Edit tour

Windows Analysis Report
Faisal Ahmad.pdf

Overview

General Information

Sample name:	Faisal Ahmad.pdf
Analysis ID:	1500511
MD5:	5542eb9a328dabc039eb82c911ec2952
SHA1:	4b9cf91bec4cf36c54af40b0ec5c8ae71016571e
SHA256:	fe7dbe67590f1bd9e360ec098514983d8c8f9ac04482b7951181c058128d32e2

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Classification

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 2480 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Faisal Ahmad.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 5576 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 5584 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2160 --field-trial-handle=1600,i,11690975926690780445,5659053138094850307,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443

Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 23.203.104.175:443 -> 192.168.2.17:49710
Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 23.203.104.175:443 -> 192.168.2.17:49710
Source: global traffic	TCP traffic: 23.203.104.175:443 -> 192.168.2.17:49710
Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 23.203.104.175:443 -> 192.168.2.17:49710
Source: global traffic	TCP traffic: 23.203.104.175:443 -> 192.168.2.17:49710
Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 23.203.104.175:443 -> 192.168.2.17:49710
Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 23.203.104.175:443 -> 192.168.2.17:49710
Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 23.203.104.175:443 -> 192.168.2.17:49710
Source: global traffic	TCP traffic: 23.203.104.175:443 -> 192.168.2.17:49710
Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 23.203.104.175:443 -> 192.168.2.17:49710
Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.17:49710 -> 23.203.104.175:443

Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710

Source: classification engine

Classification label: clean1.winPDF@18/47@0/66

Source: Faisal Ahmad.pdf

Initial sample: file:///C:/Users/fa6936/OneDrive%20-%20AT&T%20Services,%20Inc/Documents/Faisal

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\6e161222-f5d2-4c31-8037-dfaeb49751d7

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

File created: C:\Users\user\AppData\Local\Temp\acrocef_low\4cdc42c3-3e60-4f53-b427-6e8076f68471.tmp

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Faisal Ahmad.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2160 --field-trial-handle=1600,i,11690975926690780445,5659053138094850307,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2160 --field-trial-handle=1600,i,11690975926690780445,5659053138094850307,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 3E91A453DAC0AE739C414AFC3051D0C6
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown

Source: Faisal Ahmad.pdf	Initial sample: PDF keyword /JS count = 0
Source: Faisal Ahmad.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Faisal Ahmad.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Faisal Ahmad.pdf

Initial sample: PDF keyword obj count = 85

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	2 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
54.144.73.197	unknown	United States	14618	AMAZON-AESUS	false
2.19.126.163	unknown	European Union	16625	AKAMAI-ASUS	false
184.28.88.176	unknown	United States	16625	AKAMAI-ASUS	false
23.203.104.175	unknown	United States	16625	AKAMAI-ASUS	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false
2.16.202.123	unknown	European Union	16625	AKAMAI-ASUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1500511
Start date and time:	2024-08-28 15:41:29 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	24
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	Faisal Ahmad.pdf
Detection:	CLEAN
Classification:	clean1.winPDF@18/47@0/66
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.144.73.197, 107.22.247.231, 18.207.85.246, 34.193.227.236, 172.64.41.3, 162.159.61.3, 52.165.164.15
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ssl-delivery.adobe.com.edgekey.net, glb.cws.prod.dcat.dsp.trafficmanager.net, ctldl.windowsupdate.com, p13n.adobe.io, geo2.adobe.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: Faisal Ahmad.pdf

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.166381740220626
Encrypted:	false
SSDEEP:
MD5:	2A107DC302FD31E3FA91E91A12000B5A
SHA1:	2320ADDC385C0ADAD5959F9EFA612B1E8F27C906
SHA-256:	17ED4C9EDBF6A5F157E0BF07255C5081C7E72E4FFAE1E6F453B06645901AD079
SHA-512:	927FBCDCCF52CFD03D080470054F0B7F7A45747EC00C72AA069B592F5D811F101167CCC901C9687E6812F1AB7C6BDABF73BD7EC6793C1B1B5F8A6AAB7853635B
Malicious:	false
Reputation:	unknown
Preview:	2024/08/28-09:42:00.499 175c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/08/28-09:42:00.502 175c Recovering log #3.2024/08/28-09:42:00.502 175c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.117958978144074
Encrypted:	false
SSDEEP:
MD5:	8A91489ACA2D49E82267B0A601C15D51
SHA1:	B3DC8B92F353DA3259FF4DE6A705ED2899EEB0C1
SHA-256:	6060FCE3F6348E540758EC574B11D81B1E52182C29276F8C7C9A2D73AA9D274C
SHA-512:	87C3C250623789A7DC4DFC6EE12E57F89F97904413DA1CD584ECB67E9F32A52CE7B80AE54CD6D992C3BDAD3EAED1275CA7FFD9893FA33DFF4C6D5581875501A6
Malicious:	false
Reputation:	unknown
Preview:	2024/08/28-09:42:00.389 8f4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/08/28-09:42:00.392 8f4 Recovering log #3.2024/08/28-09:42:00.393 8f4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	3D9EBA638B994F6FC3BEA4AB1A506BF1
SHA1:	98195EEF76FC884B5FA2D39125354AEDEFAA26C8
SHA-256:	FF628C141FAEE6915035541625F029D56A15F96C77D552064B5AB410E2F1ABE8
SHA-512:	A6BB3E610B0D558F4DEF48E405042CB2DD30CA61A43433F0D017A54837C9E871388882C7B65782C47706BEBA945747475B91EC161510718D77E999DA46034E1D
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369412531942624","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":121499},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b36f83a8-564f-47be-87af-6d9764bf788f.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	476
Entropy (8bit):	4.957166499751261
Encrypted:	false
SSDEEP:
MD5:	3D9EBA638B994F6FC3BEA4AB1A506BF1
SHA1:	98195EEF76FC884B5FA2D39125354AEDEFAA26C8
SHA-256:	FF628C141FAEE6915035541625F029D56A15F96C77D552064B5AB410E2F1ABE8
SHA-512:	A6BB3E610B0D558F4DEF48E405042CB2DD30CA61A43433F0D017A54837C9E871388882C7B65782C47706BEBA945747475B91EC161510718D77E999DA46034E1D
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369412531942624","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":121499},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	6495
Entropy (8bit):	5.249171094893655
Encrypted:	false
SSDEEP:
MD5:	10999ECD316C79D3AD5D5170280E2EF2
SHA1:	FBB18F3FA5145A7576032DC0F3186C6F616C9D5A
SHA-256:	4FD89FD388839CBD510BE0AE2DF021EC4153ED05471646BCAFC5E31001BB0D6B
SHA-512:	5BD696913FDA4A9451F1A7E88C373E23300DE84312FB8FB1E7D172B67A8DF7F9BB9645C037FB896CDD84580F6EB2AE8A1464C2CE819BA7D56DE28ED0BADF956C
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-....o................next-map-id.1.Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/.0F...r................next-map-id.2.Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/.1.p..r................next-map-id.3.Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/.2....o................next-map-id.4.Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.3..).^...............Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/...^...............Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.{VUa...............Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/....a...............Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/yATuo................next-map-id.5.Pnamespace-eb3aef6d_d129_430c_a353_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	323
Entropy (8bit):	5.158357223607275
Encrypted:	false
SSDEEP:
MD5:	465EF03CAABB1DB2A282FBA2A252A9E6
SHA1:	38A9A42D6C7E74C818F12AB849F0D4BE57714F85
SHA-256:	FC28DC603FAD7B1C3D03E7D0C5A7663CF19604023CD6A0F2BBB668535AE02A07
SHA-512:	6AEF6394679DC0AB98131FA9495F972194C7DE44D6D628572CE238A6802504EE2F0CB9C224B2A0A71AC7C18B43B4F8F19EEB4E458F3863EDCE7AED7924A76567
Malicious:	false
Reputation:	unknown
Preview:	2024/08/28-09:42:00.533 8f4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/08/28-09:42:00.535 8f4 Recovering log #3.2024/08/28-09:42:00.537 8f4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	54
Entropy (8bit):	4.434809492623761
Encrypted:	false
SSDEEP:
MD5:	4EEC23DCD60815EAF8280F4672745886
SHA1:	20C8C96F5B695670C83FB6641B8FB9AC6462831A
SHA-256:	A59904A39B75C4637C1C46D865788CD05B8DCD6C31B88E8942051C24F2AEFC51
SHA-512:	2EEA9F4CDD53FA7072E6364809D6962DA02C936930494EB08FB42C09E155A24F1EEC824A68118C14E45E8C54ABA75FC186C8DB3BC5B86B761788F020AC47728E
Malicious:	false
Reputation:	unknown
Preview:	.Ei./................22_11\|360x240\|60........9.p....yB

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.18897684320964
Encrypted:	false
SSDEEP:
MD5:	5D7815108E333AAB7E97F96A4676E7DC
SHA1:	A2DF2DE87BD198D71D6B0C29C5DA61FC9A297757
SHA-256:	1EF05A1A040AB11AB84141574AE074924FCE17C8D7F839E7C7E9FE58854A777D
SHA-512:	0D0C46252A69665951D52651DD7B8F1057560825271CD2E4C0D798AE09AE72C56DFB738E8FD2F8EC9931DA314612A32F68E0AA2B389E24CCAAAE90DB00C0AFC9
Malicious:	false
Reputation:	unknown
Preview:	2024/08/28-09:44:04.753 1774 Creating DB C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db since it was missing..2024/08/28-09:44:04.780 1774 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db/MANIFEST-000001.

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000001.dbtmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Reputation:	unknown
Preview:	MANIFEST-000001.

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	126
Entropy (8bit):	3.6123534208443075
Encrypted:	false
SSDEEP:
MD5:	A05963DD9E2C7C3F13C18A9245AD5934
SHA1:	15A87493591860C6C22499DF3A705ACB3CB466BD
SHA-256:	F40B7EF0FE0B676871403B8DD21CE42AF8E482DC8B81F09D93CB2C48CCD112B4
SHA-512:	E67833950A3DB8D4C27FC851C7DF9AEBB85699024F805E98A2951E9E9FC3B606F10EAD23CE0A3B97484A18A9A52520540FB29787178BFEB9FBD8D46D0AA492A2
Malicious:	false
Reputation:	unknown
Preview:	.h.6.................__global... .t...................__global... ..7..................22_......u...................22_.....

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\CURRENT (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Reputation:	unknown
Preview:	MANIFEST-000001.

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	303
Entropy (8bit):	5.132932991310727
Encrypted:	false
SSDEEP:
MD5:	CF8FE8DD646EC8BF7CE04F64D1CA2EBA
SHA1:	45128030C5B6A55205D963309AA78EBD710CA150
SHA-256:	631FBEC0BD93F04E2DB0A42E2F714F24B7FAF9C04128F6C563010C623DF21502
SHA-512:	49EE7DFB1216F41E9BECA3A16BAE61005286C6C64376B761B2762B69DE136D24618BDD275B543FA23AFC98B47D186427344DDC8E38C6F9977C039F0170EBA773
Malicious:	false
Reputation:	unknown
Preview:	2024/08/28-09:44:04.729 1774 Creating DB C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata since it was missing..2024/08/28-09:44:04.740 1774 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata/MANIFEST-000001.

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\MANIFEST-000001

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Reputation:	unknown
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240828134204Z-173.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	2.251681951951923
Encrypted:	false
SSDEEP:
MD5:	91C0BB4939623FC62B416ACC3B6A0577
SHA1:	5CEE1F77118B48432F525563F9D73D10D95395E5
SHA-256:	BBE25407A1713451C14616CFA475279C6F91DFF21170F76247E02AE3416B3B05
SHA-512:	F491BC75E8CAB0F17B623D1E80625915983FA59283D093EB97AD36557E3689EE84A14B6B553DFBBC2A5CA55C09A43518ABABFB58C75CD23E3DC330FF0BAC8893
Malicious:	false
Reputation:	unknown
Preview:	BM........6...(...u...h..... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................zzz.........................zzz.......................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.444962276179201
Encrypted:	false
SSDEEP:
MD5:	C31CDC2B0E5F8FB2EC3210C858262AC9
SHA1:	5B9C329F2D5D5D794EE93C39577D58A69EA5970A
SHA-256:	1576093453C65B9A871FAA65BCF9E4498286F16C242F0C85A07D629287F802A5
SHA-512:	4127AD7826017C9792F28E08C97281768FEACA8F43BF411507406B60F51C8F020881062579E9C2B3D7F4367E239F22DE3D08A40684B347E017965B26834637A2
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.769519777450736
Encrypted:	false
SSDEEP:
MD5:	48D0706ADE828610C098A3946961D8B6
SHA1:	67E9AB6314C2A77FAFC8654B298CEC9244D84FFA
SHA-256:	6A9B1E3839A87D5D5B7420F8CC8FB23D12DEA5843972AC3D4043A9095494CF98
SHA-512:	75AC2F2261FE47F76EE2321562F241CCCEE09FE562499BEEC7943F709D972ABEF5FF75DB40C7281272E1901776738BD646956CA0A36BAC07E8230207BD2F4795
Malicious:	false
Reputation:	unknown
Preview:	.... .c........}...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Reputation:	unknown
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	893
Entropy (8bit):	7.366016576663508
Encrypted:	false
SSDEEP:
MD5:	D4AE187B4574036C2D76B6DF8A8C1A30
SHA1:	B06F409FA14BAB33CBAF4A37811B8740B624D9E5
SHA-256:	A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
SHA-512:	1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
Malicious:	false
Reputation:	unknown
Preview:	0..y...H.........j0..f...1.0....H.........N0..J0..2.......D....'..09...@k0....H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0....H.............0..........P..W..be......,k0.[...}.@......3vI.?!I..N..>H.e...!.e..2....w..{........s.z..2..~..0....8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i.....)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0....H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..\|.Wv..(9..e...w.j..w.......)...55.1.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.1196963549884558
Encrypted:	false
SSDEEP:
MD5:	7C46DA4EC96CD017D47A4C39E454B88A
SHA1:	67B8D2C57C730468236F866EF68D510A19A06E94
SHA-256:	9C0ADBDA7CFEB7FB7E40354E04E5880E7CC1F86161E94407D96871355FD8AC1E
SHA-512:	C5C7F288002CC066B3E601938046B5CB7C0D6DCCDB892F57EE6CCF8DADEF775608A6A07371F247728A630C59FB8BCDA99F37AD4A55039B4DC5E36F24AC670CFA
Malicious:	false
Reputation:	unknown
Preview:	p...... .........ir(P...(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	252
Entropy (8bit):	3.034404395079139
Encrypted:	false
SSDEEP:
MD5:	777D63DCB36696183FC8A785C12FCEE3
SHA1:	7A0C28D0D4330F027EC5BD8ED35B21A7B859F0BB
SHA-256:	42F2AC854ABCF5B8055DA9AD563845D002C6B810AFACF3E0CB26495DA00C8AF0
SHA-512:	3E37B839491BE29D5D281147D8F756E48FB3575887A82DDBEA172479EE2A1BC96BEDB124E0D652CF79ED0D6CCBF45EAD4C3046B3D625AA4D8DE0241F84F2BD3C
Malicious:	false
Reputation:	unknown
Preview:	p...... ....`.......P...(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.3673462906371405
Encrypted:	false
SSDEEP:
MD5:	EDB9487088F959E7AD42C442D33876CE
SHA1:	9DD096591CE4BE8DC61ABFE406EE910D16C57AF3
SHA-256:	0B932C60E502AB54F8E1929B9F330E5734B40262C11F8C9182CBB518252028BB
SHA-512:	AC88DDB5779A974C94CDF51CB65C4F717E64DA3323A1634427BA98E230C13A83AF3E9B45BE9849B42B1636ED67D1000E3B02EC932A949DFD52ECF6EF843A6AAF
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"0dccbaeb-9a32-487b-b947-7f617e549720","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725026736839,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.314735646290133
Encrypted:	false
SSDEEP:
MD5:	C91872FC007BD759D51EF143D21E7A00
SHA1:	9F927CBE8A59A26C24C434A981F52F23FE67E25C
SHA-256:	906E9ED6AFE5F41BCAD409301F3E6B7A6B540D5CAF177C3C5BC28C1CF66FB135
SHA-512:	7111EBDCE3759B6BA4B84A4E0F31330FD7846C174FC6FBF247F650A5AB873E906ABDDFB9C00B51FB6B1C221E67F19B014DF88416D5E51024070FE4885174170A
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"0dccbaeb-9a32-487b-b947-7f617e549720","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725026736839,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.2932839628161386
Encrypted:	false
SSDEEP:
MD5:	E14F4D00950B02AF31A9C960AB71DF85
SHA1:	C8EC7EECEC4D3DE3922A18187BFF470656BE03FB
SHA-256:	AA83B58AF139E26CAC47BD0D0C3CF517D1C8321410DC79C7C60A76E3CEFC95C0
SHA-512:	CE3A5315A3EA9FA746F0CE2BCEF9485DD73976C90A23E60F5867FDB10F92F23D9A2C68E4D176E630913818C3FB336E4A4D85AE8F63B1BC1530A04B8750DA9096
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"0dccbaeb-9a32-487b-b947-7f617e549720","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725026736839,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.353582525429415
Encrypted:	false
SSDEEP:
MD5:	00368A0070638BCACB57BB9FDC88A538
SHA1:	75FF2E6537D824FCE56B76F280FDFFF8903E983C
SHA-256:	9A2A5CF81EE9351E0392C10CFC1E3A2BC3E3F4A731B05D647C4B66F2675E63D6
SHA-512:	3B6540A52290FF01F9A9CB9D56BF5AEE233A201E27F749648D4A948BB9960DD70BB56A654C5C9EE6F060BF95C2D911C612AA7E8EE7C0EF37FA552D0D7801CA7F
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"0dccbaeb-9a32-487b-b947-7f617e549720","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725026736839,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	5.670541728403347
Encrypted:	false
SSDEEP:
MD5:	EAC81FEFF562D800F8C6E7F143F6AC29
SHA1:	6C6E8D28A10C92A310FB4CBC0971B7BC644C9A99
SHA-256:	1441C3F709C1EEAEA949205FBB5CDEB645F4D7483304ECAB571D556781DB3546
SHA-512:	55E165483DD76E4D4F16A23A7241C470099FDE3A625795D55CAB1B732A8DB6D5825E747065F6CA60F138AAA34540A74E1AFFD5B5D73BD31C4384AFF97922C37E
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"0dccbaeb-9a32-487b-b947-7f617e549720","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725026736839,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.660956058034994
Encrypted:	false
SSDEEP:
MD5:	C9EEBD159A3734105728279BAE9E5C95
SHA1:	C7E234691482565705F535E21F8F31129C61BD13
SHA-256:	7E4A0FA6997641801F9E0E67F82228F0FA611584FCE042441505AA0FDC3BB468
SHA-512:	81D8DD8B6B7B2F89CF947979E144E405FE1C0E23372B41BB3A2C2EDC0AF297A532614788BAD25F35497EBBF0BFF72C99135F1E0A586BD8DDE9511847E4A11262
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"0dccbaeb-9a32-487b-b947-7f617e549720","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725026736839,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.304991955069017
Encrypted:	false
SSDEEP:
MD5:	FE8DA637B09A39EA8045ED726BBCA7F0
SHA1:	541D365ACB2E8FFC1100EDF319560232FCEB97C6
SHA-256:	AEDBA0A562AB880B6B6B30AD88DF46712D3C150AAA3B623C3DBD096740AF219B
SHA-512:	E146D671E00756D50C719D008FE29F462C0496A25AA0AD0B5836E3FE1D3FA16558577C75F5D2B571A665C2F2C1ABF13ECA618241FA2233A19ED85FEACB0243D1
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"0dccbaeb-9a32-487b-b947-7f617e549720","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725026736839,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1038
Entropy (8bit):	5.6539987802970435
Encrypted:	false
SSDEEP:
MD5:	A624C084013FEF0DB9DFAD36E09A12C0
SHA1:	CA8B4D9CBE9F5FE8E68CCD80DC18320F51AFE102
SHA-256:	AEE78591FA5664D4DAFFB0B40AD8293E4DBAE4604858DF98AF0C9E64EE3D9C2C
SHA-512:	56D95249159E7209F6F78C40DAA118C9DA332A73FFEE8D86C2DE9431F7CF0B59F488BBA6D5FF15326F6B735ADB138B7387F8FA55E4974653711A683D3DCBDA68
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"0dccbaeb-9a32-487b-b947-7f617e549720","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725026736839,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.700942809135441
Encrypted:	false
SSDEEP:
MD5:	492DBA054BB961510BB0D259522B09F2
SHA1:	D028EE74554E10D6B18EB7D4BF0F0C81CF34ABA5
SHA-256:	72A413F8990BF78EF214E5C88E12DC5C8D5D96FB62868ADB20CCB4D01E6E0AAB
SHA-512:	0AF7BA2F4E0061C479288D2556AF9889720FCEF1758EDA9795F068D5D2F1C042ECBF82D56B6A5784F0063000C906C1F678106A81E3997963ACC793BDEF7C87C1
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"0dccbaeb-9a32-487b-b947-7f617e549720","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725026736839,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.310976589930979
Encrypted:	false
SSDEEP:
MD5:	DEB2E7EC4A1FEC1414FF25CA3404558E
SHA1:	6EF4F99F5EE168D8F5580C90ED18771BF00348A6
SHA-256:	439885E536ED966A581968D1F59FE7F99F6C2998E16C93042F0090647AECBD9E
SHA-512:	4CA288A365D6BD71D84B56C4DD8550FB8E620A889E4B072AEF44FAAEA9A5A5350CB332A91131A7B3ADD2B9A12A970E646023FD7EC9E58954A312C533D66A0535
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"0dccbaeb-9a32-487b-b947-7f617e549720","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725026736839,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.776629471148682
Encrypted:	false
SSDEEP:
MD5:	6DC0DB3D9DE0BD86EA5EFB5BDEC92732
SHA1:	2E8ECBF590EE5748C370D44B198EE446D6DA5551
SHA-256:	03F192B38F470B99575D803B3052E31B69DE56B5C1645D36A40E8D6D812C1357
SHA-512:	DBEAE5C52B1F720BA2307E65A451DA4215E7589A168C09FDE097634C9B0001AC9D4DC3C6C5572CF2F8467D0A44B1FDE7772CA91AA97AD39F27623B875145B852
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"0dccbaeb-9a32-487b-b947-7f617e549720","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725026736839,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.294448247124217
Encrypted:	false
SSDEEP:
MD5:	A32A6646475F9578A32E8DBB6C36A58E
SHA1:	F6459ADF28A1E03DF1876E3AFC2EE55F06132D77
SHA-256:	C7A16E856219727FF9A1C57103D000E806A7BAB58BC55680AD9B76FF3597B6E6
SHA-512:	770AE3141F919220EECD7428848892D0EBBAF8813FDDA3FB3FBF69AAA8C5C845071770CC38A4D1E9DAEA312190861D8821EA40F24567217848888422D93FE293
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"0dccbaeb-9a32-487b-b947-7f617e549720","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725026736839,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.296273398804093
Encrypted:	false
SSDEEP:
MD5:	B6B3763DD081A5084D8E0CF45DAED9AC
SHA1:	F84A61CE3A70FA4F945AE0E484EB7441C36E1AF9
SHA-256:	8359025F82DCABEA8A378FA2B1B7528EA16A94D2BAC2F76E2F6F4E9A596D5DC0
SHA-512:	4EF834174BE9033FBDC813473C5B991C16ACFB4BF178ED5E1B971CD600C252B3DFE4877E8A8C76867D0977FE74326AB62603C1F2DBFE1A5DA9EB2DE4AA88D70D
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"0dccbaeb-9a32-487b-b947-7f617e549720","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725026736839,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1058
Entropy (8bit):	5.659371265664117
Encrypted:	false
SSDEEP:
MD5:	6BAB69A28CEE049F225ADA9FBE88DD5A
SHA1:	C5C24D7EAE991C612ABA3AC49FD4216A4335C758
SHA-256:	7ADED39C3FF4921F7327B78B76FD59CD931916AEEBCC0BF72EEA50C1B966D5F3
SHA-512:	B689187910FCB973864DE732408370248B6127A1AAE085CCD258DF72461E1302F13E64E00256CC90438C70E74A94E8E4D6B8D8297C6158EC42E71A898DB991B0
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"0dccbaeb-9a32-487b-b947-7f617e549720","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725026736839,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.272958692001218
Encrypted:	false
SSDEEP:
MD5:	B9E49FFFD375CE6E13A0D0CB33B3AC6D
SHA1:	2C4232D8BEC76FBB8F5152E8572DC7175EB2721F
SHA-256:	A2B0B23497DE1FD09766FB8D788364849EF07F03370BE32E94461F932D37F5EB
SHA-512:	BA0E60D4CD05F908FD33523C026B35B701B4828382F088B9A89EAA167C3E020CB10D861B486A76A6ECB741E97C569595EF578E5A7CEAB7964EB6BF89251A898A
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"0dccbaeb-9a32-487b-b947-7f617e549720","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725026736839,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.37136918970748
Encrypted:	false
SSDEEP:
MD5:	58B61F1909521E1A7AD37BE5AED5C989
SHA1:	D4585AF339C892172C6F4F9066538F11C3A26541
SHA-256:	4EA98BC755BC5968D86C697EC9ADB84388BAFA72125F9AA4C279334B5FE5F18B
SHA-512:	6BFB86AE934C9CD77A2F593646C8E2D26AA4BCB3DFE2D2E739F89953E3651D4359583258C5054DD8B93ECA48EDC5756D472D04C52B0FF766336CF79E03797A9A
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"0dccbaeb-9a32-487b-b947-7f617e549720","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725026736839,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1724852526869}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.125736249274585
Encrypted:	false
SSDEEP:
MD5:	C6B1A210FE8DC1C62EC0A8912AD1BE09
SHA1:	0804545004AD9AF6940291500E76D08AF45CED85
SHA-256:	14B0DD0EEAA022B58DE7BF35154370FD732401F61CC179A33F3FE27DA25EE7CF
SHA-512:	977EDA35051F44A11D7F765A0E46F03C1715971CC42044525FF33F82F57DB80661591C50224111BBB8B44ACA0817E25E6DB53D2D0A73A672C0A509651D29DDDD
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"71a7df1ca7e151aed75c1489fbd3fe99","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1724852525000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"282fe03715af38ee95cec50cab765dce","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1724852525000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"545ded065c90d5274cc0bb14721991ec","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1724852525000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"fe310652a5ddedbc2e7a94d27ad785bd","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1724852525000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"74cb403344c5bc85a9eebb77c092c552","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1724852525000},{"id":"Edit_InApp_Aug2020","info":{"dg":"e0b6efd39234717ab20514a995a06b95","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 23
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.355858454200379
Encrypted:	false
SSDEEP:
MD5:	44A06650CEBB1509326A2EB5563A7ACF
SHA1:	0EF64C38546DC5307E40CEF7AC5B2166819565D1
SHA-256:	1510201A058E983CC1510AAD8579657AE515EF4FDE79AACEA7ACA5D133700E0F
SHA-512:	0CDA3C6DE4DCAAA4A08DC07DFC05A42D0F2551E5CBED5B6F1B95372C3B5C4F0C46DA741729202D73BE2B4E081138B9C38D77633174986783AB1BFD5493FECF0A
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.8258614602150298
Encrypted:	false
SSDEEP:
MD5:	8B86804DE9FE1E690D2E7D836CEA3CBE
SHA1:	4FCA9A555619D78970096D1DAB3E02A6CFC7522E
SHA-256:	566CDFB6D5FBCE6250042E6E26CCFF35AD438DAD98F6A54E2266DA408297DA50
SHA-512:	92DBB34FB314E8D7CDC9EF30AE068B2A8EB7C041F70D501ECC7309BE1D9CCF6F6011D0536393D5E50CCAAEB4D08070EDF79756B85E689642586AA27ADBDEEEB3
Malicious:	false
Reputation:	unknown
Preview:	.... .c.....cp........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././.-.-.-.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIcfcec.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5193370621730837
Encrypted:	false
SSDEEP:
MD5:	C0C402A3ADB9BFAC78D80F1B87A3ABA0
SHA1:	DDEA158E1A06D263EB79B4AAA38752C61B7B4004
SHA-256:	672F6D80E25851448E80398BA4A64C047D2FEE08D4236C28C41ECBC6A1356DAB
SHA-512:	D1CE7C458ACD09BA65C28887A77378F6560BE2D2988608F8E32B6B0923898FAD67822991B85EFBB24D324924E9894989E6DC3F32C1262F50D23288D5C22AEBFF
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.8./.0.8./.2.0.2.4. . .0.9.:.4.2.:.0.7. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-28 09-42-01-940.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.359827924713262
Encrypted:	false
SSDEEP:
MD5:	06DEAEDB81D09FD8FB5FF668D8E09CB2
SHA1:	28A02BCBD5975117B97A08AFB049F2C94F334726
SHA-256:	D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64
SHA-512:	948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936
Malicious:	false
Reputation:	unknown
Preview:	SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:755+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.353437079075563
Encrypted:	false
SSDEEP:
MD5:	8F87EE910DE290E12213F212AC3B3A56
SHA1:	ED1FF2D441150A9975152C1CA93482E9906F0CD1
SHA-256:	56E59D6B3273C5899BCFFA57DAC1BD4E3ADA359E91D324E214D74ED2A6EBC9C4
SHA-512:	9117A0D66A9139EC22AA0FBE61278126D85B36B3F1C5A5A3ABB2AA11E7FC59D949424CA4C61ABEB430257254576356CBB501F3DB9EEB234F1B6D6757FE20BEEC
Malicious:	false
Reputation:	unknown
Preview:	SessionID=f0556685-5187-4cd9-902b-79706e3ad59b.1724852521957 Timestamp=2024-08-28T09:42:01:957-0400 ThreadID=6640 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=f0556685-5187-4cd9-902b-79706e3ad59b.1724852521957 Timestamp=2024-08-28T09:42:01:959-0400 ThreadID=6640 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=f0556685-5187-4cd9-902b-79706e3ad59b.1724852521957 Timestamp=2024-08-28T09:42:01:959-0400 ThreadID=6640 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=f0556685-5187-4cd9-902b-79706e3ad59b.1724852521957 Timestamp=2024-08-28T09:42:01:959-0400 ThreadID=6640 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=f0556685-5187-4cd9-902b-79706e3ad59b.1724852521957 Timestamp=2024-08-28T09:42:01:959-0400 ThreadID=6640 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	35721
Entropy (8bit):	5.421563216202355
Encrypted:	false
SSDEEP:
MD5:	46AA6A46E3B8EC94AD88E10A9EFE009F
SHA1:	0B6E04FB79C29B2421B08CBC4403EDDA35AF5F66
SHA-256:	698A2467B2E5A23673217BAA858A92B398624ADD2DDAD80373453D94C8E7E2E4
SHA-512:	56D0BD6CC533E145D9FEFF6F6B4E1C4D9ABF868DD30D571F422D148CC257425B75F0A62D3C7C8216FCB7DB18372537C40AAE9D17DE6AFE9D1748E8757A224D60
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 11:44:59:.---2---..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 11:44:59:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\22adcbc2-023b-4079-9da4-c9993b3f8977.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:
MD5:	8B9FA2EC5118087D19CFDB20DA7C4C26
SHA1:	E32D6A1829B18717EF1455B73E88D36E0410EF93
SHA-256:	4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
SHA-512:	662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\4cdc42c3-3e60-4f53-b427-6e8076f68471.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:
MD5:	E787F9888A1628BE8234F19E8EE26D68
SHA1:	44D5180C06ADBBDAADDBCE350CE4DEC997CD83E5
SHA-256:	3A09F3799148DA49F039A35AEDD22F368FB35B8D6022C4691C10606F704DAF80
SHA-512:	EE9B602898706CC0F33AA570E29A79A58ED748E1B738D74DF0C8C8DF193E23421B47AC8C862623ED774289D94FA90662A4CC436B80479D6420433D81752E9CA9
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\d9885f4e-31e3-4255-b0e2-dce726fc5e13.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Reputation:	unknown
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\f03c7652-34b0-4bea-81fb-f974b90b7772.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\f592cd1a-4d31-47ae-93b8-717fd2cd9f0b.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	543911
Entropy (8bit):	7.977303608379539
Encrypted:	false
SSDEEP:
MD5:	956BEC2EB32005025184F904D9622D32
SHA1:	C6A9A8B3F7A7AB8122FB00457C0F83D4A77F21AF
SHA-256:	DEFD4ADB96BA87467278B6B06980FDAB1EE460D971B62ED05A89FF32983784EF
SHA-512:	3A32B169312E5886D8C3029BF15AD291C41AF9FB03AE7D9B1A3CAB74E95C7AAAF3E384F2432BDB8F815075B11F30D4FF083271802B41616C9060E268EB3B5D3D
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

Static File Info

General

File type:	PDF document, version 1.7, 3 pages
Entropy (8bit):	7.8805512303209575
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Faisal Ahmad.pdf
File size:	157'813 bytes
MD5:	5542eb9a328dabc039eb82c911ec2952
SHA1:	4b9cf91bec4cf36c54af40b0ec5c8ae71016571e
SHA256:	fe7dbe67590f1bd9e360ec098514983d8c8f9ac04482b7951181c058128d32e2
SHA512:	a7b8d6d804fd03ff1c38f5c44ccb5ab5605a7662f6bd7e8bd6ff71de9ece67a5eceee2ae54c33517513dc677d29dedf2a461b41a048e4232cfa45966adc0c588
SSDEEP:	1536:H0l4Y6lu1ZGhYKf4sEibEm8GgI2kF5Gemdr4StioqrXR88F5m2QMfE2ho9F+8/ts:HvunCrfe6h8pBeg8rE2W+81cwM8VACQ
TLSH:	3AF3DF24899EBCCEE39657C60B1F3C0AB46DB232A1D4419536ADC74347A0F6FA22715F
File Content Preview:	%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 54 0 R/Outlines 44 0 R/MarkInfo<</Marked true>>/Metadata 321 0 R/ViewerPreferences 322 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 3/Kids[ 3 0 R 39 0 R 41 0 R] >>..endobj..3 0

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.880551
Total Bytes:	157813
Stream Entropy:	7.977779
Stream Bytes:	139085
Entropy outside Streams:	5.001776
Bytes outside Streams:	18728
Number of EOF found:	2
Bytes after EOF:

Keywords Statistics

Name	Count
obj	85
endobj	85
stream	16
endstream	16
xref	2
trailer	2
startxref	2
/Page	3
/Encrypt	0
/ObjStm	1
/URI	2
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Faisal Ahmad.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b36f83a8-564f-47be-87af-6d9764bf788f.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000001.dbtmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\CURRENT (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\MANIFEST-000001

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240828134204Z-173.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSIcfcec.LOG

Windows Analysis Report
Faisal Ahmad.pdf