Edit tour

Windows Analysis Report
JmoLm3fk6x.pdf

Overview

General Information

Sample name:	JmoLm3fk6x.pdf renamed because original name is a hash value
Original sample name:	53812d7bdaf5e8e5c1b99b4b9f3d8d3d7726d4c6c23a72fb109132d96ca725c2.pdf
Analysis ID:	1522689
MD5:	e762f98ebf5e28324ccc2fa4ba4fc3bb
SHA1:	eff5094bb9056a44fe39ccfe4c480caad61f8096
SHA256:	53812d7bdaf5e8e5c1b99b4b9f3d8d3d7726d4c6c23a72fb109132d96ca725c2
Tags:	pdfUAC-0099user-JAMESWT_MHT
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

IP address seen in connection with other malware

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 6528 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\JmoLm3fk6x.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 1760 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6620 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1604,i,14599695127855173402,3569513226058056659,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Joe Sandbox View	IP Address: 23.47.168.24 23.47.168.24
Source: Joe Sandbox View	IP Address: 52.202.204.11 52.202.204.11

Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: ReaderMessages.0.dr	String found in binary or memory: https://www.adobe.co

Source: classification engine

Classification label: clean0.winPDF@14/50@0/2

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4860

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-30 09-32-16-163.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\JmoLm3fk6x.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1604,i,14599695127855173402,3569513226058056659,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1604,i,14599695127855173402,3569513226058056659,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: JmoLm3fk6x.pdf	Initial sample: PDF keyword /JS count = 0
Source: JmoLm3fk6x.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: JmoLm3fk6x.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
JmoLm3fk6x.pdf	0%	ReversingLabs

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://x1.i.lencr.org/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.2.dr	false	URL Reputation: safe	unknown
https://www.adobe.co	ReaderMessages.0.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.47.168.24	unknown	United States		16625	AKAMAI-ASUS	false
52.202.204.11	unknown	United States		14618	AMAZON-AESUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1522689
Start date and time:	2024-09-30 15:31:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	JmoLm3fk6x.pdf renamed because original name is a hash value
Original Sample Name:	53812d7bdaf5e8e5c1b99b4b9f3d8d3d7726d4c6c23a72fb109132d96ca725c2.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/50@0/2
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 172.64.41.3, 162.159.61.3, 34.193.227.236, 54.144.73.197, 18.207.85.246, 107.22.247.231, 2.23.197.184, 199.232.210.172, 2.19.126.143, 2.19.126.149, 192.168.2.9, 23.200.0.21
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: JmoLm3fk6x.pdf

Simulations

Behavior and APIs

Time	Type	Description
09:32:23	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

Input	Output
URL: PDF document Model: jbxai

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
23.47.168.24	https://content.app-us1.com/5zbe53/2024/09/30/8d9df716-ca99-47ed-825e-d3a2a0e6cd9e.pdf	Get hash	malicious	HTMLPhisher	Browse
	PDF...pdf	Get hash	malicious	Unknown	Browse
	TM3utH2CsU.exe	Get hash	malicious	PureLog Stealer, XWorm	Browse
	8f40pUzDo8.exe	Get hash	malicious	Metasploit	Browse
	johnny.guanCopy.pdf	Get hash	malicious	Unknown	Browse
	Bonus_Payments_Health_Insurance_Vacation_Policy_Update_20243568Acer Liquid Z63568.pdf	Get hash	malicious	Unknown	Browse
	f_0000eb.pdf	Get hash	malicious	Unknown	Browse
	Giger & Partner Fall Nr. 893983 Gerichtsbescheid Vergleich Nr. 241624 GM.pdf	Get hash	malicious	Unknown	Browse
	v2.1.pdf	Get hash	malicious	Unknown	Browse
	YjtJRRgm3O.lnk	Get hash	malicious	Unknown	Browse
52.202.204.11	Tonincasa Updated Employee sheet .pdf	Get hash	malicious	HTMLPhisher	Browse
	Xerox-029_Scanned.pdf	Get hash	malicious	Phisher	Browse
	Order list.pdf	Get hash	malicious	Unknown	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:626535c6-68da-4729-b016-6e974989fb70	Get hash	malicious	LummaC Stealer	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:d45888c7-1c94-44ce-be0c-a501f747fb8c	Get hash	malicious	LummaC Stealer	Browse
	LETTER ATTACHED.pdf	Get hash	malicious	HTMLPhisher	Browse
	Smeg SignRequest.pdf	Get hash	malicious	HTMLPhisher	Browse
	CMB Monaco Signatures Consent Docs#299229(Revised).pdf	Get hash	malicious	Unknown	Browse
	+10618189554_VM_Mbda-usVM.mp3.pdf	Get hash	malicious	Unknown	Browse
	https://dl.dropboxusercontent.com/scl/fi/4mhppt9446w16rxyp8wch/ATDKM0-019002993PDF.zip?rlkey=bolgaypwmfsk0ve6n3zskuk1w&st=655ymbiy&dl=0	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	Snc2ZNvAZP.pdf	Get hash	malicious	Unknown	Browse	23.56.162.185
	Purchase Order IBT LPO-2320.eml	Get hash	malicious	Unknown	Browse	23.56.162.185
	SCAN_Client_No_XP9739270128398468932393.pdf	Get hash	malicious	HTMLPhisher	Browse	96.17.64.189
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.102.49.254
	https://content.app-us1.com/5zbe53/2024/09/30/8d9df716-ca99-47ed-825e-d3a2a0e6cd9e.pdf	Get hash	malicious	HTMLPhisher	Browse	23.47.168.24
	Tonincasa Updated Employee sheet .pdf	Get hash	malicious	HTMLPhisher	Browse	104.77.220.172
	MagicUtilities-Setup-3.1.4.5-Win10.exe	Get hash	malicious	Unknown	Browse	184.28.90.27
AMAZON-AESUS	http://email.app.loyalty.appstle.com/c/eJwczE2uLBEUAODVMHty6vgfGLxJ7YNCldsaadKJ3d_kbuCLDpJVWtPkDo1aHlqApo_j-QrGx0NGE5VRkkMwCbUEaa334GlxCCjAogErldDsyjIGyVXM-UCInAjwY7Dat69rMz_GXDWxq79pdc9aYxL-n-BJ8KylvUpjoXSC5_2T2iwlljsRPOnHhc--S1VIBHzvyVp-sdbpchGMyvkfJvbe8-mj5P2nfx3-BgAA__-UbkEq	Get hash	malicious	Unknown	Browse	3.94.219.156
	https://fshjjfetalpacksrlfggghhgfgj.taplink.ws/	Get hash	malicious	HTMLPhisher	Browse	44.217.82.191
	https://metrics.send.hotmart.com/v2/events/click/64ec6af4-7b81-4abf-9e97-fe7d70d45255?d=1nFwG70sgZqlXE	Get hash	malicious	Unknown	Browse	35.170.189.25
	Tonincasa Updated Employee sheet .pdf	Get hash	malicious	HTMLPhisher	Browse	52.202.204.11
	https://en.softonic.com	Get hash	malicious	Unknown	Browse	54.152.74.168
	https://pokegamaclub.com/	Get hash	malicious	Unknown	Browse	54.152.209.115
	https://ole798.com/	Get hash	malicious	Unknown	Browse	34.199.159.169
	https://thepursuitco.net/	Get hash	malicious	Unknown	Browse	3.221.216.4
	https://thepeaceapproach.net/	Get hash	malicious	Unknown	Browse	3.221.216.4
	https://therandomrental.net/	Get hash	malicious	Unknown	Browse	3.221.216.4

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.2046074380693845
Encrypted:	false
SSDEEP:	6:PIuPt+q2PqLTwi2nKuAl9OmbnIFUt82IuPdCZmw+2IuPdeVkwOqLTwi2nKuAl9Oe:PGv8wZHAahFUt82/C/+2/u5TwZHAaSJ
MD5:	19080619ABD4C6C5A47165E20EAE9E00
SHA1:	25355B69FA2A2C0921ABF9FD38B64DFFFF51E27C
SHA-256:	DC3E8252B7673E4D4033F22B2D1BFE8E37D643EBDB6EAE464D334A3D356A527A
SHA-512:	08CABCD2074EED5204520AF1EBBC792769295878E9A1CE9A9AD29DFD90CFBB68754756329EE963CE94ED491E0EDF3886F00975DB83CE9FE5EA22201B77402A73
Malicious:	false
Reputation:	low
Preview:	2024/09/30-09:32:16.225 ad8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/09/30-09:32:16.228 ad8 Recovering log #3.2024/09/30-09:32:16.228 ad8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.2046074380693845
Encrypted:	false
SSDEEP:	6:PIuPt+q2PqLTwi2nKuAl9OmbnIFUt82IuPdCZmw+2IuPdeVkwOqLTwi2nKuAl9Oe:PGv8wZHAahFUt82/C/+2/u5TwZHAaSJ
MD5:	19080619ABD4C6C5A47165E20EAE9E00
SHA1:	25355B69FA2A2C0921ABF9FD38B64DFFFF51E27C
SHA-256:	DC3E8252B7673E4D4033F22B2D1BFE8E37D643EBDB6EAE464D334A3D356A527A
SHA-512:	08CABCD2074EED5204520AF1EBBC792769295878E9A1CE9A9AD29DFD90CFBB68754756329EE963CE94ED491E0EDF3886F00975DB83CE9FE5EA22201B77402A73
Malicious:	false
Reputation:	low
Preview:	2024/09/30-09:32:16.225 ad8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/09/30-09:32:16.228 ad8 Recovering log #3.2024/09/30-09:32:16.228 ad8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.168351180293786
Encrypted:	false
SSDEEP:	6:PIuPIyq2PqLTwi2nKuAl9Ombzo2jMGIFUt82IuPU51Zmw+2IuPPlRkwOqLTwi2ng:P7v8wZHAa8uFUt82e1/+2h5TwZHAa8RJ
MD5:	516E3502ADD46A79B98E3B94A19F23C6
SHA1:	2F00B6ED1D1A1A7BFC3FC120A600B4D5578E399A
SHA-256:	BD170466522C8760A7A819AAE6EBE3948A0052A538105D0FA99781E512E4D505
SHA-512:	869C5FEE79E5F115F93B001ACAA32516154E3F1C6FC6D508B5BE5AF1C64DF85CAD4A62D5BDDC3D90CDC6D6490F1292A9FC9095F2B2068EAB8B221D0B0292FDD6
Malicious:	false
Reputation:	low
Preview:	2024/09/30-09:32:16.460 15a0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/09/30-09:32:16.462 15a0 Recovering log #3.2024/09/30-09:32:16.463 15a0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.168351180293786
Encrypted:	false
SSDEEP:	6:PIuPIyq2PqLTwi2nKuAl9Ombzo2jMGIFUt82IuPU51Zmw+2IuPPlRkwOqLTwi2ng:P7v8wZHAa8uFUt82e1/+2h5TwZHAa8RJ
MD5:	516E3502ADD46A79B98E3B94A19F23C6
SHA1:	2F00B6ED1D1A1A7BFC3FC120A600B4D5578E399A
SHA-256:	BD170466522C8760A7A819AAE6EBE3948A0052A538105D0FA99781E512E4D505
SHA-512:	869C5FEE79E5F115F93B001ACAA32516154E3F1C6FC6D508B5BE5AF1C64DF85CAD4A62D5BDDC3D90CDC6D6490F1292A9FC9095F2B2068EAB8B221D0B0292FDD6
Malicious:	false
Reputation:	low
Preview:	2024/09/30-09:32:16.460 15a0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/09/30-09:32:16.462 15a0 Recovering log #3.2024/09/30-09:32:16.463 15a0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\53a52fe6-a4b3-4a84-8292-ef5c706ea182.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.969814904260269
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqNsHWsBdOg2H9fcaq3QYiub5P7E4T3y:Y2sRdscm7dMH9u3QYhbt7nby
MD5:	7CDCB6B57190A7580A0EA5AB84809ADE
SHA1:	3E0C3E7A849BDBF3D7792FF59E62D794E6DADFEF
SHA-256:	1E81F80172DB7280247DA08457860584BF2A456A9E45D03FD017B3A191908519
SHA-512:	E2D4335FAC627E26E9F29D087FADF39DE22EF30AD51962D732F5F368A51D9C315BDCB58651D6BF440D96A0B664BD3185B3262618342DE05FD3547EB4668EAD8B
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372263145646318","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":150986},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.9","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.969814904260269
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqNsHWsBdOg2H9fcaq3QYiub5P7E4T3y:Y2sRdscm7dMH9u3QYhbt7nby
MD5:	7CDCB6B57190A7580A0EA5AB84809ADE
SHA1:	3E0C3E7A849BDBF3D7792FF59E62D794E6DADFEF
SHA-256:	1E81F80172DB7280247DA08457860584BF2A456A9E45D03FD017B3A191908519
SHA-512:	E2D4335FAC627E26E9F29D087FADF39DE22EF30AD51962D732F5F368A51D9C315BDCB58651D6BF440D96A0B664BD3185B3262618342DE05FD3547EB4668EAD8B
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372263145646318","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":150986},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.9","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4288
Entropy (8bit):	5.2162615724893
Encrypted:	false
SSDEEP:	96:GICD8SBCmPAi8j0/8qbGNSwPgGYPx8xRqhm068OzbpMfkAbPfZ:1CDLCmPj8j0/8qKgwPHYPx8xemT8Ozbq
MD5:	F78F09FB7E2BDC3EE9964BB4652D4C66
SHA1:	2F20190EDFE2B079D1DD6E4F12590688B1F01FA2
SHA-256:	389B2A5E5F68945FE68D9B4FCADA7CA338439A3E6940AF0A1349C00A39BD13A7
SHA-512:	9D12F5EA5E4DECEED82E78A78E4C3AC3309440178F22BEE43D3F4EF01CB059C0DCB9A3F7E0A426A1B2E97D2D0876B659D70817E9F6715EEEAC9A7457FA196CCA
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-W...o................next-map-id.1.Pnamespace-ed11ed50_1515_4296_b27c_721e1e1acdec-https://rna-resource.acrobat.com/.0.w..r................next-map-id.2.Snamespace-f62cae74_b031_4dd2_8c7b_e9ef3858dbf9-https://rna-v2-resource.acrobat.com/.1:M4.r................next-map-id.3.Snamespace-2a2b5482_c0ce_4c74_9fbc_8a8daf6ed72d-https://rna-v2-resource.acrobat.com/.2IE..o................next-map-id.4.Pnamespace-b58dfce7_364b_43da_946b_3d7546a793e5-https://rna-resource.acrobat.com/.3KQ..^...............Pnamespace-ed11ed50_1515_4296_b27c_721e1e1acdec-https://rna-resource.acrobat.com/.xK.^...............Pnamespace-b58dfce7_364b_43da_946b_3d7546a793e5-https://rna-resource.acrobat.com/.i.+a...............Snamespace-f62cae74_b031_4dd2_8c7b_e9ef3858dbf9-https://rna-v2-resource.acrobat.com/Tz.qa...............Snamespace-2a2b5482_c0ce_4c74_9fbc_8a8daf6ed72d-https://rna-v2-resource.acrobat.com/"_.o................next-map-id.5.Pnamespace-7c898a99_566e_4628_b4ec_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.165232092019445
Encrypted:	false
SSDEEP:	6:PIuPGVgyq2PqLTwi2nKuAl9OmbzNMxIFUt82IuPGnz1Zmw+2IuPGXfoRkwOqLTw9:PwFv8wZHAa8jFUt82M1/+2cw5TwZHAab
MD5:	D30AD64FEA43954B94B232C4091F0C44
SHA1:	27F482B64908CBEF5FD742F3A0A7E29864280022
SHA-256:	E9069A744AF2310F6906A3E2761EEE3556EDC10EEAC13B23C8C8E92A2DBDAD46
SHA-512:	DF2078CEB601A803503FAA2F49AD846E0396A82A7EE67DFD408BB9ABE0493E7B0322F38BE1C25D2DD2ED9B71210621FC481C764496CD0E15602FA4787A46B8F3
Malicious:	false
Reputation:	low
Preview:	2024/09/30-09:32:16.700 15a0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/09/30-09:32:16.701 15a0 Recovering log #3.2024/09/30-09:32:16.702 15a0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.165232092019445
Encrypted:	false
SSDEEP:	6:PIuPGVgyq2PqLTwi2nKuAl9OmbzNMxIFUt82IuPGnz1Zmw+2IuPGXfoRkwOqLTw9:PwFv8wZHAa8jFUt82M1/+2cw5TwZHAab
MD5:	D30AD64FEA43954B94B232C4091F0C44
SHA1:	27F482B64908CBEF5FD742F3A0A7E29864280022
SHA-256:	E9069A744AF2310F6906A3E2761EEE3556EDC10EEAC13B23C8C8E92A2DBDAD46
SHA-512:	DF2078CEB601A803503FAA2F49AD846E0396A82A7EE67DFD408BB9ABE0493E7B0322F38BE1C25D2DD2ED9B71210621FC481C764496CD0E15602FA4787A46B8F3
Malicious:	false
Reputation:	low
Preview:	2024/09/30-09:32:16.700 15a0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/09/30-09:32:16.701 15a0 Recovering log #3.2024/09/30-09:32:16.702 15a0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240930133219Z-186.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	1.0025236639109925
Encrypted:	false
SSDEEP:	6:upCl/OuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuN:ptF
MD5:	913275AD9D8A17D6FE2695BB51BC7863
SHA1:	9C29246D92F80A7BDDEC1B53C8705EDBDC0A4759
SHA-256:	5E6EBDE5554818D0BD1203842D3FEE08CF894B3426C291244506CF749A3569CB
SHA-512:	48A23707771345E1F2F29A383D6EE1F6F3BF9E079603701ABA4B076724BFEDE2F79950B310F5597DA237451DA53D6877DA0EFF888DD84416DA09536037A8DDC6
Malicious:	false
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 13, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 13
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.438678159063177
Encrypted:	false
SSDEEP:	384:Se2ci5G1iBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:B5urVgazUpUTTGt
MD5:	39E90D1C43C687C7126AA1A978F52D8C
SHA1:	4D8D69879D0137D5ABE749AEBA5E47AD95ACB2CA
SHA-256:	93DF33D2457E114B74EE34FB779B2AA1BEE3C69C4DDB289732475986730CE9C9
SHA-512:	3A82FA0A5BCB849DA369DBD94EA364AE70EFE0615D7C2A0E5AEF2987DA19EA3019EF0C5649B484ED2B9174325592C9D0F157326DC1A2BF80889B289DC01C22BD
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	2.2173326090199037
Encrypted:	false
SSDEEP:	24:7+tyS6wKfqLLzkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzf:7MrWfqPmFTIF3XmHjBoGGR+jMz+LhDa
MD5:	E63B8CEF0823D6B94AF2DE9C03AF9449
SHA1:	0414550494D080124BBD56311AA946BFECB43538
SHA-256:	0F8448190EA54DFE1907858FF53622B11312136001EB1F1CCCA94145BB36F275
SHA-512:	59E4523A50F368226A6A8F5C2918C278165EC5C351BB87F24577A9B06FA903C7B321E9AA6CB3D5640F9C5162B05163793315853B18ECBD45CE38A4902239C90E
Malicious:	false
Preview:	.... .c......8..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.734169656628181
Encrypted:	false
SSDEEP:	3:kkFkl4jFakfllXlE/HT8k9BtNNX8RolJuRdxLlGB9lQRYwpDdt:kKhjFeT805NMa8RdWBwRd
MD5:	3573E49B9CE77E2CDC400985A1AC132F
SHA1:	5E42113ED79CD8F3F69446D47A6F6C4E392A0209
SHA-256:	4EE73B22B155C960B407B48A4969130D616A98F1F4E9F65D44E3EF26DF55E5AA
SHA-512:	C3B0E2E1DAB0D087E623860D35E44D8DE0D4152F841B16B92F9D3DD9B7A9F95FE1E6C876F37D8C39349DDC591304E651F67A58BBD7F949B89372C476A2D1678F
Malicious:	false
Preview:	p...... ............=...(....................................................... ..........W.....r..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.247897867253901
Encrypted:	false
SSDEEP:	6:kK+F9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:PDImsLNkPlE99SNxAhUe/3
MD5:	440B15A98BAE88AA3831AB27EE801720
SHA1:	41D0FE22D6D0DE2C7694F4B3E69EB6533492A77B
SHA-256:	EECA2F0208B182A8328461D432D2A599C66F73426703A11F619AB16280504A40
SHA-512:	3A7DF83CB9DB4BA4990327872A23F45130634FEB3A611BF23EF9066A018AA1C4ABBF8ACEFDA1EF5924CCAA8B710FF1E2AF65B234A4E45749361DD38B2A6156EC
Malicious:	false
Preview:	p...... ..........)A=...(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4860

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.35125907829891
Encrypted:	false
SSDEEP:	6:YEQXJ2HXldxxV4mSg1c2LjcWkHvR0YR7WieoAvJM3g98kUwPeUkwRe9:YvXKXnxxVrT5LjIPF7DVGMbLUkee9
MD5:	707F273251926C2049A44853F321C9EB
SHA1:	84DF7863F1442A2752E77A6EF229CDD47AAB72AE
SHA-256:	CDF799C2D6CFE11AC773D85E04606E3A81EF560DA6D81AF8DCDC0141652CD297
SHA-512:	05C8C2B94D173AC5CDD76F43602D7C147753DCDF7688EE3B7B49096EDDC2730DE83B32A6E8A88953703232D5A3A7A232F8F800919E1EEAC75F04267D9A22142F
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"96862353-ad7f-468a-a9b7-0fc93e6742ed","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1727876620410,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.302989365295637
Encrypted:	false
SSDEEP:	6:YEQXJ2HXldxxV4mSg1c2LjcWkHvR0YR7WieoAvJfBoTfXpnrPeUkwRe9:YvXKXnxxVrT5LjIPF7DVGWTfXcUkee9
MD5:	AF4A6AB23782DD65E337E4EC6EC97886
SHA1:	7AE0CAAE73A42DF0F7A89EA26A9703ABBDEC53F4
SHA-256:	3FDE8328F1311B0D4CA8AA5786A1BE3570C5D1AB8A772DFDE856A0E3F5FD9921
SHA-512:	BDD70CBE2A670005B4F664829F491826FDE2B7920AEEB4F0D4DFB8C16E6AA540A644283C554A774E6F86FC6B09CED5BDCC210FDD8D735017DA71129A0618475B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"96862353-ad7f-468a-a9b7-0fc93e6742ed","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1727876620410,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.281984400690713
Encrypted:	false
SSDEEP:	6:YEQXJ2HXldxxV4mSg1c2LjcWkHvR0YR7WieoAvJfBD2G6UpnrPeUkwRe9:YvXKXnxxVrT5LjIPF7DVGR22cUkee9
MD5:	20E279730B8E6D406EF37DFF8886B8B8
SHA1:	6E123C42D70F7BF37D629BE89B50D3604632B0D8
SHA-256:	75CFD4033B29C0A9D97BB8DFA40DC9D35990B8FFA593E28DFFA843CCFDB5F641
SHA-512:	EDE14A96DB653190E3DB0903D8819E7E1945F93751CB8D7052F2912DC0D5D7AB856996B8D855BBF829F459E19AEB1060F910B77660C4E6F7EB3FB82BB2C69887
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"96862353-ad7f-468a-a9b7-0fc93e6742ed","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1727876620410,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.331836398295606
Encrypted:	false
SSDEEP:	6:YEQXJ2HXldxxV4mSg1c2LjcWkHvR0YR7WieoAvJfPmwrPeUkwRe9:YvXKXnxxVrT5LjIPF7DVGH56Ukee9
MD5:	00190C49C7964B05BAE78EB0A0CC5E52
SHA1:	B02884C605A6F068A2CAE1B063450C690A99C24D
SHA-256:	C97C0E93BCAF638ABE478C4FE16E47BF1038036B6E721D09287A36FEC2FE6B70
SHA-512:	A18B1D2EAC4999576A8470066592F7E8A85B36E28790873DD59DACA76A81E973A9BBE337D566ACC2210069041843D4D7B2DF7B41478CA80A0F2027FCFCA1EE87
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"96862353-ad7f-468a-a9b7-0fc93e6742ed","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1727876620410,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	5.673267383408414
Encrypted:	false
SSDEEP:	24:Yv6XnhT5XId7epLgEFqciGennl0RCmK8czOCY4w2e6:YvCXiehgLtaAh8cvYvY
MD5:	7FED08D56842954FB16BAA618F190BC6
SHA1:	BFAFADB54418FB3E83BB49C25596A90257F24895
SHA-256:	FAA8CF45021C0794E83136D6F4D18B420A03CFAB2A68AF329AFF5E4F0FC8EE93
SHA-512:	9F739523C4EED88E1373E0676267733CD8286C3A0CDC5C7D8E15069077631A8EC94671C5BED6934025A09756C25514F65B256518DF65350E814F92967AEF2B0A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"96862353-ad7f-468a-a9b7-0fc93e6742ed","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1727876620410,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.665233100639197
Encrypted:	false
SSDEEP:	24:Yv6XnhT5XId7IVLgEF0c7sbnl0RCmK8czOCYHflEpwiVe6:YvCXiIFg6sGAh8cvYHWpwO
MD5:	C862DEB130BA77200AAF28FAF2F70862
SHA1:	3746F13B5D664329CECF9B6D469D6DAE7BB0F685
SHA-256:	8A9B23B831C1F2B0E3015331A39D8252C5BDFBA5E18D98CBA0CBB42860C88507
SHA-512:	FA3120885EB80FED12F669C2B04E8AB481AC469EE1237448F3C133115AAB87346ADB1D9E80FE405BAA983A13B9938D29153BB0CB3B1A021AC9C60577B74C0B6C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"96862353-ad7f-468a-a9b7-0fc93e6742ed","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1727876620410,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.294590531994167
Encrypted:	false
SSDEEP:	6:YEQXJ2HXldxxV4mSg1c2LjcWkHvR0YR7WieoAvJfQ1rPeUkwRe9:YvXKXnxxVrT5LjIPF7DVGY16Ukee9
MD5:	3C09FE5ECA8081F200C036FBD5E77592
SHA1:	2DA7CCCD8BCB69BC32F022421A53D2205E153DB6
SHA-256:	92B8E1A4A69AED2E31E45E89FD5EE0BB4E72C990A5D9ABF78134710693BC6829
SHA-512:	EACB1F406CB6FF1D5D86F84137F9033A49D8BA692ACA0B7E39E884D437A60F75E7349EA46AF174968631DBA9D4C1E0E6B11D6614FC4EC563FFC5DDD71A0E3865
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"96862353-ad7f-468a-a9b7-0fc93e6742ed","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1727876620410,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1038
Entropy (8bit):	5.656234184252219
Encrypted:	false
SSDEEP:	24:Yv6XnhT5XId7N2LgEF7cciAXs0nl0RCmK8czOCAPtciBe6:YvCXiNogc8hAh8cvAR
MD5:	82A26E79BDFFA447EBE6160B10CF52C0
SHA1:	24AD16D5D7C50294304FD1C4DA49CB3D87B2052C
SHA-256:	C40CED2C78AF25CA94423CA57780A3BB8FFE5D5AA6301CBC76E876F499280743
SHA-512:	768D5014935D191CF106DF002CAF00B5F4FA618339B231ED5E9E65774FABA06E59493D9B24193EE7762C159840520E5194D6E6D159772325A8D54352B0BD2801
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"96862353-ad7f-468a-a9b7-0fc93e6742ed","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1727876620410,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.70572874188224
Encrypted:	false
SSDEEP:	24:Yv6XnhT5XId7lKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5e6:YvCXilEgqprtrS5OZjSlwTmAfSKd
MD5:	C5C3C5E17D1FFD0907C4F2AFEDBDC367
SHA1:	FCBB76447CD99A029655C3D769866EF9401A47C6
SHA-256:	3F669DBE9606300131BA069C27DCDB0CB32D784AF34596C78B0A142464C956DD
SHA-512:	E8624BC5099F071508C2A25248AB52F02419C273E8678D98FA3AF66BD4FAAA114A5E3DA06AFE1EA51C4BB04ED93614EE15C56A2279E0325EAA3AF269DC0ED1A4
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"96862353-ad7f-468a-a9b7-0fc93e6742ed","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1727876620410,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.3092058204521315
Encrypted:	false
SSDEEP:	6:YEQXJ2HXldxxV4mSg1c2LjcWkHvR0YR7WieoAvJfYdPeUkwRe9:YvXKXnxxVrT5LjIPF7DVGg8Ukee9
MD5:	1A9FB6B48DFE2A5664CCAC78724C8FF4
SHA1:	F8B6F8C9EA760167B5E5050ECCD25462430C01F7
SHA-256:	C7E6FA2F39F9626C7D62D5230C28DA209B3724A958CD9E9CDEF457800FFDE86B
SHA-512:	8AF8E66D1416FB7B01422270F4A672C629E04E0145B141FFFCC8663C15EBDDAAC4114D0E400167EC2B0E285E947B8B80CAC8B0B4D1CC779D36F0740607CB4189
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"96862353-ad7f-468a-a9b7-0fc93e6742ed","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1727876620410,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.778980863808491
Encrypted:	false
SSDEEP:	24:Yv6XnhT5XId7YrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNG6:YvCXiYHgDv3W2aYQfgB5OUupHrQ9FJd
MD5:	5B4E12157C21C652DB15319B37F379B8
SHA1:	55E0062AD4BA6D95E711C6BB00C4DE1FA42BB36C
SHA-256:	3D0B64CB84B2A356793686A8CB97BF2E9C5E2B3EB08F5DC16C40D394DE7FE18A
SHA-512:	90072A122056570BDADC3985C13CD796DDFB4CE95D3DE193552662DBC2DC70D19E52AADDC2FE105A601F3CCFC37FBFFD529C584D64115ECE4646E2D1BA6D856F
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"96862353-ad7f-468a-a9b7-0fc93e6742ed","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1727876620410,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.292689647882339
Encrypted:	false
SSDEEP:	6:YEQXJ2HXldxxV4mSg1c2LjcWkHvR0YR7WieoAvJfbPtdPeUkwRe9:YvXKXnxxVrT5LjIPF7DVGDV8Ukee9
MD5:	353816800D84FC796724EDE439FF3104
SHA1:	51155257600B315F56A849F41AA99291B75BA0C1
SHA-256:	E6D1472A8BF1CB8AFE8367D257DB8E113CBE3C728A6A5123554BADF350F2C347
SHA-512:	A3C5ACDE24E9E874D60D6A6F6DA36E028E1FF6C07A368A2994E1EED1E2347EEA69FC6950FAB43CE2D0BCC930BD8F17D00E18EDA43928432C93C03F18551D3657
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"96862353-ad7f-468a-a9b7-0fc93e6742ed","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1727876620410,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.2851872438978225
Encrypted:	false
SSDEEP:	6:YEQXJ2HXldxxV4mSg1c2LjcWkHvR0YR7WieoAvJf21rPeUkwRe9:YvXKXnxxVrT5LjIPF7DVG+16Ukee9
MD5:	D3CC9474ACCEFD5630440B371567671D
SHA1:	5A98E4AF7D222A407E397DAE2B47410EACC4D6AA
SHA-256:	D64C42A9D31B2A5A022A5EE89319CE16FA4769DF4944A738E3B6CF7DFDE2A3AB
SHA-512:	D03FAAFC976574B3E88084C3F7E315A5213B276CEAD67BD4BED7D19DC6D4EA8F2C57698B5E68A77859669B2FC8D50606519A5B2A951B206B10900D6519612B1B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"96862353-ad7f-468a-a9b7-0fc93e6742ed","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1727876620410,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1058
Entropy (8bit):	5.6649025303162635
Encrypted:	false
SSDEEP:	24:Yv6XnhT5XId7CamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8Be6:YvCXicBguOAh8cv+NKw
MD5:	5C183BC1590ECAF8A0B98C5ED8096963
SHA1:	5DC759B19F80FFE6F1EC68A12C0A9E4B9D74B067
SHA-256:	322E27562739610DA5A80A2EA259892FE0B22B12E34492C06B6BC8FAD3A1DD32
SHA-512:	EE54F1877E4318B9E8B02C1F9F7408E2484E11990D71F19AE8B6DBD6CC9C2CAEDDEB6F0CD0ED5F39410E07FDD4549543B857E04F67C9E506765BC8A57B7F38F4
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"96862353-ad7f-468a-a9b7-0fc93e6742ed","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1727876620410,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.25866077971925
Encrypted:	false
SSDEEP:	6:YEQXJ2HXldxxV4mSg1c2LjcWkHvR0YR7WieoAvJfshHHrPeUkwRe9:YvXKXnxxVrT5LjIPF7DVGUUUkee9
MD5:	6C254B1CEBD5558EF22C83F340450085
SHA1:	230640C062A4E721E7AF9485B3656ADFEC97E7C3
SHA-256:	C91ED0B726A5915F6AE400C86EAC149272686E0E6F62CB4C5AF7751AEB94ECC6
SHA-512:	B397251C9270006B92E3E610FD9B8FA9CCF14F2DC69ADEDCD037C5B2F281FDD19473976C5B26F043756B30047CEFDB2E4882C35DFEE1E530C7A9697AD9E122D7
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"96862353-ad7f-468a-a9b7-0fc93e6742ed","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1727876620410,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.3735027816834595
Encrypted:	false
SSDEEP:	12:YvXKXnxxVrT5LjIPF7DVGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWv:Yv6XnhT5XId7V168CgEXX5kcIfANh76
MD5:	FFF9D687B1601007D6018DB1A2F692A9
SHA1:	67D64684940247BCB7B370A807F10A7E31393D41
SHA-256:	843C88B6F305700DEED875A4D1EB115CD1140F6DEDA068C48913B909FAC4E412
SHA-512:	2BC6CFCC7BA1E42FEC1202AC3FC7627B219E2A7B707163BEF47C0E62FF9C38505992EEC622E26E578A9C21120E0DDB1FE788EA2145BE54541EC6663A500199E5
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"96862353-ad7f-468a-a9b7-0fc93e6742ed","sophiaUUID":"8C4093EC-3A2E-41DD-AFC7-28A61CF92EFA"},"encodingScheme":true,"expirationDTS":1727876620410,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1727703145441}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.129737788587229
Encrypted:	false
SSDEEP:	24:Yzx1zcHrs/azayU7DZ2nWekCgOXWiikWkcejRsQaUkjUj0SuKTVH2kBjP2LSuUMQ:YK2jPci5kvU2LR9P1MWC6xx9bv
MD5:	112C84971E9CFBB61DD893E772C7B67D
SHA1:	8778CDD625F45E7BFD288B2AFBB7633C4B7DD1B3
SHA-256:	34C68AE8CD252462C5CE45791B07EFE18D6775A401D334E81CD2774E9B6A3321
SHA-512:	01691F860FC3C8E700F47B10E1FE42FE2F15AB5C1352FC0633767F468A083D46440E7960FF1310085AEA105EBF8A09E581DC008B13A120FF4E2461DFE75A88BA
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"e5be7c5b5df988042297e18469adde4f","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1727703144000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"4690e8bc7e1a58eae8e218b5faa321c4","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1727703144000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"2dc196c997a7bc2a599296d8b6265480","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1727703144000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"58734c16a02ce072121ad7b103006899","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1727703144000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"40bbf9c3cae7d94d42abd48c585d4fc7","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1727703144000},{"id":"Edit_InApp_Aug2020","info":{"dg":"05c19baf7e07735d57d50fa6ec8286bd","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 26, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 26
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.3669617850779812
Encrypted:	false
SSDEEP:	24:TLBx/XYKQvGJF7urs9S6bqyKn6ylSTofcNqDuDLXKdqEKfS8EKfM1barLF:Tll2GL7msMcKTlS8fcsu8fIN
MD5:	8BC25E8B274B8D29586796EBDB983EB5
SHA1:	1B2799122F37343B16F407BDA3F0E2A07E078D70
SHA-256:	C74A8005B1AB1940E9A5EB8F889A4B1B03504C6CA582FEEE01665516C29FB5AC
SHA-512:	9B8D1781F6B582D6D33AC1F55C8A2BCE76B1FB93062D53A40DEF0C34C4B5F624000E8006BE2DDE80FFEDD47CF86C8C7C391EF54C9251C1D643187C09C0F7B355
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.8441921406129085
Encrypted:	false
SSDEEP:	24:7+t5Z6bqyKn6ylSTofcNqDuDL+KdqEKfS8EKfM1banbqNqLKufx/XYKQvGJF7urI:7MrcKTlS8fcsulfIEqGufl2GL7msZ
MD5:	D8F792124A2CC4DBD3567337443B00F5
SHA1:	9517E51D7FC93F4E291E33116E03237D64098C9D
SHA-256:	18F6A1913464CB2F02B09955FCAF6A2A97FAC7EB104B42677C41C860A9038B47
SHA-512:	95A96164D85A61D9C2964D8ADF44C4BBD6D3F052A6E706A36A3301063CB3742CAB1D428E4BED3320FDE78E7BEB566785CF0BA1090D51F7DD55FCB79058BDCC5A
Malicious:	false
Preview:	.... .c........i..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^..^.^.^.^.^.^.^.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIfc8c2.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5162684137903053
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K87eUNqlH:Qw946cPbiOxDlbYnuRKI309
MD5:	8879277D939E6A56DB940F08C70AD2B5
SHA1:	30F18CECE79F37306DC751FD0E59E028AEE435A4
SHA-256:	D87DD863CCD78661F074A836FF7A7D92712BD41F78CCEDCE57FAE9D93628F44C
SHA-512:	DF732F7B4AF2A0E691E74EEACCEEA3BD16C42E8B7647C450AD396A24E9BE4AF7B7ACBC7B9EAE3A5141E9F84150D612C0AEBD5E800619DC7A7C86D69A111C6A07
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .3.0./.0.9./.2.0.2.4. . .0.9.:.3.2.:.2.1. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91xica5i_11u895v_3r0.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	144514
Entropy (8bit):	7.992637131260696
Encrypted:	true
SSDEEP:	3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
MD5:	BA1716D4FB435DA6C47CE77E3667E6A8
SHA1:	AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
SHA-256:	AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
SHA-512:	65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
Malicious:	false
Preview:	PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..\|....,.A.....Z..a<.C._..../G\|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.\|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r\|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?\|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9tnioiq_11u895s_3r0.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	144514
Entropy (8bit):	7.992637131260696
Encrypted:	true
SSDEEP:	3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
MD5:	BA1716D4FB435DA6C47CE77E3667E6A8
SHA1:	AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
SHA-256:	AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
SHA-512:	65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
Malicious:	false
Preview:	PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..\|....,.A.....Z..a<.C._..../G\|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.\|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r\|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?\|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-30 09-32-16-163.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.330589339471305
Encrypted:	false
SSDEEP:	384:usQfQQjZyDzISMjg0svDBjA49Y0/sQHpMVhrSWD0Wny6WxIWd44mJmtaEKHvMMwh:Ink
MD5:	5BC0A308794F062FEC40F3016568DF9F
SHA1:	14149448191AB45E99011CBBEF39F2A9A03A0D15
SHA-256:	00D910C49F2885F6810F4019A916EFA52F12881CBF1525853D0C184E1B796473
SHA-512:	CF12E0787C1C2A129BE61C4572CF8A28FC48039B2ADFD1816E58078D8DD900771442F210C545AD9B3F4EAEC23F6F1480F7BBF262B6A631160B20D0785BC17242
Malicious:	false
Preview:	SessionID=eddad23d-dbc6-40b3-ba9e-21a55d862f0a.1696497318171 Timestamp=2023-10-05T10:15:18:171+0100 ThreadID=7060 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=eddad23d-dbc6-40b3-ba9e-21a55d862f0a.1696497318171 Timestamp=2023-10-05T10:15:18:172+0100 ThreadID=7060 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=eddad23d-dbc6-40b3-ba9e-21a55d862f0a.1696497318171 Timestamp=2023-10-05T10:15:18:172+0100 ThreadID=7060 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=eddad23d-dbc6-40b3-ba9e-21a55d862f0a.1696497318171 Timestamp=2023-10-05T10:15:18:172+0100 ThreadID=7060 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=eddad23d-dbc6-40b3-ba9e-21a55d862f0a.1696497318171 Timestamp=2023-10-05T10:15:18:172+0100 ThreadID=7060 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.361275218367118
Encrypted:	false
SSDEEP:	384:DeKX6KToZfYwV//no3ndiwqDeON2A873vYZuqI+WYQN59D5bQ+wJe8YtYdQTy56r:KA9
MD5:	A7D1D5E826F037C42A7AA2C02B1AA217
SHA1:	D2994381F9319CB148ADE58E56A30106C5FD5682
SHA-256:	7516E602A1CA0DA0F107820630D7B554412EE7555C6595F9F5611B1077420563
SHA-512:	2B4273D64797BEE8A7BD4EF531DB705537CD9C0C9F88A4280F541BE5C44C2D59642F0A44EB4339967A2D16A2CD3322AF4B82F69836FDD1FCDD542F8CF3CA8C16
Malicious:	false
Preview:	SessionID=77fafb08-6754-4536-bb0e-c351e0417bd3.1727703136183 Timestamp=2024-09-30T09:32:16:183-0400 ThreadID=2188 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=77fafb08-6754-4536-bb0e-c351e0417bd3.1727703136183 Timestamp=2024-09-30T09:32:16:184-0400 ThreadID=2188 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=77fafb08-6754-4536-bb0e-c351e0417bd3.1727703136183 Timestamp=2024-09-30T09:32:16:184-0400 ThreadID=2188 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=77fafb08-6754-4536-bb0e-c351e0417bd3.1727703136183 Timestamp=2024-09-30T09:32:16:184-0400 ThreadID=2188 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=77fafb08-6754-4536-bb0e-c351e0417bd3.1727703136183 Timestamp=2024-09-30T09:32:16:184-0400 ThreadID=2188 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.400008385327622
Encrypted:	false
SSDEEP:	192:icbENIn5cbqlcbgIpLcbJcb4I5jcbKcbQIrxcbmXcbQJITdcbR:8qnXopZ50rHWTS
MD5:	4D8BCA8311E03A60C1D20171ADF141FD
SHA1:	DD5504FA86AD67310FF1C2F36C24885631F6B110
SHA-256:	0B0D8EE337CB682A83191A84800E64BA2209D6FED198462083A36477A210E457
SHA-512:	7D05152D20C64D46CF4D0DC285B28B62050F84757CA97DA5226355F79175DE1D4BF16B12182DC12CF1F06ED8A20877A40B71CC4133AA2EAEC1E192887D122957
Malicious:	false
Preview:	05-10-2023 10:01:02:.---2---..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : *************************************..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : ***********************************..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 10:01:02:.Closing File..05-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\01201a76-a451-4780-a30b-3bd839ce556c.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\494894c7-2a44-4739-a6ec-c49a89481948.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 42290
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:6Dbdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WL07oXGZGwYIGNPJF:cb3mlind9i4ufFXpAXkrfUs0jWLxXGZY
MD5:	279B811F8FB7ED83618C0B37825CCF25
SHA1:	5718DA0EF8F5A938CB88800665F18C9B805208B2
SHA-256:	2AF4D3CE45FACE3A6DF83A17E90912767BE01A6F2C96AD8B3F270FDB13F77E46
SHA-512:	74A736359646F91F28AC496DFFF249D0E5B005AA6BB34DAFDDE3C2A29B70D52E6F865239579AC94540AAB0D20BFC03AE6501814358D2122FCB60A4591213A9B9
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\8c7080df-ae4f-456a-9557-a6eb5c05cdd9.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\abadca73-2d8e-4553-96cc-1d6a16f4b90f.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/rwYIGNP4mOWL07oBGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:TwZG6bWLxBGZN3mlind9i4ufFXpAXkru
MD5:	95F182500FC92778102336D2D5AADCC8
SHA1:	BEC510B6B3D595833AF46B04C5843B95D2A0A6C9
SHA-256:	9F9C041D7EE1DA404E53022D475B9E6D5924A17C08D5FDEC58C0A1DCDCC4D4C9
SHA-512:	D7C022459486D124CC6CDACEAD8D46E16EDC472F4780A27C29D98B35AD01A9BA95F62155433264CC12C32BFF384C7ECAFCE0AC45853326CBC622AE65EE0D90BA
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	98682
Entropy (8bit):	6.445287254681573
Encrypted:	false
SSDEEP:	1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L
MD5:	7113425405A05E110DC458BBF93F608A
SHA1:	88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF
SHA-256:	7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46
SHA-512:	6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D
Malicious:	false
Preview:	0...u0...\...0....H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240807121815Z..240814121815Z0..~.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!... .}...\|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	737
Entropy (8bit):	7.501268097735403
Encrypted:	false
SSDEEP:	12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa
MD5:	5274D23C3AB7C3D5A4F3F86D4249A545
SHA1:	8A3778F5083169B281B610F2036E79AEA3020192
SHA-256:	8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97
SHA-512:	FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574
Malicious:	false
Preview:	0...0.....0....H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..240806194648Z..240827194648Z.00.0...U.#..0.......q]dL..g?....O0...U........0....H.............vz..@.Nm...6d...t;.Jx?....6...p...#.[.......o.q...;.........?......o...^p0R.......~....)....i.n;A.n.z..O~..%=..s..W.4.+........G...*..=....xen$_i"s..\...L..4../<.4...G.....L...c..k@.J.rC.4h.c.ck./.Q-r53..a#.8#......0.n......a.-'..S. .>..xAKo.k.....;.D>....sb '<..-o.KE...X!i.].c.....o~.q........D...`....N... W:{.3......a@....i....#./..eQ...e.......W.s..V:.38..U.H{.>.....#....?{.....bYAk'b0on..Gb..-..).."q2GO<S.C...FsY!D....x..]4.....X....Y...Rj.....I.96$.4ZQ&..$,hC..H.%..hE....

Static File Info

General

File type:	PDF document, version 1.4, 1 pages
Entropy (8bit):	7.653670822998931
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	JmoLm3fk6x.pdf
File size:	17'772 bytes
MD5:	e762f98ebf5e28324ccc2fa4ba4fc3bb
SHA1:	eff5094bb9056a44fe39ccfe4c480caad61f8096
SHA256:	53812d7bdaf5e8e5c1b99b4b9f3d8d3d7726d4c6c23a72fb109132d96ca725c2
SHA512:	2185c0794426d3a430e5f90fd83ecd0bfb00705b6856819b71cf02a94dda47d63ba798fec83abbb1f7883c267ee2976917e13896f3b70b0abfd262e400aa9060
SSDEEP:	192:DVkkw6D71gBGmM2KMDUyoSvKGTzBvOZ9TJJxzIMDxjvK0S9YaAt86zgjIL1rJs9L:DVkkn/WC8KGBshzrvKx6UjMnT62Dk
TLSH:	8182BE52D3844C49E566CA115B3932DF5BAF3E05A6CCB1D3005BBE05433287AF1A7BEA
File Content Preview:	%PDF-1.4.%......1 0 obj.<< ./Creator (Canon iR-ADV 6555 PDF)./CreationDate (D:20230213085957+01'00')./Producer (\376\377\000A\000d\000o\000b\000e\000 \000P\000S\000L\000 \0001\000.\000\.3\000e\000 \000f\000o\000r\000 \000C\000a\000n\000o\000n\000\000).>>

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.653671
Total Bytes:	17772
Stream Entropy:	7.722620
Stream Bytes:	15405
Entropy outside Streams:	5.125351
Bytes outside Streams:	2367
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	13
endobj	13
stream	8
endstream	8
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 6528, Parent PID: 3504

General

Target ID:	0
Start time:	09:32:12
Start date:	30/09/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\JmoLm3fk6x.pdf"
Imagebase:	0x7ff6153b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 1760, Parent PID: 6528

General

Target ID:	2
Start time:	09:32:15
Start date:	30/09/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff61f300000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 6620, Parent PID: 1760

General

Target ID:	4
Start time:	09:32:16
Start date:	30/09/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1604,i,14599695127855173402,3569513226058056659,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff61f300000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report JmoLm3fk6x.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\53a52fe6-a4b3-4a84-8292-ef5c706ea182.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240930133219Z-186.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4860

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Windows Analysis Report
JmoLm3fk6x.pdf