNVkwOwkn2nKuAl9OmbzNMFd:N7//+vYfHAa8jFUt887x/+87yNV5JfHP
MD5:	FA74C7EB33EEF3729B423D511921FFA3
SHA1:	C1CC925FC69618B4A58B13EBC2EFE307934DA94A
SHA-256:	A631AFD7960ECB1DABA3387ABD670A84D531077B887E2DF619BF8DBF4FA2F8E3
SHA-512:	9C05C4175A90CF7A3EF5753FE76C8130407DFE1DD4A25E4341DEE6A71CFBF98D2E776CDBB633A7A061F0B64BAA2FE6C27B239CF2A69989148884A45A9E89EC0F
Malicious:	false
Reputation:	low
Preview:	2024/08/27-17:15:35.469 1f7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/08/27-17:15:35.470 1f7c Recovering log #3.2024/08/27-17:15:35.471 1f7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240827211539Z-154.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	1.504013475072779
Encrypted:	false
SSDEEP:	384:XzUEHiVuLnMLgy+odHwq98rM8YgRGnLSn5Ohfhta4QD168PxtRRwcpflb:9C1ql
MD5:	1D97EE04E521EDD6D9E2B885C4E165B8
SHA1:	05182CADF7274D67B9E87240FC9C67D8BA94E2E6
SHA-256:	BF8CFA439DD3E680D9C6FA907D70E487966863E534329D06B16BF26C54C1B4AD
SHA-512:	5291C68273B3DC3E44107181028CAD1748B838F735EE2E97D1029F4949C96F0ED2A5E63F1BB50E76381C41A61AFFEEA7A4494DAEB2E8EDD82115DE25355B5301
Malicious:	false
Reputation:	low
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 16, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 16
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.445348471386374
Encrypted:	false
SSDEEP:	384:CeEci5t4iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:sfs3OazzU89UTTgUL
MD5:	5BC2C4D2D2DD8DF2034B5D6950BEF51F
SHA1:	8FC9C1E67C3C1CD89E38E2D0276AB167A1FA5BD3
SHA-256:	B13EA5EB574CA2AD4DAA17987A4148FAD88D391E6825DD7D225D88270AD64E1B
SHA-512:	78E0DF96444EB3E3EED8321015DCE0E19B0B383FE7C08666A6C41B854A9B9655BFB817B376D03FEA835695A1C486453FCA04D3A3A9012521867E04C3AE297D01
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	2.213872529883958
Encrypted:	false
SSDEEP:	24:7+t2mnuwK7qL7zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9MO:7MjnC7q/mFTIF3XmHjBoGGR+jMz+Lhj
MD5:	4B1BAFED5E057EA6ABCCA2CF51D0B0D7
SHA1:	0112E5B2C5D9C46F3D403695251AD0A58918BF28
SHA-256:	D338F621FFBD1A1728B804C198ACD12A294AC0977BDBD3A154C2B92A0286AF0A
SHA-512:	62FAD8813BC9FAEA27B62EB83D92C2FC6D84EDCDF1FF6D4B1CBD8D7E1017C5756810E768A696A2CF37619ED62BD42DB560F0F3918A1DC4E42A705534EB23860E
Malicious:	false
Preview:	.... .c.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	893
Entropy (8bit):	7.366016576663508
Encrypted:	false
SSDEEP:	24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
MD5:	D4AE187B4574036C2D76B6DF8A8C1A30
SHA1:	B06F409FA14BAB33CBAF4A37811B8740B624D9E5
SHA-256:	A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
SHA-512:	1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
Malicious:	false
Preview:	0..y...H.........j0..f...1.0....H.........N0..J0..2.......D....'..09...@k0....H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0....H.............0..........P..W..be......,k0.[...}.@......3vI.?!I..N..>H.e...!.e..2....w..{........s.z..2..~..0....8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i.....)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0....H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..\|.Wv..(9..e...w.j..w.......)...55.1.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.137989037915285
Encrypted:	false
SSDEEP:	6:kKXj49UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:bDDnLNkPlE99SNxAhUe/3
MD5:	F359CFB5475E05A7DEE063C129BAD0E8
SHA1:	9E2915D5DE899E0135B882F088344FC557D0EA29
SHA-256:	D5F348F1C3363F225CDFE34D404BA6DB1EDFD167BBDDB83390DA1FB5D16615B6
SHA-512:	49CF0D464395BB2C413FF8FA137B1D8CAD446F8C71A93D2953E0236E7AD73ED9C435231EF5DC07793E19FC3EB02D71799E41A4B57C9534B27A2270CD4D62FA19
Malicious:	false
Preview:	p...... ..........[....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	252
Entropy (8bit):	3.026467887142631
Encrypted:	false
SSDEEP:	3:kkFklaktfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7lnklc:kKaxliBAIdQZV7I7kc3
MD5:	119B0447E42C90197CF61EC409AF2550
SHA1:	6F2B216B14C9FBE3D4E977BCF4593374A7512599
SHA-256:	844F303186863559395CCBBA7110AE7EA101C7BA676EA71B7E61860A6FC9B5B4
SHA-512:	BF5CCD4C39FF3AFF61151986FEAC2F1E9A372BB2394AFD0E39CF977EFDD83D7250D8E89B0BED5F300852BD139BA6C1EEBE89ABBF787551F5DCED20421358223D
Malicious:	false
Preview:	p...... ....`......I....(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	243196
Entropy (8bit):	3.3450692389394283
Encrypted:	false
SSDEEP:	1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
MD5:	F5567C4FF4AB049B696D3BE0DD72A793
SHA1:	EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
SHA-256:	D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
SHA-512:	E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.365038507337115
Encrypted:	false
SSDEEP:	6:YEQXJ2HXuItX9twKTnVoZcg1vRcR0YKwW9KoAvJM3g98kUwPeUkwRe9:YvXKXuIlLTWZc0v/GMbLUkee9
MD5:	7E552FA6F7DDF63D83F05434FB211B88
SHA1:	CAFA240AB7401F8BFE7544B5582280C7A889BE29
SHA-256:	B651D1A330347761A9C4A3E2E2B9388488CE99981A409BA5A5B9753CA08B0441
SHA-512:	8B1C3962683EF259E205C89C854F39BA49A98D0A1B7E6B95C90C2C7CD723B6661A51E5932DBBD548BE4436A8B310E747FBACAB21B1DF1C84D606EB8CBEAD8122
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bab4e867-8625-40fe-927f-2425a0b59331","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724966579826,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.314762160640761
Encrypted:	false
SSDEEP:	6:YEQXJ2HXuItX9twKTnVoZcg1vRcR0YKwW9KoAvJfBoTfXpnrPeUkwRe9:YvXKXuIlLTWZc0v/GWTfXcUkee9
MD5:	350488C8F391A1411F3A0525E17DB0C8
SHA1:	ACFCBCFDEAF1B62B6543D1AE5CA024EDFAEAA3F0
SHA-256:	B0747D93D5413FFB6B3148BCA8544D553F4192C18178C4B07F521D5EEEF26A70
SHA-512:	30DDC88F0F8C1650DA66607D769BD0425D99BD17D3AF0CABBC0FF725F9AF50B84ACA0A9263A2A9CE45C91CE1B0494890806B72A0FD82F1A34FFD4AC792C3B28B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bab4e867-8625-40fe-927f-2425a0b59331","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724966579826,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.294248729778163
Encrypted:	false
SSDEEP:	6:YEQXJ2HXuItX9twKTnVoZcg1vRcR0YKwW9KoAvJfBD2G6UpnrPeUkwRe9:YvXKXuIlLTWZc0v/GR22cUkee9
MD5:	AC4D8ACF91853C5697DABF5BFEFBBCDF
SHA1:	E40A0F84B95CD20550CC1F323347E13F77B6B7E5
SHA-256:	505DD71009D7F24A34AE21E332518BF89BEC5422BCB56678A8E30632CD92FFBA
SHA-512:	E1E77348F0AC4372CA875AD6C10C3AD9C95EF4C2CD4AC124E7D28DEF23B97624D089A6B4EE89084F7779AE5B30C545C6E4B8F7A30879628FB19A633BEB7A5E40
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bab4e867-8625-40fe-927f-2425a0b59331","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724966579826,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.352107789708413
Encrypted:	false
SSDEEP:	6:YEQXJ2HXuItX9twKTnVoZcg1vRcR0YKwW9KoAvJfPmwrPeUkwRe9:YvXKXuIlLTWZc0v/GH56Ukee9
MD5:	E74630E570E3153745AD0320719A24FB
SHA1:	11A183FA66E2595EDA953DFC4D9635138191271E
SHA-256:	24FB9EADD1B0821B66C1117CC0C06E0A9B0C9EF01005F1D171DDAF9641C4F9CF
SHA-512:	D29B2A87540D926B2222DDABFD7EAD7F3AE449524D7993788C47F54A0E3264E63F13F5C1A33896D8857E56BE4355E6363A2E3DDCAD78F478761E79B5C81051D7
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bab4e867-8625-40fe-927f-2425a0b59331","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724966579826,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	5.666079288879271
Encrypted:	false
SSDEEP:	24:Yv6XnRTWzvkpLgEFqciGennl0RCmK8czOCY4w2wK:Yv+RachgLtaAh8cvYvK
MD5:	734612558F6C4327C46B96A28331E636
SHA1:	61FB8CC723111437AE8411965B886A99741EC757
SHA-256:	22F7DFCDEF106171B9B599169B3F3C60CA42B91A38C86AF60E7EF2633638951D
SHA-512:	813281F9FEC3B9C92D9DA6D80F905FF68D5A621EB4113247621A3F4556A5BC42614C2C877AF1BAAEDDB261915EB97A34CD07D9832597765B0A3C8184E8E2ECFF
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bab4e867-8625-40fe-927f-2425a0b59331","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724966579826,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.656365586613853
Encrypted:	false
SSDEEP:	24:Yv6XnRTWzv+VLgEF0c7sbnl0RCmK8czOCYHflEpwiVwK:Yv+RaWFg6sGAh8cvYHWpwc
MD5:	4F75E2E4F8389C6A2C3475A705045DCB
SHA1:	9655E359BC8994CEFEDC516A225737B675C22113
SHA-256:	C4B926CDCFA3AEA5AE15E4B9ED3040410FBDD26DD5462E232E071E76F1484C0F
SHA-512:	D43E5D49D95BB300261CEF00AD12A6E541CB777C411F83790FBD9E7811C35F100B483230A0DEE548F733D355B44117DEDFABDF7A6286C6799D3765A4BAEF5A33
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bab4e867-8625-40fe-927f-2425a0b59331","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724966579826,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.305726325738302
Encrypted:	false
SSDEEP:	6:YEQXJ2HXuItX9twKTnVoZcg1vRcR0YKwW9KoAvJfQ1rPeUkwRe9:YvXKXuIlLTWZc0v/GY16Ukee9
MD5:	4FBABAD2A0EB9562FB7C7E0CB159CA8B
SHA1:	BAFEF452EFC155CEAC9C98C6FEAAAAB10617639C
SHA-256:	9149C7117BD2FAB4AC271FB3FE97814BEBBE5680A74B6FA1DA7BA85CD4EED2E8
SHA-512:	F2D913B9A27E120C07B1DD00040831BDD59DB96A3BA57EBAEA81DFA592FE635DA8EE758353B92BDFBB7A70687366CB9E06219F29C89F7F7BA310B58C5B235C4D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bab4e867-8625-40fe-927f-2425a0b59331","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724966579826,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1038
Entropy (8bit):	5.649446708060146
Encrypted:	false
SSDEEP:	24:Yv6XnRTWzvL2LgEF7cciAXs0nl0RCmK8czOCAPtciBwK:Yv+RaDogc8hAh8cvAb
MD5:	3E80235D5815AC67FE6A9E7B118C2510
SHA1:	9895918526D1CA0975906AEC2996867C8B2C1F6D
SHA-256:	87DF845E60138D25C992C53CE350FD5B2C1ED12866C4B8618401A750FDE81A7D
SHA-512:	0C729DD8E83E7F4C993BC7C482B961EF4EDEDE46A75D14C400D42B98C0B664328B8CBD187BEE2041D715E76D9F249EAF2C53AA0FFE48A649A68D7573D8A4AFED
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bab4e867-8625-40fe-927f-2425a0b59331","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724966579826,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.703755075192118
Encrypted:	false
SSDEEP:	24:Yv6XnRTWzvHKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5wK:Yv+RaPEgqprtrS5OZjSlwTmAfSKn
MD5:	97CABC6DA9A1F983CB1D8E1A485D728E
SHA1:	D3E3811056C73854D14956B542BFDABA158D0EF3
SHA-256:	D2AA0F325AE2AA7CC8B37FB2D75CB1D606CAB8B230929CC49AAD09B4A2E88193
SHA-512:	5367EF33D94AE69A6A00CB0AA9B0FE607AA85352B03FFFDACE11DD1FAA7AA6EA20180639E2A0F9C478B83D8EB0D0737286D85C335FC16342712A357F4571BAED
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bab4e867-8625-40fe-927f-2425a0b59331","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724966579826,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.307079468659761
Encrypted:	false
SSDEEP:	6:YEQXJ2HXuItX9twKTnVoZcg1vRcR0YKwW9KoAvJfYdPeUkwRe9:YvXKXuIlLTWZc0v/Gg8Ukee9
MD5:	B355E68681D4DA0C29117EC124AB582B
SHA1:	0387F08B1C292C157E990AC4CB8A3F6E25009D11
SHA-256:	5360106810D78346CF7B15FBCAB488CE0F2C40319030E75FD86CCFD1C16F0E21
SHA-512:	8517657FF9C3C0921B7F925582B54DF88F75B2276421878B2E4C31CAE754672BC78DFCEFF32B2142D97B3E76E9FC8B4A0410D7837934118339E9AE56EDD0E41D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bab4e867-8625-40fe-927f-2425a0b59331","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724966579826,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.781361333857597
Encrypted:	false
SSDEEP:	24:Yv6XnRTWzvarLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNoK:Yv+RaSHgDv3W2aYQfgB5OUupHrQ9FJn
MD5:	8872D27008BC1CADBCDAA42DD7175BB8
SHA1:	E3B34687A281B4CA46A1C16FF5B803AFD4B08A93
SHA-256:	7CD661786D486FFF5E9924A393AF4D8E82ABB1149E91CA60B471F33F6380F78F
SHA-512:	A810B96B24ED42731FCEABF05B801BD87064F048A961DAAFD3892D26F8C4292389BF5BE5CC4E9956E7D365D5139F0AC40A4B0971A73D29362668ED7E397DAE98
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bab4e867-8625-40fe-927f-2425a0b59331","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724966579826,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.290577910191632
Encrypted:	false
SSDEEP:	6:YEQXJ2HXuItX9twKTnVoZcg1vRcR0YKwW9KoAvJfbPtdPeUkwRe9:YvXKXuIlLTWZc0v/GDV8Ukee9
MD5:	DDFFE8E3DB4808F52D2B0DB063FA4A5F
SHA1:	368815A83692DB9A9724882F8E45A41E56389C02
SHA-256:	D4ABD208CAFF10BA629F1CF0A80CE8A1713082BA30D9D78DA4400A569AAF10EA
SHA-512:	D5413EC05ADDEAB42B281306BAFB395F1A7DFE6847E0FFE9DC631A8F0E9440D3FDE2DB50B881F6A52A2B84B1A924EB3A72D3D937F4D0CD69C617A26CEEF52A85
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bab4e867-8625-40fe-927f-2425a0b59331","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724966579826,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.295327353246223
Encrypted:	false
SSDEEP:	6:YEQXJ2HXuItX9twKTnVoZcg1vRcR0YKwW9KoAvJf21rPeUkwRe9:YvXKXuIlLTWZc0v/G+16Ukee9
MD5:	B3EEE01D8071E00D8F9119B341922F3D
SHA1:	F682ED7F5A4504ED5E0364DFB1CC4652951785B7
SHA-256:	217D2B3545485AEE55E7621392BD561F48C67DF00F89200C442E0108E60161B8
SHA-512:	17E0D8EE2E064BFDFC07A3649C9D7C30B2F1EB6F165A52FF73409F493C30FF76072304D1BCB7BAD79E0C6FFA60FB7A08D685D2BEADE2E399151CED1F8F8351EA
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bab4e867-8625-40fe-927f-2425a0b59331","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724966579826,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1058
Entropy (8bit):	5.6554910701953105
Encrypted:	false
SSDEEP:	24:Yv6XnRTWzvAamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BwK:Yv+RauBguOAh8cv+NKC
MD5:	E9884F9DF486656A0DF2A013B6EE116B
SHA1:	CE25F0BC9E8B9D3E137ACA70052DD9A76BCD9BD8
SHA-256:	61DA04E5E116AAD99C0142C780F93DE7492B341D1476782E8707A0408925FA0B
SHA-512:	FF15EB37D7D446D1288A7FE16C2E6F21C90925AE835FB1B2B3DC426688AFE52109D73922AA9CCD7D4765488254EA5549521BC95690A4F2177FB063BDA887AEF3
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bab4e867-8625-40fe-927f-2425a0b59331","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724966579826,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.273283911936503
Encrypted:	false
SSDEEP:	6:YEQXJ2HXuItX9twKTnVoZcg1vRcR0YKwW9KoAvJfshHHrPeUkwRe9:YvXKXuIlLTWZc0v/GUUUkee9
MD5:	97C3DCCF69A2CDF660DA88035AB1E462
SHA1:	D1D4975C98535FA07F609D44EC86A92551F11D50
SHA-256:	6AFFF2EE466A99E2ABE6EFD1F8EB5C7C34E63261139B249C27B9A9D42D1C0DA3
SHA-512:	61E2052365C966DB35D534CD94AA6E040609AD2BBA53737688B33B2ACE7639406C49F088B07EEB5CD6431F942A3F0F42D2D20557C4E4EFB50345B38A97C580C9
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bab4e867-8625-40fe-927f-2425a0b59331","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724966579826,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.376422514532964
Encrypted:	false
SSDEEP:	12:YvXKXuIlLTWZc0v/GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWsK:Yv6XnRTWzvv168CgEXX5kcIfANhxK
MD5:	80E4B21A8CBEB9B58DE01E9E7AAA581A
SHA1:	E5C2975B41EE2796B28CC0EE1A4A9652AC38EA28
SHA-256:	F8B563E4F89D93B926290C53C0569BECB7E8DA9673E9A4652B5EF42A66B2F810
SHA-512:	403E5BF054B1FC786C36449DD0145787A46D7C53E77A921E6F04868761AAD132D0362FA3AB12F3299BFCD7E3F7849117CEA36B6F9BC7BBC031701654EA2CA9FE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bab4e867-8625-40fe-927f-2425a0b59331","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1724966579826,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1724793344857}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.142965328163282
Encrypted:	false
SSDEEP:	24:YaB3gK7Ea79alMayS7y8p3Y7VzqLWw7OCuK9yqg70l247A9mK7GoL7BIS7ujixR3:YdLLs/Kf7e9mDixVaVegNd6i99Iv
MD5:	D3E1E7122BD561CB66B4E3BC67E03FFA
SHA1:	CE0F7B4CD4EA852B65A90205515C6C02BB55E9A5
SHA-256:	9CED46DF363311E0ACC30A931CFE8A2E6494029DA87EE8543C1905B3F4FC1108
SHA-512:	37FC0FEB0C65832152316D652944E01270B2968C98B85053C9FDFB183900385B8E8BB77BB5F8B9CD09E64AAC3D2C07853C4EEF7CB74FE177BFEFEEEAF4A9A360
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"5af4d07783a3d87113c1c52b56cae2ac","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1724793344000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"8b2e4e511ca591a07a20cc81932195af","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1724793344000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"b2e2bdf557107433e5088daeca2fe5b3","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1724793344000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"ff64068458cb23deb97a60551ac20fd7","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1724793344000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"2f90959f7e9e248cbbf2703aca3c0025","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1724793344000},{"id":"Edit_InApp_Aug2020","info":{"dg":"8fdd65898defca58c5d96725244aa386","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.186208437845991
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUUnSvR9H9vxFGiDIAEkGVvpb:lNVmswUUUUUUUUn+FGSItH
MD5:	D089420B1F42F466C1F27C3A8670B3FA
SHA1:	06DECDB2175119EC9EA38495C0178B70D7E693F2
SHA-256:	2DDD40236A2569CDBF0FBAA35C52088F7C683EE35864BA472DEC3C3A09A56BAD
SHA-512:	B8343BFDC7F1FB7955629E9E515D03C729EC51987412E8A8DE16A6EE2E5282360CA566E8435DD0F3B2034A1A57993769B332E815C4DE61873CD424A3DC5E9691
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.6049100311293276
Encrypted:	false
SSDEEP:	48:7M4KUUUUUUUUUU7vR9H9vxFGiDIAEkGVvcqFl2GL7msE:7kUUUUUUUUUULFGSItaKVmsE
MD5:	E37A494BFB9DCF6F87D72D2273EDBE36
SHA1:	A261E6AD4ACA0B182A16A084C5DAB128DD51663A
SHA-256:	24D049BB05C4CAF02CCC4808D8CE625F8BD0C57D6526B7F1980D65BB0189C6A4
SHA-512:	EA574F04ACD1591124031A31E29202DC015329D2419A18251EAE7D6F26297494F8C18438FCA7945FFE1B6D30EC76F0F517D6C29697BB84803F31B317600553CB
Malicious:	false
Preview:	.... .c.....9........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI318f0.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5162684137903053
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8AAe7aCH:Qw946cPbiOxDlbYnuRKRH
MD5:	36E4CA19397A27113835ABD8AA5B18DF
SHA1:	8ED9103ADC54007BE1FA465038D3943395D0D461
SHA-256:	B4F6230A1A064B9B446B94DB1628CB418650563FCAFEDD294E47ED0D6E6FF35D
SHA-512:	C2A70ED336771E9A7C174997FBF752D295EDC7668CAAA5970198555DE365E174719E108AA574B99F22ACD9B449A9E8533895C27BAA4E29452F588DD4F324E6AA
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.7./.0.8./.2.0.2.4. . .1.7.:.1.5.:.4.2. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91suk16f_tua8u1_5x4.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	108058
Entropy (8bit):	7.99199742595327
Encrypted:	true
SSDEEP:	1536:Ovj3fXvOA7zO3qgSPp67cNtHbKpPBXrzyUVLOhCyhrzDDvc4DZsRMRa5rVaJNEhi:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJcq
MD5:	0178C6EE26590A8ABFC1CBD5BB5C335F
SHA1:	DBE042C4F652E96C34BC10FDCE2ECD8485077158
SHA-256:	922CE47ECFC6144A881C2C9A06EE99F73DA4506E8F796FCC79E982599B364E33
SHA-512:	310E5B93360ED2394B097A464A38692D58E51C4000D13C07DF1A07743160F2F2399F3AEAF26EEA8AB8C4DE780E91F7BE1B0CDF8438637C0EC825A34C21EF5E22
Malicious:	false
Preview:	PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..\|....,.A.....Z..a<.C._..../G\|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.\|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r\|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?\|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9nnvekm_tua8u2_5x4.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	144514
Entropy (8bit):	7.992637131260696
Encrypted:	true
SSDEEP:	3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
MD5:	BA1716D4FB435DA6C47CE77E3667E6A8
SHA1:	AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
SHA-256:	AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
SHA-512:	65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
Malicious:	false
Preview:	PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..\|....,.A.....Z..a<.C._..../G\|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.\|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r\|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?\|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9ys6g9z_tua8u3_5x4.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.091453819841356
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOhw2RH8oqn2RH8oT/yLCSyAAO:IngVMre9T0HQIDmy9g06JXRw2k2ElX
MD5:	43C8D1FA7D65FF4242D60558D0D1863F
SHA1:	85AD6FB27DFA6121EB31A8059B2B447A6D077F56
SHA-256:	3E20963B243818A0FF2AE3784459A24F4D7C9D3C995F69242259660D6EA7DA58
SHA-512:	9461DD12F03B340E42DAB577F0A95C9E982911721EB12A28FC38B8BD2C0CEA1DE6C64BAAF8A35A06385B279CB53A99BAC9DE13EB3917242FB4A120583AFB50B8
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<971839E4FF224546B452C34AD8175198><971839E4FF224546B452C34AD8175198>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-27 17-15-37-470.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.363675683440152
Encrypted:	false
SSDEEP:	384:iDfiffeU4yVFohMTo+Z+8erDAoEE3fwJgb0eQk+5n6U+4JfU8DHn+p+n2YeTx+uM:fr5
MD5:	0938220ADA5D51EEDF354B9E5DD86DDC
SHA1:	7C480AFE24F5D8CC8CEE77659ED8DE539128AE00
SHA-256:	B5EAAA52DFC8BE28EE0993ADDD76118D7EC003742F7F1056E7B3DA7E6FED4ECC
SHA-512:	CC71ABC743C9A23B488AD31258B7ABBE0D8DDCD01C2AE0FCA500964C2E4B9AD702C7427206F882851B369519DF31CFBDA94FA1CB35D08CDE221359A05F91BBEA
Malicious:	false
Preview:	SessionID=b42d586c-4d2c-4e21-bf2d-3b9249b65d07.1724793337479 Timestamp=2024-08-27T17:15:37:479-0400 ThreadID=7752 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=b42d586c-4d2c-4e21-bf2d-3b9249b65d07.1724793337479 Timestamp=2024-08-27T17:15:37:483-0400 ThreadID=7752 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=b42d586c-4d2c-4e21-bf2d-3b9249b65d07.1724793337479 Timestamp=2024-08-27T17:15:37:483-0400 ThreadID=7752 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=b42d586c-4d2c-4e21-bf2d-3b9249b65d07.1724793337479 Timestamp=2024-08-27T17:15:37:483-0400 ThreadID=7752 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=b42d586c-4d2c-4e21-bf2d-3b9249b65d07.1724793337479 Timestamp=2024-08-27T17:15:37:483-0400 ThreadID=7752 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.393007944482326
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r1:B
MD5:	5D916370059912A6DA773501F8D82777
SHA1:	7E80EF9C6C8E82B656D68EFD9B47D8E238077509
SHA-256:	4EE3F9D498E6A594EE93487A7F824D9E0E67BC2F4C5A428D2BE18F0CCCD37823
SHA-512:	19866A1FB12DF87B2F05FC8E9F4F27950A2E3FD482B53C13754E80738B37B6D4439BBB2A6A64EAC3F41DAE58D958B2DFB77FEFEABB1C84B230594FE7D249F13E
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\2f9b2ce3-36b8-4ed3-92d4-2bf4961ee1e4.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\3245f622-a7e4-4587-bcbf-a924ff11d11e.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7ouWLaGZ7wYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVuWLaGZ7wZGk3mlind9i4ufFXpAXkru
MD5:	13F55292D0735B9ABD4259B225D210FC
SHA1:	810CC5D545BFA11D2825F6E1DFA69176794DA7EC
SHA-256:	8C3FFEA68963D108599E8C5AE20DE6E9C473BF33197A03A9A7DDCD0F25A6C7F6
SHA-512:	4F54EDA9EB61172A5243DAA718CFF42A0BF079CC0FA7BE3553CC8B79772763B49F530DD6B54A9D595C4F46B8416ADF7D5C8DAD58FC43A5C651258E669DC375DA
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\738e4aaa-4b3e-485f-9d23-44dd1f20ac15.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\9cb2fbe2-8cee-4ed0-b242-4cff6c745c4d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.66829583405449
Encrypted:	false
SSDEEP:	3:So6FwHn:So6FwHn
MD5:	DD4A3BD8B9FF61628346391EA9987E1D
SHA1:	474076C122CACAAF112469FC62976BB69187AA2B
SHA-256:	7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
SHA-512:	FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
Malicious:	false
Preview:	<</Settings [/c <<>>].>>

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	98682
Entropy (8bit):	6.445287254681573
Encrypted:	false
SSDEEP:	1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L
MD5:	7113425405A05E110DC458BBF93F608A
SHA1:	88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF
SHA-256:	7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46
SHA-512:	6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D
Malicious:	false
Preview:	0...u0...\...0....H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240807121815Z..240814121815Z0..~.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!... .}...\|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	737
Entropy (8bit):	7.501268097735403
Encrypted:	false
SSDEEP:	12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa
MD5:	5274D23C3AB7C3D5A4F3F86D4249A545
SHA1:	8A3778F5083169B281B610F2036E79AEA3020192
SHA-256:	8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97
SHA-512:	FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574
Malicious:	false
Preview:	0...0.....0....H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..240806194648Z..240827194648Z.00.0...U.#..0.......q]dL..g?....O0...U........0....H.............vz..@.Nm...6d...t;.Jx?....6...p...#.[.......o.q...;.........?......o...^p0R.......~....)....i.n;A.n.z..O~..%=..s..W.4.+........G...*..=....xen$_i"s..\...L..4../<.4...G.....L...c..k@.J.rC.4h.c.ck./.Q-r53..a#.8#......0.n......a.-'..S. .>..xAKo.k.....;.D>....sb '<..-o.KE...X!i.].c.....o~.q........D...`....N... W:{.3......a@....i....#./..eQ...e.......W.s..V:.38..U.H{.>.....#....?{.....bYAk'b0on..Gb..-..).."q2GO<S.C...FsY!D....x..]4.....X....Y...Rj.....I.96$.4ZQ&..$,hC..H.%..hE....

Static File Info

General

File type:	PDF document, version 1.4, 1 pages
Entropy (8bit):	7.551686368008415
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Session_74085.pdf
File size:	107'041 bytes
MD5:	b457e0bb0d2136c36f275833b76830c4
SHA1:	cc21ef5e3e2948ac8e909a3eb4cfa1ff5a87a247
SHA256:	4fdf086638b8015ec11ac712f2377af9355b66bf53a058ffeeb5a688387ec5b5
SHA512:	6b5754c864b2a721979f8686d6ccedaba00999d300db0461b0cc8d7fd44c04d9042ec73c4848465f89d3acb2f68a0cd5a4be2fad7ab89e8657abf41cae0227b2
SSDEEP:	1536:idiY2pRL5jqjRttPXKunDsYDTPp5c4otuN074vjWP1t:uQLUZaID55cR57YK
TLSH:	6AA39D31F3EBE7289B1B088D463E3D3B532596C189E25113413B4D8296A1FBBD947A7C
File Content Preview:	%PDF-1.4.%.....1 0 obj.<</Creator (Mozilla/5.0 $Windows NT 10.0; WOW64$ AppleWebKit/537.36 $KHTML, like Gecko$ Vyaparapp/10.17.3 Chrome/108.0.5359.215 Electron/22.3.27 Safari/537.36)./Producer (Skia/PDF m108)./CreationDate (D:20240826174736+00'00')./M

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.551686
Total Bytes:	107041
Stream Entropy:	7.529926
Stream Bytes:	102735
Entropy outside Streams:	5.228852
Bytes outside Streams:	4306
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	19
endobj	19
stream	7
endstream	7
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
6	698e969f979e5a24	be7109be9bd5b7158795afb9e5b2cc2d
8	00233b43273b2b00	9bfbd613789d88ade2755cdf9c923370

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 7588, Parent PID: 2580

General

Target ID:	0
Start time:	17:15:34
Start date:	27/08/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Session_74085.pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7776, Parent PID: 7588

General

Target ID:	1
Start time:	17:15:35
Start date:	27/08/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7976, Parent PID: 7776

General

Target ID:	3
Start time:	17:15:35
Start date:	27/08/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1552,i,8772915315826890772,8538083150746886622,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Session_74085.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f39db160-1837-4a71-9411-953386254915.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240827211539Z-154.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Windows Analysis Report
Session_74085.pdf