Edit tour

Windows Analysis Report
LEONARDMARIE.pdf

Overview

General Information

Sample name:	LEONARDMARIE.pdf
Analysis ID:	1502492
MD5:	1657fb0234ffff097b028ab01b843e75
SHA1:	f260ac67282568752c12ff3e3f05c21f95804a80
SHA256:	d859b6f24abaa69be6bac60cf956c849bb8a1a8ee82ddaebbc8c022cabbb74c1
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

IP address seen in connection with other malware

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Uses a known web browser user agent for HTTP communication

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 4144 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\LEONARDMARIE.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 2616 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7268 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1728,i,13754806069514452620,14320685787743459304,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic

DNS query: name: 15.164.165.52.in-addr.arpa

Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 23.41.168.139:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 23.41.168.139:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 23.41.168.139:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 23.41.168.139:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 23.41.168.139:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 23.41.168.139:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 23.41.168.139:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 23.41.168.139:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 23.41.168.139:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 23.41.168.139:443

Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49716
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49716
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49716
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49716
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49716
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49716
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49716
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49716
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49716
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49716
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49716
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49716
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49716
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.5:49716 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.5:49716
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 23.41.168.139:443
Source: global traffic	TCP traffic: 23.41.168.139:443 -> 192.168.2.5:49717
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 23.41.168.139:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 23.41.168.139:443
Source: global traffic	TCP traffic: 23.41.168.139:443 -> 192.168.2.5:49717
Source: global traffic	TCP traffic: 23.41.168.139:443 -> 192.168.2.5:49717
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 23.41.168.139:443
Source: global traffic	TCP traffic: 23.41.168.139:443 -> 192.168.2.5:49717
Source: global traffic	TCP traffic: 23.41.168.139:443 -> 192.168.2.5:49717
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 23.41.168.139:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 23.41.168.139:443
Source: global traffic	TCP traffic: 23.41.168.139:443 -> 192.168.2.5:49717
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 23.41.168.139:443
Source: global traffic	TCP traffic: 23.41.168.139:443 -> 192.168.2.5:49717
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 23.41.168.139:443
Source: global traffic	TCP traffic: 23.41.168.139:443 -> 192.168.2.5:49717
Source: global traffic	TCP traffic: 23.41.168.139:443 -> 192.168.2.5:49717
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 23.41.168.139:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 23.41.168.139:443
Source: global traffic	TCP traffic: 23.41.168.139:443 -> 192.168.2.5:49717

Source: Joe Sandbox View	IP Address: 23.22.254.206 23.22.254.206
Source: Joe Sandbox View	IP Address: 23.41.168.139 23.41.168.139

Source: global traffic	HTTP traffic detected: OPTIONS /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-aliveAccept: /Access-Control-Request-Method: GETAccess-Control-Request-Headers: x-adobe-uuid,x-adobe-uuid-type,x-api-keyOrigin: https://rna-resource.acrobat.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Mode: corsSec-Fetch-Site: cross-siteSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01x-adobe-uuid: 89d789c4-e7e5-4f75-95a4-57139ab6811fx-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT

Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01x-adobe-uuid: 89d789c4-e7e5-4f75-95a4-57139ab6811fx-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT

Source: global traffic

DNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa

Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.2.dr	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab

Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714

Source: classification engine

Classification label: clean2.winPDF@14/45@1/2

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-01 16-35-52-428.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\LEONARDMARIE.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1728,i,13754806069514452620,14320685787743459304,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1728,i,13754806069514452620,14320685787743459304,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: LEONARDMARIE.pdf	Initial sample: PDF keyword /JS count = 0
Source: LEONARDMARIE.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A91bo8kjb_1805joa_1io.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A91bo8kjb_1805joa_1io.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: LEONARDMARIE.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	3 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	13 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
windowsupdatebg.s.llnwi.net	46.228.146.128	true	false		unknown
15.164.165.52.in-addr.arpa	unknown	unknown	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.22.254.206	unknown	United States		14618	AMAZON-AESUS	false
23.41.168.139	unknown	United States		6461	ZAYO-6461US	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1502492
Start date and time:	2024-09-01 22:34:59 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	LEONARDMARIE.pdf
Detection:	CLEAN
Classification:	clean2.winPDF@14/45@1/2
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 172.64.41.3, 162.159.61.3, 2.16.202.123, 95.101.54.195, 46.228.146.128, 2.19.126.149, 2.19.126.143
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, identrust.edgesuite.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, a1952.dscq.akamai.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, apps.identrust.com, wu-b-net.trafficmanager.net
VT rate limit hit for: LEONARDMARIE.pdf

Simulations

Behavior and APIs

Time	Type	Description
16:35:57	API Interceptor	3x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

Input	Output
URL: PDF document Model: jbxai	{ "brand":["unknown"], "contains_trigger_text":false, "prominent_button_name":"unknown", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Input

Output

URL: PDF document Model: jbxai

{
"brand":["unknown"],
"contains_trigger_text":false,
"prominent_button_name":"unknown",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
23.22.254.206	Money Fellows Signatures Consent Docs#122531(Revised).pdf	Get hash	malicious	Unknown	Browse
	https://indd.adobe.com/view/9cfcac35-338b-4a63-bb28-60a870b890db	Get hash	malicious	HTMLPhisher	Browse
	virus total.pdf	Get hash	malicious	HTMLPhisher	Browse
	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	Unknown	Browse
	tourmalinellc.com-_DocuSign-.pdf	Get hash	malicious	Unknown	Browse
	https://dl.dropboxusercontent.com/scl/fi/4owe58ovn1ed21kp09mar/Rechnung-201528807699-vom-30.07.2024.zip?rlkey=jd0edpow40fhsvvb7o73yg1xi&st=x3gp2xzd&dl=0	Get hash	malicious	Unknown	Browse
	https://indd.adobe.com/view/2bab4c20-5db8-4df4-abb1-5e8820aa4ec8	Get hash	malicious	Unknown	Browse
	Fatura.pdf	Get hash	malicious	Unknown	Browse
	https://new.express.adobe.com/webpage/czD5r1jfeik32	Get hash	malicious	Unknown	Browse
	New Pay App#78846 From Cube Care.eml	Get hash	malicious	Unknown	Browse
23.41.168.139	detail.pdf	Get hash	malicious	Unknown	Browse
	nhom89337074245633707424563.pdf	Get hash	malicious	Unknown	Browse
	Message-ID 08282024 110831 PM.pdf	Get hash	malicious	HTMLPhisher	Browse
	OJO!!! No lo he abiertoFwd_ Message From 646___xbx2.eml	Get hash	malicious	Unknown	Browse
	0.exe	Get hash	malicious	Sliver	Browse
	2024AdoptionConference-WhovaDirections-Desktop.pdf	Get hash	malicious	Unknown	Browse
	Payment Notification Invoice 1011fdp.pdf	Get hash	malicious	Unknown	Browse
	Attachment_564086524-004.pdf	Get hash	malicious	Unknown	Browse
	PENDING ORDER.pdf	Get hash	malicious	HTMLPhisher	Browse
	test1.xls	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
windowsupdatebg.s.llnwi.net	https://66d2795a9886f088ed2f8c66--loquacious-pixie-9e563f.netlify.app/	Get hash	malicious	Unknown	Browse	87.248.204.0
	https://seoservicesiox.firebaseapp.com/&err=b0qmbz0rr7j7jwfxwuge?err=am30dbsswi0	Get hash	malicious	HTMLPhisher	Browse	46.228.146.0
	https://xjp.steamproxy.vip/id/sircapthe4th	Get hash	malicious	Unknown	Browse	178.79.238.128
	https://trk.klclick3.com/ls/click?upn=%75001%2ec09Q0Iaa5JBKaMwLC9cMjFMyHYn-2B6EZxbTX-2FaxXPaGrg5dbeFH4fD3EuQFBIIXLREGZ-2FcOKC34mnxZPxIQx7XghFIqGaXY6alnacloe8xRo-3DgClE_PsKyq3SDuMFd2Bvwnm7-2BcmPfS0aZrbIGf331gXNHUSe-2BhQgqUpFiX3w7h5jUnRd6n-2FE8HERNVnz6BOvKs-2F6ulrBAPhqq4y7BxG-2Bd6kG7tLUxcOuHiFWpTHeDGZUnvDZvP6FM52V2kHQ6WJAZs6KQLxfqZHXfS07MTZdpG9vj-2FyhrEPsl2OqZg5lzEsrvURNsKVvDj6AmF6Sc1Z4lZAW7CGdtCrIGzdnodzXHJg2ktm7ptAUSv125vaGKXpRXhbzmAu5lE-2BvgScXpoVnTswlbot2XqG-2FJI21NuECHLJYOtT13mulLg3LyC43ioSpIwstqzATUDNosl6pb3KNNf3I-2F07dDO2NkZcrZt-2B2G5uraxeQ-3D#/?/c3plbGxAam9uZXNqdW5jdGlvbi5jb20=	Get hash	malicious	Unknown	Browse	87.248.204.0
	https://168.119.60.168	Get hash	malicious	Unknown	Browse	87.248.205.0
	https://www.bettercaremarket.com.au/pill-bottle-opener-with-magnifier-aidapt.html?comet_source=google&comet_network=x&comet_campaign=20867905123&comet_ad_group=&comet_ad_id=&comet_keyword=&comet_type=smart&gad_source=1&gclid=EAIaIQobChMIqcj6sY-ZhwMV5tgWBR0YswpVEAQYASABEgJi9fD_BwE	Get hash	malicious	Unknown	Browse	46.228.146.0
	https://whatslnc-com.cc/	Get hash	malicious	Unknown	Browse	87.248.205.0
	maliciouspdf.pdf	Get hash	malicious	Unknown	Browse	87.248.204.0
	http://general72.s3-website.us-east-2.amazonaws.com	Get hash	malicious	Unknown	Browse	87.248.204.0
	https://set.page/cdtautomotive/	Get hash	malicious	Unknown	Browse	87.248.205.0

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-AESUS	firmware.armv5l.elf	Get hash	malicious	Unknown	Browse	54.146.255.20
	firmware.i586.elf	Get hash	malicious	Unknown	Browse	54.133.219.175
	firmware.arm-linux-gnueabihf.elf	Get hash	malicious	Unknown	Browse	100.25.20.93
	http://juno-100505.weeblysite.com/	Get hash	malicious	Unknown	Browse	3.233.158.30
	http://telstra-105864.weeblysite.com/	Get hash	malicious	HTMLPhisher	Browse	54.235.101.7
	https://phy.lew.mybluehost.me/wp-content/plugins/L/LM/TU17HLK/	Get hash	malicious	Unknown	Browse	34.233.140.183
	https://multicoinsystemnode.firebaseapp.com/	Get hash	malicious	Unknown	Browse	3.213.73.61
	http://att-108937.weeblysite.com/	Get hash	malicious	Unknown	Browse	3.228.185.195
	http://telstra-100127.weeblysite.com/	Get hash	malicious	Unknown	Browse	54.235.101.7
	http://telstra-104325.weeblysite.com/	Get hash	malicious	HTMLPhisher	Browse	50.19.89.137
ZAYO-6461US	detail.pdf	Get hash	malicious	Unknown	Browse	23.41.168.139
	nhom89337074245633707424563.pdf	Get hash	malicious	Unknown	Browse	23.41.168.139
	Message-ID 08282024 110831 PM.pdf	Get hash	malicious	HTMLPhisher	Browse	23.41.168.139
	OJO!!! No lo he abiertoFwd_ Message From 646___xbx2.eml	Get hash	malicious	Unknown	Browse	23.41.168.139
	0.exe	Get hash	malicious	Sliver	Browse	23.41.168.139
	2024AdoptionConference-WhovaDirections-Desktop.pdf	Get hash	malicious	Unknown	Browse	23.41.168.139
	Secured Doc-[TcO-12691].pdf	Get hash	malicious	Unknown	Browse	23.41.169.158
	xWTju4vS5W	Get hash	malicious	Mirai	Browse	207.235.234.125
	Payment Notification Invoice 1011fdp.pdf	Get hash	malicious	Unknown	Browse	23.41.168.139
	Attachment_564086524-004.pdf	Get hash	malicious	Unknown	Browse	23.41.168.139

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.210888040349239
Encrypted:	false
SSDEEP:	6:PVT++0wq2P92nKuAl9OmbnIFUt82VT+5Zmw+2VT+TkwO92nKuAl9OmbjLJ:P5ZRv4HAahFUt825M/+25s5LHAaSJ
MD5:	4597EF39908B5343388A5BB63AF4A4B6
SHA1:	53D01E005A3AA650DBEA7F6165BD0A809DEB60F9
SHA-256:	635BF6E2C190DCA1168452AFAEE8057A78B31429F86FA0EA33541DD8AE23F3A7
SHA-512:	BCB6E6938BD88442DACEEC480D52036936217FE90F76A566D68C7F076F9396B4080877A0556C004F2E8C67F6A70B06BC94858D189072DC7F95063F54A24127BE
Malicious:	false
Reputation:	low
Preview:	2024/09/01-16:35:50.219 6b4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/09/01-16:35:50.222 6b4 Recovering log #3.2024/09/01-16:35:50.222 6b4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.210888040349239
Encrypted:	false
SSDEEP:	6:PVT++0wq2P92nKuAl9OmbnIFUt82VT+5Zmw+2VT+TkwO92nKuAl9OmbjLJ:P5ZRv4HAahFUt825M/+25s5LHAaSJ
MD5:	4597EF39908B5343388A5BB63AF4A4B6
SHA1:	53D01E005A3AA650DBEA7F6165BD0A809DEB60F9
SHA-256:	635BF6E2C190DCA1168452AFAEE8057A78B31429F86FA0EA33541DD8AE23F3A7
SHA-512:	BCB6E6938BD88442DACEEC480D52036936217FE90F76A566D68C7F076F9396B4080877A0556C004F2E8C67F6A70B06BC94858D189072DC7F95063F54A24127BE
Malicious:	false
Reputation:	low
Preview:	2024/09/01-16:35:50.219 6b4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/09/01-16:35:50.222 6b4 Recovering log #3.2024/09/01-16:35:50.222 6b4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.218382874795987
Encrypted:	false
SSDEEP:	6:PVT+zE+q2P92nKuAl9Ombzo2jMGIFUt82VT+y5Zmw+2VT+unNVkwO92nKuAl9OmT:P5yv4HAa8uFUt825R/+25Nz5LHAa8RJ
MD5:	16F76F7E92609403916B74307DB24C9F
SHA1:	C87DD42A97E15BA382FB1C230E2D6B474EAEEE59
SHA-256:	1A26A92D084295D432F2030ACCA8A8646217A33EA099A83AEA3FAD2B5DC9999B
SHA-512:	BA423F6727C9AD48F68DCB7D231437672F754B3D96C4C58718A62990890AFB99CE67C7E625E9F48CBAD2CF5B056A77FB56FC72720DCBCEF5850B180FBB1D53F9
Malicious:	false
Reputation:	low
Preview:	2024/09/01-16:35:50.445 1cb8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/09/01-16:35:50.447 1cb8 Recovering log #3.2024/09/01-16:35:50.449 1cb8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.218382874795987
Encrypted:	false
SSDEEP:	6:PVT+zE+q2P92nKuAl9Ombzo2jMGIFUt82VT+y5Zmw+2VT+unNVkwO92nKuAl9OmT:P5yv4HAa8uFUt825R/+25Nz5LHAa8RJ
MD5:	16F76F7E92609403916B74307DB24C9F
SHA1:	C87DD42A97E15BA382FB1C230E2D6B474EAEEE59
SHA-256:	1A26A92D084295D432F2030ACCA8A8646217A33EA099A83AEA3FAD2B5DC9999B
SHA-512:	BA423F6727C9AD48F68DCB7D231437672F754B3D96C4C58718A62990890AFB99CE67C7E625E9F48CBAD2CF5B056A77FB56FC72720DCBCEF5850B180FBB1D53F9
Malicious:	false
Reputation:	low
Preview:	2024/09/01-16:35:50.445 1cb8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/09/01-16:35:50.447 1cb8 Recovering log #3.2024/09/01-16:35:50.449 1cb8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\1eb0c00d-649b-4536-b739-fb3d19b7c375.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	508
Entropy (8bit):	5.056134404417856
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqvIsBdOg2Hrfcaq3QYiubxnP7E4T3OF+:Y2sRds4ddMHy3QYhbxP7nbI+
MD5:	6107D823E1ACDA7C00DCAEE013C3C384
SHA1:	41EB99D4D6D7F0AA5D26C5028CFEFC36D51FFFE1
SHA-256:	0F2C04DDD565CB50B46110A0B5C5E56CC2C895317C8C34BD4F22D3EB2D7E7E3D
SHA-512:	515DBAB7C8BC28708909447B6917C075C603194EF0E6AF178DAC972EFF7E0E114756CA5944EFAB6B0B03041C05EA9F8B69C4CF8AA14A16011359D4232BFC6526
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369782962333537","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":389078},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.056134404417856
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqvIsBdOg2Hrfcaq3QYiubxnP7E4T3OF+:Y2sRds4ddMHy3QYhbxP7nbI+
MD5:	6107D823E1ACDA7C00DCAEE013C3C384
SHA1:	41EB99D4D6D7F0AA5D26C5028CFEFC36D51FFFE1
SHA-256:	0F2C04DDD565CB50B46110A0B5C5E56CC2C895317C8C34BD4F22D3EB2D7E7E3D
SHA-512:	515DBAB7C8BC28708909447B6917C075C603194EF0E6AF178DAC972EFF7E0E114756CA5944EFAB6B0B03041C05EA9F8B69C4CF8AA14A16011359D4232BFC6526
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369782962333537","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":389078},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4509
Entropy (8bit):	5.230545554328731
Encrypted:	false
SSDEEP:	96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLULm6RRzZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLg
MD5:	0D8E94AC85AC81CAE41F7FB605BE6BF3
SHA1:	9F82BB0B3C55584D3CD66A41FB63990D7A9E032B
SHA-256:	BBC7AA3A5DBA47D4FC94CB8EF4BA62B2BB58D27141C10323029EFC0B7492203C
SHA-512:	CFE59BED907C26ED4913A0071B8B3D28E5364834213364FD131D967FF67A6B8B9BCF90510C5DE5E4C559F21FEABDA0166716F64CA320629782C08115741936A5
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.\|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.214903818272348
Encrypted:	false
SSDEEP:	6:PVT+kHN+q2P92nKuAl9OmbzNMxIFUt82VT+Q5Zmw+2VT+QtVkwO92nKuAl9OmbzE:P5Sv4HAa8jFUt8251/+25n5LHAa84J
MD5:	B6DEAC5E1D4F6F88A7458C24F992541C
SHA1:	9AA7880E0CF00F4175CCCABF19E09A4C6814FC18
SHA-256:	9C4267348663B65D2017511AB9494A65DD6053B2FBD8B6F79F92A796C4DED3EE
SHA-512:	393349F50C105FF188A38B046F6335D0245D5B4BEE5A2FC97A66B14A593D0BEF0AB1FE30D29AD1B67442A6CA55FDB92E881ACD584D276DC5AA06F256853683E5
Malicious:	false
Reputation:	low
Preview:	2024/09/01-16:35:50.489 1cb8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/09/01-16:35:50.490 1cb8 Recovering log #3.2024/09/01-16:35:50.490 1cb8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.214903818272348
Encrypted:	false
SSDEEP:	6:PVT+kHN+q2P92nKuAl9OmbzNMxIFUt82VT+Q5Zmw+2VT+QtVkwO92nKuAl9OmbzE:P5Sv4HAa8jFUt8251/+25n5LHAa84J
MD5:	B6DEAC5E1D4F6F88A7458C24F992541C
SHA1:	9AA7880E0CF00F4175CCCABF19E09A4C6814FC18
SHA-256:	9C4267348663B65D2017511AB9494A65DD6053B2FBD8B6F79F92A796C4DED3EE
SHA-512:	393349F50C105FF188A38B046F6335D0245D5B4BEE5A2FC97A66B14A593D0BEF0AB1FE30D29AD1B67442A6CA55FDB92E881ACD584D276DC5AA06F256853683E5
Malicious:	false
Reputation:	low
Preview:	2024/09/01-16:35:50.489 1cb8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/09/01-16:35:50.490 1cb8 Recovering log #3.2024/09/01-16:35:50.490 1cb8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240901203554Z-151.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	2.016097812283715
Encrypted:	false
SSDEEP:	192:cUDX9exCAvYeqOVvixs8m5LgaCq+dMdxqoMRVsVySciPHVj9ukaz9Nz4KX5USxFv:cUDUYoys8osaCq+Srci991gNOGh
MD5:	78A2A053596E05F69D5978A32110C271
SHA1:	6738296927A296D76A6B316A21972F02EFA01005
SHA-256:	6D180081D8EFD5E7F637E3A2F7714500A3F592293D2DA29A4A8071239AADA441
SHA-512:	19A09302E59CAA93BB68AE495BF5635B74C962147A477C2C8D0CDD6A4B2476CA30FCC679584FEB22C1AE1E25E9AE395CF1C16429BBBA8ED45B0C865F10472569
Malicious:	false
Reputation:	low
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	893
Entropy (8bit):	7.366016576663508
Encrypted:	false
SSDEEP:	24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
MD5:	D4AE187B4574036C2D76B6DF8A8C1A30
SHA1:	B06F409FA14BAB33CBAF4A37811B8740B624D9E5
SHA-256:	A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
SHA-512:	1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
Malicious:	false
Preview:	0..y...H.........j0..f...1.0....H.........N0..J0..2.......D....'..09...@k0....H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0....H.............0..........P..W..be......,k0.[...}.@......3vI.?!I..N..>H.e...!.e..2....w..{........s.z..2..~..0....8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i.....)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0....H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..\|.Wv..(9..e...w.j..w.......)...55.1.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	290
Entropy (8bit):	2.9542326924097546
Encrypted:	false
SSDEEP:	6:kKg9Usw9L+N+SkQlPlEGYRMY9z+4KlDA3RUe/:jD9LNkPlE99SNxAhUe/
MD5:	187C37C03D72DC7AC4C4C214DCDA9A38
SHA1:	E752C68108D553A1DA928DC2461CA90847A3E8B9
SHA-256:	39CF95CF8F5B362350730DBA92FD8C0992DFBF7769D4AA1DA59598C04A4E87C3
SHA-512:	40C115235B5B868569B4462ECDD5129D82DA8C549588B0DDC9D61C904810B8F5C05EC403305F9BA99E67EA81DA0239A249B033A8A7B0C79B64F76C42BD9FAD1B
Malicious:	false
Preview:	p...... ..........m.....(....................................................... ........G..@.......................h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	252
Entropy (8bit):	3.0264678871426307
Encrypted:	false
SSDEEP:	3:kkFkleLBM1fllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7ln3:kKJBAxliBAIdQZV7I7kc3
MD5:	B37A1FBA95229E654D86D2CD35C8A1F2
SHA1:	18F60F819E26A9B9278A6C6598EBB92112FD5060
SHA-256:	87505602EFCC54A4020E1F1BF5C4839D31D6ACB9BD6C5B141E68F0AFFAC7B23F
SHA-512:	DD3A7B6D86C3E59C965F5BB5104724A0EBB6BA6284427ED760D0A43A2F204002CF6223DE80E9F25B6536B696BD9CA29F692B8957B92A78D05EC891DCEE3A272B
Malicious:	false
Preview:	p...... ....`...jM....(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1968

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	227002
Entropy (8bit):	3.392780893644728
Encrypted:	false
SSDEEP:	1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
MD5:	87EDBEE38F56C20298F25D5D3D4D1B5C
SHA1:	7F904E9615AC3186A87472EF366DD8202855B0B7
SHA-256:	A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
SHA-512:	BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.32668743751319
Encrypted:	false
SSDEEP:	6:YEQXJ2HXoeIp7/SHb7+FIbRI6XVW7+0YuHtoAvJM3g98kUwPeUkwRe9:YvXKXu7/0yYpW7oGMbLUkee9
MD5:	38E0E9A9FF048E42E885056F22E82CD5
SHA1:	B09639DB2525A122AE5D7A5B4029B8962AC38DEF
SHA-256:	96DA3C751EFA8EA12671FC8BB6A67B2D41E3E7C84867F15173F5B273987E831A
SHA-512:	732CE0D7672B549CE4F911E33237568694CC113CE50E6E168B0E2519981B72CA7E7CA37BCDC15B0ED6FEDBDB8D6AA4729A9DD0EB036A0FA11C72F369BC2875FB
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9c988f0c-4dec-4097-aeb5-d4374917b0d2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725402270223,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.265147016672313
Encrypted:	false
SSDEEP:	6:YEQXJ2HXoeIp7/SHb7+FIbRI6XVW7+0YuHtoAvJfBoTfXpnrPeUkwRe9:YvXKXu7/0yYpW7oGWTfXcUkee9
MD5:	3BD0D1689CEB1BD2D2FC6F9B7EECAB10
SHA1:	D040A18AB96332F3935128C84F1398A936A14F51
SHA-256:	0E1D9B768616E7BEFDD103DC414EE51BB6D65C37C2F7A39A6C814C4BC14954D3
SHA-512:	19038E55A457BD3691EFAAD4965C1648D7339F7CAF4583601C54C19F9BF3AB14429A1D889A1265638F12EA372FF7AA3421AF05474B4843C7C313F8885492730F
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9c988f0c-4dec-4097-aeb5-d4374917b0d2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725402270223,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.243285931417581
Encrypted:	false
SSDEEP:	6:YEQXJ2HXoeIp7/SHb7+FIbRI6XVW7+0YuHtoAvJfBD2G6UpnrPeUkwRe9:YvXKXu7/0yYpW7oGR22cUkee9
MD5:	3E4E61AE631CE1FC73CF4B61A1354A55
SHA1:	CF4527CB492045E2A37F35CF165C93284170BFB8
SHA-256:	46CFEB78A992F84E0A5129624FA763F357FCBC215B6287F8F0984D9D63C89D07
SHA-512:	EFA7A862CAFCDC5C538906D832DEDFEF375B54C29059A26814D2020606C84674410E191347167305A649F4C0A0A2944E5451BB0354C2A04B2B74A342183302F6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9c988f0c-4dec-4097-aeb5-d4374917b0d2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725402270223,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.304293439770494
Encrypted:	false
SSDEEP:	6:YEQXJ2HXoeIp7/SHb7+FIbRI6XVW7+0YuHtoAvJfPmwrPeUkwRe9:YvXKXu7/0yYpW7oGH56Ukee9
MD5:	91805CF1872AEBB6E7274E1CD8FC295A
SHA1:	3D9E634312226CCCD0D365535E10E4F49E1C6D58
SHA-256:	DAC2746F2BEA42E3202E66AC523AA6A9DAE73BF0C29F15D1EB5229CE7C1F5D28
SHA-512:	DF8588F4E0B0F1B0AE6DEC35ED998A4E4D9C826CCF1F6BA8EE43D135043056BA02BAC44B483D43B4B274D1BB27D7059A398DB96697795EF1C48D01F5436E80D3
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9c988f0c-4dec-4097-aeb5-d4374917b0d2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725402270223,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	5.657614346619108
Encrypted:	false
SSDEEP:	24:Yv6X2sXilpLgEFqciGennl0RCmK8czOCY4w22:YvBlhgLtaAh8cvYvB
MD5:	C3FFB585FF6AE2C0A1D76C2A1717249A
SHA1:	361DF5C2B979B748AE238DE249AA959C1579115F
SHA-256:	3FB52B896A1130B175E772C9BF833773506A90D2BE91D101308EF629EAA94F24
SHA-512:	C79806D6E0B37753CC4F8407CF3DDD54E87552CB0A5CD9715E2329A86AEA4B05D086C4F4CC07AAC039D6FD1CDA4EB470B14A2B6B842CA2F41D387CA4B07E31FE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9c988f0c-4dec-4097-aeb5-d4374917b0d2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725402270223,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.643797386576882
Encrypted:	false
SSDEEP:	24:Yv6X2sXipVLgEF0c7sbnl0RCmK8czOCYHflEpwiV2:YvBpFg6sGAh8cvYHWpwr
MD5:	E247830FDB62F64C0D7DD3DDF8770A34
SHA1:	93BBC073B6485D15400EE722E7A826E5CC7D261C
SHA-256:	7513422CB0541B0083C8D6670F1DC87E33638653849AF7D8B2146D3EBB471210
SHA-512:	C5F878D9819165ADB03FC7A22796E2D26176F02B43FB5908E1B100689F1138FE92971952981C11958CFD51199747BF1C5AFF80AB440E23688BD2C819145BA242
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9c988f0c-4dec-4097-aeb5-d4374917b0d2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725402270223,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.249190213681988
Encrypted:	false
SSDEEP:	6:YEQXJ2HXoeIp7/SHb7+FIbRI6XVW7+0YuHtoAvJfQ1rPeUkwRe9:YvXKXu7/0yYpW7oGY16Ukee9
MD5:	16C96761778CDFBE4EF49935F2A77B32
SHA1:	109C61C533FF2DB91676113AD40E0A197998F202
SHA-256:	1A1D0BACD44FDB1B3BF53A63F8AE2F96B3C76BD0DFE479E5F85F7F06E8138615
SHA-512:	134457B8F624FDE359800143FF8B530721ED9DDA3BEB7B2E4463305D00A8326404D4347622D8E2071EE9EF8CF43884DF631D0FBED12F8EF5C0D31A2DBB844513
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9c988f0c-4dec-4097-aeb5-d4374917b0d2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725402270223,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1038
Entropy (8bit):	5.638428673539438
Encrypted:	false
SSDEEP:	24:Yv6X2sXiY2LgEF7cciAXs0nl0RCmK8czOCAPtciB2:YvBYogc8hAh8cvAw
MD5:	33BE38AF8F1DFDD235F1C49BED841757
SHA1:	FCFEBAE3203A5F00F05E974F8BCFD7B1392DB058
SHA-256:	5D9989E6F725180FFC878E17C685AD3469BB1D26AE9DB99917F4D9516E176FC5
SHA-512:	83CB59D06EAA0BB992E034073D6D39F8711C527E13BB512A2C100575ACFFB090CF4A8861F347030820DA85AF039104DFF368AD39306C384B0AD05D841FC4869C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9c988f0c-4dec-4097-aeb5-d4374917b0d2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725402270223,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.69276770899753
Encrypted:	false
SSDEEP:	24:Yv6X2sXiQKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK52:YvBQEgqprtrS5OZjSlwTmAfSKc
MD5:	B97F92A61EB3546DC6DEA8C8E5944ECD
SHA1:	D1147EE76D578C80D9D03C7339E468CF6C22698D
SHA-256:	7D6E21947CE89297FF69DF4949E9497E906747896B5F763B4B27729B7C4CFBC2
SHA-512:	78B97E676C88C8467CAB3B1F5C24BF5AA65DE34515982E7C4FC618CCA91B9BD014962ECB5C1D2CC65191C7DA6D27CA7535D9AF7517338DA213BA44D3F3A68D7E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9c988f0c-4dec-4097-aeb5-d4374917b0d2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725402270223,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.256418098377463
Encrypted:	false
SSDEEP:	6:YEQXJ2HXoeIp7/SHb7+FIbRI6XVW7+0YuHtoAvJfYdPeUkwRe9:YvXKXu7/0yYpW7oGg8Ukee9
MD5:	E89180650420ED60DBED8AC12BCB9EF3
SHA1:	F4759762A9CEB13C6DD537839DD6403135F0ADE7
SHA-256:	9F6D69C32215E7FD002E083B27CE85BC9693FC89703E21259394DF9619959253
SHA-512:	9AA64B24A25E71F883BD59726773BD1189A87D61AF7066A66E028983CA67C19D2E799B03786D8843FCFF54CDF9FCED060BCD4C2A1E25B09A80E75D7FB70557EF
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9c988f0c-4dec-4097-aeb5-d4374917b0d2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725402270223,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.7664409660813885
Encrypted:	false
SSDEEP:	24:Yv6X2sXifrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNu:YvBfHgDv3W2aYQfgB5OUupHrQ9FJc
MD5:	6F3BF9D61064C97156875F7DB53C529C
SHA1:	F3A0B67A925D668A4D2D6D9FF0D256BEE9109FAA
SHA-256:	AB82158CD0EDC6D6402419FAE5E01605DCDA606FBFF8C4C051D130ED4CA4B330
SHA-512:	29AE17B69E357A61090EFF7A4F09A1DD71989D8EE41F3F97FAD93323BFD9F0F8D819BF4ECC1AC99CE00C6B657D7F61D9E1D5E2B463E2642C353349ECA5059589
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9c988f0c-4dec-4097-aeb5-d4374917b0d2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725402270223,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.240264728021241
Encrypted:	false
SSDEEP:	6:YEQXJ2HXoeIp7/SHb7+FIbRI6XVW7+0YuHtoAvJfbPtdPeUkwRe9:YvXKXu7/0yYpW7oGDV8Ukee9
MD5:	7A1EFB1E6051AF4CBBAE5943A059383A
SHA1:	A328BF6A19B68A45315CBECE2A38A881A46D6253
SHA-256:	FE06C775B8E7954D2C8831DF464B3E732A150B363039BA65D1B2E7080A7E0C21
SHA-512:	FAAD830DFCE3880AF79CDF0EF1AE055D72DA22B75348F0ED509B914EA112CAC00327660EED2F0B31EA75B6333C6D9BD76F70F74B05D1A427DFBBD229C84A4B8B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9c988f0c-4dec-4097-aeb5-d4374917b0d2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725402270223,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.241020328092074
Encrypted:	false
SSDEEP:	6:YEQXJ2HXoeIp7/SHb7+FIbRI6XVW7+0YuHtoAvJf21rPeUkwRe9:YvXKXu7/0yYpW7oG+16Ukee9
MD5:	88492F637C3C64A3B75B92FE50EF4994
SHA1:	132E3C9532F5FC939C9410B21B1BA08688A1E80F
SHA-256:	48AD22AE33CA2667E87882D418D60CA1BCC5BBEC09436ECDE95E0FFD3129A17A
SHA-512:	1809635E545C3BED46C8F887C18A76AAA1C5916EEBDB2B3A2170E0CD5705983DD6CE83F0A7E601FACC3E67E3795C2F3C74DAD4DD2D0B11A3376ED3CD23D9D5D3
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9c988f0c-4dec-4097-aeb5-d4374917b0d2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725402270223,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1058
Entropy (8bit):	5.646184213713829
Encrypted:	false
SSDEEP:	24:Yv6X2sXi9amXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8B2:YvBRBguOAh8cv+NKJ
MD5:	12DD978D58E209F4E87605F69E7A7390
SHA1:	B9C92AD3996362DC854497D53F287273748E8C2D
SHA-256:	1F832815566A4C3ECE04050867A41ABCFB22C88FC5BC46ABD11B716A647027E8
SHA-512:	8F086F7047977A5A93B37F97E72CFBC64F8B5FD7AF6304C866C563B834CDA8D215C92603F8EAABAE353DF874413DADD9C0A1D33ABF759E2C899921A7B6781F43
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9c988f0c-4dec-4097-aeb5-d4374917b0d2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725402270223,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.214951814063949
Encrypted:	false
SSDEEP:	6:YEQXJ2HXoeIp7/SHb7+FIbRI6XVW7+0YuHtoAvJfshHHrPeUkwRe9:YvXKXu7/0yYpW7oGUUUkee9
MD5:	BBE53898DB71D0B864B2D378E29C0C9F
SHA1:	BD42271F4F99AE5EF45B4D9062AFD5501B4480DF
SHA-256:	3B88C2293325C6B6DA70FD6BF017533C36FCE9F023566E9F9FECDAD19C585FB4
SHA-512:	F4C3CB2E6690BA48010C473DB86BA9B563E5A46AC451078F3D631580D1BC8C5AEA1574942C3CB06D4182B89A0F007AEA7E258F39748ED48F0FEBAC3F885C3C5A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9c988f0c-4dec-4097-aeb5-d4374917b0d2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725402270223,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.351522535148446
Encrypted:	false
SSDEEP:	12:YvXKXu7/0yYpW7oGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWC:Yv6X2sXiO168CgEXX5kcIfANhr
MD5:	50B01E3087399180EC325391170051AE
SHA1:	05E5519D6007966784B7A8152C2A95D686B05A6A
SHA-256:	36312751D5517AFB3D79624626A04649325558CEFA16E5A8BDA58329E43AA927
SHA-512:	A6CAE111B7EC29423496393045D0DBA7D60A702E68AA6844FCE64763EAF2293FCC50991C5DE8A725D83170A0817D46C3473DB7C35391360B582A42D030DDEB12
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9c988f0c-4dec-4097-aeb5-d4374917b0d2","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1725402270223,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1725222960265}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.126277177037373
Encrypted:	false
SSDEEP:	24:YW41Z4FELbWaJT1aydvKThCAYGDwJm7ZBUG11sMoqCJdfjZBpAsj0SjPIBwS2Viv:YWQnT5K3YGMSBD4nbi+S+iaD0WwC94
MD5:	008DD004809604BB5FD59A934BB80068
SHA1:	03D33B8F52F9A2E0920F8ACBFBCA5E7F64AB94C2
SHA-256:	A9EA36B325A921C26FA9B484FA15768140ABA58567625E58D615E166F3A5919D
SHA-512:	F5661DEEB10DA7A81D03EC2F1664998F6401E9C03116CA312535514472BF0CAF6DF92499FE2870E21E8669C1A59A14BE87744F01DF76B634011BC6B81F1D0389
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"2b2cdf8fb8cbd683afe75f6c3c14791a","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1725222960000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"a3475e36ccfd0ab70eb1eb549eb1b4f8","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1725222960000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"ca2d17ff107c748e6a01cb740722192c","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1725222960000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"be23cf5a771475bb977e26713dc253ca","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1725222960000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"31c518f3bcd8aa37501e2cc4ae601ca2","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1725222960000},{"id":"Edit_InApp_Aug2020","info":{"dg":"8904678430bac3c75bf0f829807fe9ca","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9839395564375616
Encrypted:	false
SSDEEP:	24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpvZ4zJwtNBwtNbRZ6bRZ4SZF:TVl2GL7ms6ggOVpSzutYtp6PN
MD5:	C500DC0362BB833E5D8F061D0542577A
SHA1:	EE17E459AC62FA9F51DD64258BBFD6CBBD35CB6C
SHA-256:	B72442061AA7C97AA58CD510E9882CEBE8D5303A6EF0A779BFCF1D5790FDA28C
SHA-512:	ACF28DB03BBEB7CE9386430FDD48ADE973A443A56E50737F95C92155485C1BADC0EEFCE46EA932E2324AE50447017CC5051E74AB931DD7FB5A87D64A3A1FDB5E
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.337801143262528
Encrypted:	false
SSDEEP:	24:7+tOvAD1RZKHs/Ds/SpvZPzJwtNBwtNbRZ6bRZWf1RZKeqLBx/XYKQvGJF7ursb:7MCGgOVpJzutYtp6PMzqll2GL7msb
MD5:	3AC0CD1417B2BE09FC31AB8BFB46BF3D
SHA1:	CD8AF06684ED630CF198CA2A403AC26201B8F41D
SHA-256:	E69923EBDC7C43A1461AD0B1AB054EE07DD35270CEE2511E9FA3E31983C48891
SHA-512:	E45DC0510AD5486C0D656A98BF490CCA52C98959CBF69019A3CC96810CEF76382C9E7889D082E58C824B82C65846DF0AFBF71A7335B122F27CDA673B00FE6982
Malicious:	false
Preview:	.... .c.....Mq.n......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIc0c50.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5441332632710916
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K80QsrNMG:Qw946cPbiOxDlbYnuRKlNMG
MD5:	6171B224E2FE36C6AA35BA9EA0BE271F
SHA1:	44E37C16DEF4E10600C54FD95BB6926569C877D0
SHA-256:	B02B3807826ABC15EA410C947B7F10E35FEF87DE10D706A6569293586EFA049B
SHA-512:	A1DE41901CC45C476AB7841F2CEE7974CFAB9283100787424F4290C4288AED434C52D1F93999E916F5EB12FFDF0850F87216CBDBC68221B743CA1DCDC837E1AF
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.1./.0.9./.2.0.2.4. . .1.6.:.3.5.:.5.7. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91bo8kjb_1805joa_1io.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	4.998432875439998
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROO3NNeMzVPNeMzVVuLCSyAAO:IngVMre9T0HQIDmy9g06JXn6M5cM5VuN
MD5:	428AAC7C8CE61D45F1D4AFDA2A44109F
SHA1:	3300D7ACB4FD1A916F70A6C267D8AEA393B15020
SHA-256:	6BF9B7D1A4E706B3445CDCB5D734AB01F3C124E5798AA0D31415C02EC5A6B955
SHA-512:	CE2EDB104336A289A5E18A2DDEE4AEFF82C78882160B8597C95ED13D91ACBF993B0056F80A09C522F5447FB844409D21FA6441A51F05ED378F19A708DFE3C003
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<427A6BC6B9720B45A41BD509777A0A03><427A6BC6B9720B45A41BD509777A0A03>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-01 16-35-52-428.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.376360055978702
Encrypted:	false
SSDEEP:	384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
MD5:	1336667A75083BF81E2632FABAA88B67
SHA1:	46E40800B27D95DAED0DBB830E0D0BA85C031D40
SHA-256:	F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
SHA-512:	D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
Malicious:	false
Preview:	SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.333875870507338
Encrypted:	false
SSDEEP:	384:o/R2ZDU3M/q0rSsMnhefk+1MQDaDV15y+9iEmy0p4zGawJ4zl42xt0t0VLdE5ySQ:Ak2N
MD5:	E429B256BE71F76D33EF756F15C149BD
SHA1:	66204C7E820AE07C29FA8933F55760E4500D7DFE
SHA-256:	CCBE89B5A115CD2B3799927EDC23A69A7B7B16318B6847380BBCC573F05D8C55
SHA-512:	57E0C7F798DE80F7593A01FE60B13B34C36252634762D8C4071E9F8881B0B243E170E96A2721AD788FD952C7108E7B784193E18479BB0E0C68785A393842EC0A
Malicious:	false
Preview:	SessionID=ef8a8ffb-f60e-4876-9220-5354bdde4f0e.1725222952454 Timestamp=2024-09-01T16:35:52:454-0400 ThreadID=2460 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=ef8a8ffb-f60e-4876-9220-5354bdde4f0e.1725222952454 Timestamp=2024-09-01T16:35:52:467-0400 ThreadID=2460 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=ef8a8ffb-f60e-4876-9220-5354bdde4f0e.1725222952454 Timestamp=2024-09-01T16:35:52:467-0400 ThreadID=2460 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=ef8a8ffb-f60e-4876-9220-5354bdde4f0e.1725222952454 Timestamp=2024-09-01T16:35:52:467-0400 ThreadID=2460 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=ef8a8ffb-f60e-4876-9220-5354bdde4f0e.1725222952454 Timestamp=2024-09-01T16:35:52:467-0400 ThreadID=2460 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.395756783203034
Encrypted:	false
SSDEEP:	768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbE:w
MD5:	FCBAFB6A6782442C664CDF8BF502B852
SHA1:	19343EB930B250D85078BBE70B507AD9FA77C496
SHA-256:	7A18DF54DBFBB346AF5214959F281116059885880637169601041746B82771E9
SHA-512:	1D12D104355D53BDFFA62FA52ACFDEC454DA7C2D89DBF960035C83AE37B896B0BA32E5FE33012D109747C743F7134B0D989EDD73FA6769AE9D585035A9D7E060
Malicious:	false
Preview:	04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : *************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***********************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\31155122-071a-4663-aefd-0a09462a1708.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\bc3ac0b4-94bc-40b2-88de-a58c8579e3ed.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\e845e854-387c-47d2-b8c3-2f87ca7ac0b7.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\f5aadbf1-8bd7-457a-9b21-86fd6801aac4.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/M7ouWLaGZjZwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLaGZjZwZGk3mlind9i4ufFXpAXkru
MD5:	AE1E8A5D3E7B2198980A0CA16DE5F3D3
SHA1:	A1DB2C58AFC81E6A114A8EB47BE0243956F79460
SHA-256:	8C2E1B13F6658714D51737D6745FE065B87497923945AB3028706A4171C8328F
SHA-512:	5B36CF0982C5AFED5CCEA4B30A0B31A2B5312FBF5438623D53153E076B59F1B4BEF8C08695EA74E086BCA4EF7221889DB977B5DCFF4C684BA0683FDDECDE2EC4
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

Static File Info

General

File type:	PDF document, version 1.4, 2 pages
Entropy (8bit):	7.8504815768225145
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	LEONARDMARIE.pdf
File size:	71'207 bytes
MD5:	1657fb0234ffff097b028ab01b843e75
SHA1:	f260ac67282568752c12ff3e3f05c21f95804a80
SHA256:	d859b6f24abaa69be6bac60cf956c849bb8a1a8ee82ddaebbc8c022cabbb74c1
SHA512:	aaf7531b51e77aeed9851aa188892242df6a373e409c35faaaaa1dd22b479a190e42cc171f9713627cda9fb6ff69f9d16a3790619b178b9bed0cd466bb9ee320
SSDEEP:	1536:EeEKYhLruZuZGi+NqiF+AUqDMb6s+z+AVQ8UO524bvllun6bztTeN:TEKYh5ZGjNZrDMb6vVQ8M4bvXun6bz50
TLSH:	F863E12ADA485C19FCFF87C2C4E4F6A11029B70605DE20C638B15D88FDE5AC4FB15BA6
File Content Preview:	%PDF-1.4.1 0 obj.<<./Title (..)./Creator (..)./Producer (...Q.t. .5...5...1)./CreationDate (D:20240901180325).>>.endobj.2 0 obj.<<./Type /Catalog./Pages 3 0 R.>>.endobj.4 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.850482
Total Bytes:	71207
Stream Entropy:	7.865226
Stream Bytes:	66873
Entropy outside Streams:	5.107955
Bytes outside Streams:	4334
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	31
endobj	31
stream	8
endstream	8
xref	1
trailer	1
startxref	1
/Page	2
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
9	3d6fde3eb3431f76	4e0813d6c9dbc32e99d030a0946f1ebb
16	49695b2b3b13696b	f256e0e4195c2dc67abcc053f17acc73

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 1, 2024 22:35:58.154870033 CEST	49714	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:35:58.154896021 CEST	443	49714	23.22.254.206	192.168.2.5
Sep 1, 2024 22:35:58.154989958 CEST	49714	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:35:58.155191898 CEST	49714	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:35:58.155210972 CEST	443	49714	23.22.254.206	192.168.2.5
Sep 1, 2024 22:35:59.410371065 CEST	443	49714	23.22.254.206	192.168.2.5
Sep 1, 2024 22:35:59.410764933 CEST	49714	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:35:59.410773993 CEST	443	49714	23.22.254.206	192.168.2.5
Sep 1, 2024 22:35:59.411783934 CEST	443	49714	23.22.254.206	192.168.2.5
Sep 1, 2024 22:35:59.411927938 CEST	49714	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:35:59.411936045 CEST	443	49714	23.22.254.206	192.168.2.5
Sep 1, 2024 22:35:59.412003040 CEST	49714	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:35:59.418335915 CEST	49714	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:35:59.418397903 CEST	443	49714	23.22.254.206	192.168.2.5
Sep 1, 2024 22:35:59.418678999 CEST	49714	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:35:59.418692112 CEST	443	49714	23.22.254.206	192.168.2.5
Sep 1, 2024 22:35:59.462192059 CEST	49714	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:35:59.581463099 CEST	443	49714	23.22.254.206	192.168.2.5
Sep 1, 2024 22:35:59.581532955 CEST	443	49714	23.22.254.206	192.168.2.5
Sep 1, 2024 22:35:59.581851006 CEST	49714	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:35:59.584661961 CEST	49714	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:35:59.584661961 CEST	49714	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:35:59.584676981 CEST	443	49714	23.22.254.206	192.168.2.5
Sep 1, 2024 22:35:59.585251093 CEST	49714	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:35:59.587016106 CEST	49716	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:35:59.587030888 CEST	443	49716	23.22.254.206	192.168.2.5
Sep 1, 2024 22:35:59.587135077 CEST	49716	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:35:59.587831020 CEST	49716	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:35:59.587843895 CEST	443	49716	23.22.254.206	192.168.2.5
Sep 1, 2024 22:36:00.149552107 CEST	443	49716	23.22.254.206	192.168.2.5
Sep 1, 2024 22:36:00.149805069 CEST	49716	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:36:00.149816036 CEST	443	49716	23.22.254.206	192.168.2.5
Sep 1, 2024 22:36:00.150862932 CEST	443	49716	23.22.254.206	192.168.2.5
Sep 1, 2024 22:36:00.150924921 CEST	49716	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:36:00.150930882 CEST	443	49716	23.22.254.206	192.168.2.5
Sep 1, 2024 22:36:00.150983095 CEST	49716	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:36:00.151360035 CEST	49716	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:36:00.151424885 CEST	443	49716	23.22.254.206	192.168.2.5
Sep 1, 2024 22:36:00.151609898 CEST	49716	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:36:00.151622057 CEST	443	49716	23.22.254.206	192.168.2.5
Sep 1, 2024 22:36:00.198605061 CEST	49716	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:36:00.334343910 CEST	443	49716	23.22.254.206	192.168.2.5
Sep 1, 2024 22:36:00.334359884 CEST	443	49716	23.22.254.206	192.168.2.5
Sep 1, 2024 22:36:00.334386110 CEST	443	49716	23.22.254.206	192.168.2.5
Sep 1, 2024 22:36:00.334464073 CEST	49716	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:36:00.334471941 CEST	443	49716	23.22.254.206	192.168.2.5
Sep 1, 2024 22:36:00.334485054 CEST	443	49716	23.22.254.206	192.168.2.5
Sep 1, 2024 22:36:00.334537029 CEST	49716	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:36:00.338450909 CEST	49716	443	192.168.2.5	23.22.254.206
Sep 1, 2024 22:36:00.338463068 CEST	443	49716	23.22.254.206	192.168.2.5
Sep 1, 2024 22:36:02.663503885 CEST	49717	443	192.168.2.5	23.41.168.139
Sep 1, 2024 22:36:02.663551092 CEST	443	49717	23.41.168.139	192.168.2.5
Sep 1, 2024 22:36:02.663634062 CEST	49717	443	192.168.2.5	23.41.168.139
Sep 1, 2024 22:36:02.663831949 CEST	49717	443	192.168.2.5	23.41.168.139
Sep 1, 2024 22:36:02.663844109 CEST	443	49717	23.41.168.139	192.168.2.5
Sep 1, 2024 22:36:03.247456074 CEST	443	49717	23.41.168.139	192.168.2.5
Sep 1, 2024 22:36:03.247864962 CEST	49717	443	192.168.2.5	23.41.168.139
Sep 1, 2024 22:36:03.247883081 CEST	443	49717	23.41.168.139	192.168.2.5
Sep 1, 2024 22:36:03.248924017 CEST	443	49717	23.41.168.139	192.168.2.5
Sep 1, 2024 22:36:03.248990059 CEST	49717	443	192.168.2.5	23.41.168.139
Sep 1, 2024 22:36:03.295473099 CEST	49717	443	192.168.2.5	23.41.168.139
Sep 1, 2024 22:36:03.295564890 CEST	443	49717	23.41.168.139	192.168.2.5
Sep 1, 2024 22:36:03.295727015 CEST	49717	443	192.168.2.5	23.41.168.139
Sep 1, 2024 22:36:03.295741081 CEST	443	49717	23.41.168.139	192.168.2.5
Sep 1, 2024 22:36:03.346014977 CEST	49717	443	192.168.2.5	23.41.168.139
Sep 1, 2024 22:36:03.403424978 CEST	443	49717	23.41.168.139	192.168.2.5
Sep 1, 2024 22:36:03.403496027 CEST	443	49717	23.41.168.139	192.168.2.5
Sep 1, 2024 22:36:03.403569937 CEST	49717	443	192.168.2.5	23.41.168.139
Sep 1, 2024 22:36:03.405143976 CEST	49717	443	192.168.2.5	23.41.168.139
Sep 1, 2024 22:36:03.405158043 CEST	443	49717	23.41.168.139	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 1, 2024 22:36:19.355012894 CEST	53	61303	162.159.36.2	192.168.2.5
Sep 1, 2024 22:36:19.818871975 CEST	59617	53	192.168.2.5	1.1.1.1
Sep 1, 2024 22:36:19.829174042 CEST	53	59617	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 1, 2024 22:36:19.818871975 CEST	192.168.2.5	1.1.1.1	0x69e9	Standard query (0)	15.164.165.52.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 1, 2024 22:35:58.339899063 CEST	1.1.1.1	192.168.2.5	0x2d0d	No error (0)	windowsupdatebg.s.llnwi.net		46.228.146.128	A (IP address)	IN (0x0001)	false
Sep 1, 2024 22:36:19.829174042 CEST	1.1.1.1	192.168.2.5	0x69e9	Name error (3)	15.164.165.52.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false

HTTP Request Dependency Graph

https:

p13n.adobe.io

armmf.adobe.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49714	23.22.254.206	443	7268	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:35:59 UTC	1353	OUT	OPTIONS /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1 Host: p13n.adobe.io Connection: keep-alive Accept: / Access-Control-Request-Method: GET Access-Control-Request-Headers: x-adobe-uuid,x-adobe-uuid-type,x-api-key Origin: https://rna-resource.acrobat.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Referer: https://rna-resource.acrobat.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-01 20:35:59 UTC	572	IN	HTTP/1.1 204 No Content Server: openresty Date: Sun, 01 Sep 2024 20:35:59 GMT Content-Type: text/plain Content-Length: 0 Connection: close Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: x-request-id X-Request-Id: WOe5PIvs50AU129WGIhkFunmLAZYdbg3 Strict-Transport-Security: max-age=15552000; includeSubDomains

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49716	23.22.254.206	443	7268	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:36:00 UTC	1473	OUT	GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1 Host: p13n.adobe.io Connection: keep-alive sec-ch-ua: "Chromium";v="105" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 x-adobe-uuid: 89d789c4-e7e5-4f75-95a4-57139ab6811f x-adobe-uuid-type: visitorId x-api-key: AdobeReader9 sec-ch-ua-platform: "Windows" Origin: https://rna-resource.acrobat.com Accept-Language: en-US,en;q=0.9 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://rna-resource.acrobat.com/ Accept-Encoding: gzip, deflate, br
2024-09-01 20:36:00 UTC	608	IN	HTTP/1.1 200 Server: openresty Date: Sun, 01 Sep 2024 20:36:00 GMT Content-Type: application/json;charset=UTF-8 Content-Length: 6301 Connection: close x-request-id: 0PbZXugyqrsSBVvXCMfiPRUW3RmfUdlo vary: accept-encoding Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: x-request-id Strict-Transport-Security: max-age=15552000; includeSubDomains
2024-09-01 20:36:00 UTC	6301	IN	Data Raw: 7b 22 73 75 72 66 61 63 65 73 22 3a 7b 22 44 43 5f 52 65 61 64 65 72 5f 52 48 50 5f 42 61 6e 6e 65 72 22 3a 7b 22 63 6f 6e 74 61 69 6e 65 72 73 22 3a 5b 7b 22 63 6f 6e 74 61 69 6e 65 72 49 64 22 3a 31 2c 22 63 6f 6e 74 61 69 6e 65 72 4c 61 62 65 6c 22 3a 22 4a 53 4f 4e 20 66 6f 72 20 52 65 61 64 65 72 20 44 43 20 52 48 50 20 42 61 6e 6e 65 72 22 2c 22 64 61 74 61 54 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 2c 22 64 61 74 61 22 3a 22 65 79 4a 6a 64 47 45 69 4f 6e 73 69 64 48 6c 77 5a 53 49 36 49 6d 4a 31 64 48 52 76 62 69 49 73 49 6e 52 6c 65 48 51 69 4f 69 4a 47 63 6d 56 6c 49 44 63 74 52 47 46 35 49 46 52 79 61 57 46 73 49 69 77 69 5a 32 39 66 64 58 4a 73 49 6a 6f 69 61 48 52 30 63 48 4d 36 4c 79 39 68 59 33 4a 76 59 6d 46 30 Data Ascii: {"surfaces":{"DC_Reader_RHP_Banner":{"containers":[{"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","dataType":"application/json","data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49717	23.41.168.139	443	7268	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 20:36:03 UTC	475	OUT	GET /onboarding/smskillreader.txt HTTP/1.1 Host: armmf.adobe.com Connection: keep-alive Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br If-None-Match: "78-5faa31cce96da" If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
2024-09-01 20:36:03 UTC	198	IN	HTTP/1.1 304 Not Modified Content-Type: text/plain; charset=UTF-8 Last-Modified: Mon, 01 May 2023 15:02:33 GMT ETag: "78-5faa31cce96da" Date: Sun, 01 Sep 2024 20:36:03 GMT Connection: close

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 4144, Parent PID: 1028

General

Target ID:	0
Start time:	16:35:49
Start date:	01/09/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\LEONARDMARIE.pdf"
Imagebase:	0x7ff686a00000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 2616, Parent PID: 4144

General

Target ID:	2
Start time:	16:35:49
Start date:	01/09/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7268, Parent PID: 2616

General

Target ID:	4
Start time:	16:35:50
Start date:	01/09/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1728,i,13754806069514452620,14320685787743459304,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report LEONARDMARIE.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\1eb0c00d-649b-4536-b739-fb3d19b7c375.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240901203554Z-151.bmp

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1968

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Windows Analysis Report
LEONARDMARIE.pdf