Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
nference.pdf

Overview

General Information

Sample name:nference.pdf
renamed because original name is a hash value
Original sample name:9th Annual European Medical Device and Diagnostic Sales Training and Clinical Education Conference.pdf
Analysis ID:1524028
MD5:c29f553dab871caf1c324a362b9e9496
SHA1:50a9a32815e697ee4d5b05b2487ca5b0beff7ec4
SHA256:5d491cd99ea9efbda91c8f304ae498f7aeef140aef81f7ac77851fc67f64a9d5
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs DNS queries)

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 5724 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\nference.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 4904 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7272 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1748,i,17802959422580266742,13211954815294876157,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: classification engineClassification label: clean0.winPDF@14/44@3/0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3980Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-02 06-21-49-223.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\nference.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1748,i,17802959422580266742,13211954815294876157,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1748,i,17802959422580266742,13211954815294876157,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: nference.pdfInitial sample: PDF keyword /JS count = 0
Source: nference.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: nference.pdfInitial sample: PDF keyword /Page count = 19
Source: nference.pdfInitial sample: PDF keyword stream count = 192
Source: nference.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: nference.pdfInitial sample: PDF keyword endobj count = 366
Source: nference.pdfInitial sample: PDF keyword endstream count = 192
Source: nference.pdfInitial sample: PDF keyword obj count = 366
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: nference.pdfBinary or memory string: ZW^^~QEMUi

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1524028 Sample: nference.pdf Startdate: 02/10/2024 Architecture: WINDOWS Score: 0 13 x1.i.lencr.org 2->13 7 Acrobat.exe 20 74 2->7         started        process3 process4 9 AcroCEF.exe 107 7->9         started        process5 11 AcroCEF.exe 2 9->11         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
nference.pdf0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
x1.i.lencr.org0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalseunknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1524028
Start date and time:2024-10-02 12:20:45 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 14s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:11
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:nference.pdf
renamed because original name is a hash value
Original Sample Name:9th Annual European Medical Device and Diagnostic Sales Training and Clinical Education Conference.pdf
Detection:CLEAN
Classification:clean0.winPDF@14/44@3/0
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.227.187.23, 52.5.13.197, 23.22.254.206, 52.202.204.11, 2.19.126.143, 2.19.126.149, 172.64.41.3, 162.159.61.3, 2.23.197.184, 88.221.124.138
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

TimeTypeDescription
06:21:59API Interceptor1x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

InputOutput
URL: PDF document Model: jbxai
{
"Status":"Unavailable"}

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):292
Entropy (8bit):5.179961305290669
Encrypted:false
SSDEEP:6:WwunQyq2Pwkn2nKuAl9OmbnIFUt8BwW4G1Zmw+BwzSQRkwOwkn2nKuAl9OmbjLJ:JsQyvYfHAahFUt8CW4g/+CzSQR5JfHAR
MD5:4237B2ECF28C68ED9222A706B86FA76B
SHA1:E11A8A7BE5367836BD4557826323CCF53A168B2F
SHA-256:0F3E3F308CA49F232DDB3E44FB36DB2C0B043DE7E3C11A97889AFD7276EDA69B
SHA-512:5EACFA27061FCD97CC23E8E62A9EE16A865A84723F65E26A318A540CF2E04CC9BB10B4796725131426DA7276FB8D1FC9CD6F87EC5DDC59EF00DA27267F30176E
Malicious:false
Reputation:low
Preview:2024/10/02-06:21:46.915 1690 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/02-06:21:46.916 1690 Recovering log #3.2024/10/02-06:21:46.917 1690 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):292
Entropy (8bit):5.179961305290669
Encrypted:false
SSDEEP:6:WwunQyq2Pwkn2nKuAl9OmbnIFUt8BwW4G1Zmw+BwzSQRkwOwkn2nKuAl9OmbjLJ:JsQyvYfHAahFUt8CW4g/+CzSQR5JfHAR
MD5:4237B2ECF28C68ED9222A706B86FA76B
SHA1:E11A8A7BE5367836BD4557826323CCF53A168B2F
SHA-256:0F3E3F308CA49F232DDB3E44FB36DB2C0B043DE7E3C11A97889AFD7276EDA69B
SHA-512:5EACFA27061FCD97CC23E8E62A9EE16A865A84723F65E26A318A540CF2E04CC9BB10B4796725131426DA7276FB8D1FC9CD6F87EC5DDC59EF00DA27267F30176E
Malicious:false
Reputation:low
Preview:2024/10/02-06:21:46.915 1690 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/02-06:21:46.916 1690 Recovering log #3.2024/10/02-06:21:46.917 1690 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):336
Entropy (8bit):5.1731106786760055
Encrypted:false
SSDEEP:6:WwfM+q2Pwkn2nKuAl9Ombzo2jMGIFUt8BwrMKmZmw+BwrMKpMVkwOwkn2nKuAl97:JfM+vYfHAa8uFUt8Cr9m/+Cr9pMV5Jfg
MD5:57E70970C8C55A53FB18A8C2AD082E4F
SHA1:2AB60BB9E33AD44BFF07CDF827DECBD114DD5501
SHA-256:DE8714BDB520642A0F34F0DBAFE935CC098D8178C93CBB61426710E7870EA60F
SHA-512:DEB5379A51C13EA3B031967C39B355281F52D8C98A8402EF8A8A5B18B505A326BD87F0A37664D6266E994E6DE782D6F583D7663FF6037E5A7E3547DB11CD22A7
Malicious:false
Reputation:low
Preview:2024/10/02-06:21:46.959 1c8c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/02-06:21:46.960 1c8c Recovering log #3.2024/10/02-06:21:46.960 1c8c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):336
Entropy (8bit):5.1731106786760055
Encrypted:false
SSDEEP:6:WwfM+q2Pwkn2nKuAl9Ombzo2jMGIFUt8BwrMKmZmw+BwrMKpMVkwOwkn2nKuAl97:JfM+vYfHAa8uFUt8Cr9m/+Cr9pMV5Jfg
MD5:57E70970C8C55A53FB18A8C2AD082E4F
SHA1:2AB60BB9E33AD44BFF07CDF827DECBD114DD5501
SHA-256:DE8714BDB520642A0F34F0DBAFE935CC098D8178C93CBB61426710E7870EA60F
SHA-512:DEB5379A51C13EA3B031967C39B355281F52D8C98A8402EF8A8A5B18B505A326BD87F0A37664D6266E994E6DE782D6F583D7663FF6037E5A7E3547DB11CD22A7
Malicious:false
Reputation:low
Preview:2024/10/02-06:21:46.959 1c8c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/02-06:21:46.960 1c8c Recovering log #3.2024/10/02-06:21:46.960 1c8c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:dropped
Size (bytes):475
Entropy (8bit):4.95774050953709
Encrypted:false
SSDEEP:12:YH/um3RA8sqtVWsBdOg2HMZcaq3QYiubInP7E4T3y:Y2sRds27dMHMg3QYhbG7nby
MD5:28684C3CDEF4EF4BEF2C5B5183CEFBC3
SHA1:5CCF09F07D16CD1296F8DA19BC25429EC38ACA84
SHA-256:10DCEBAC75A33DAD38FFFBB7376D1A54E3307D127B21EA253269B7AE9502B0FD
SHA-512:004C4BCA56AADCBF0975E3E26A3C3722B39888435611A7379687E27A8B768FE98E33CD406F52238FF25B5416C19A5DFE1FE82ADFA510095876F42EAF882A5BC7
Malicious:false
Reputation:low
Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372424512758363","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":375317},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\ee492608-dd81-423d-aab2-caf9b4444d8e.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:modified
Size (bytes):475
Entropy (8bit):4.95774050953709
Encrypted:false
SSDEEP:12:YH/um3RA8sqtVWsBdOg2HMZcaq3QYiubInP7E4T3y:Y2sRds27dMHMg3QYhbG7nby
MD5:28684C3CDEF4EF4BEF2C5B5183CEFBC3
SHA1:5CCF09F07D16CD1296F8DA19BC25429EC38ACA84
SHA-256:10DCEBAC75A33DAD38FFFBB7376D1A54E3307D127B21EA253269B7AE9502B0FD
SHA-512:004C4BCA56AADCBF0975E3E26A3C3722B39888435611A7379687E27A8B768FE98E33CD406F52238FF25B5416C19A5DFE1FE82ADFA510095876F42EAF882A5BC7
Malicious:false
Reputation:low
Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372424512758363","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":375317},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:data
Category:dropped
Size (bytes):4730
Entropy (8bit):5.255060262379189
Encrypted:false
SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo74wG4xZ:etJCV4FiN/jTN/2r8Mta02fEhgO73god
MD5:D0C4D276466E584ECE5D287B2A4247EE
SHA1:4A67F7614BBE87008B93A7543FEE140F757F54A4
SHA-256:A8A09C05D430B97D93AE5D659243502FD4EE4A35318DC197F652AA8FD00ACD1A
SHA-512:69B114AE163FC4D0F4A5864C918BAE026BBA816DD9C74C819C6767E24D384EDE930050B138B8F4CA99391DAF0E231E6AF6AC1329E270B902A21FFCF22BD64528
Malicious:false
Reputation:low
Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):324
Entropy (8bit):5.14976657153532
Encrypted:false
SSDEEP:6:WwlM+q2Pwkn2nKuAl9OmbzNMxIFUt8BwyFYZmw+Bw1bMVkwOwkn2nKuAl9OmbzNq:JlM+vYfHAa8jFUt8CWY/+CVMV5JfHAab
MD5:511E6B09E44891045B83DC7B60B7EE59
SHA1:AA629774168098D91450D81C5394AD6F1AC5DB7A
SHA-256:3F51EAFC7A34D9F128812706D30D760C29FBA500D3CA12BB116680FB102DCB66
SHA-512:9D5F23F6D9E9EEA38CEC2EE7D32933304B96117CB69733D6C21CED078ADCB91186EE7736781756B3FEB3AA3778E9D8FAF54E53095613A5919DD4A7D57962F14B
Malicious:false
Reputation:low
Preview:2024/10/02-06:21:47.224 1c8c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/02-06:21:47.232 1c8c Recovering log #3.2024/10/02-06:21:47.242 1c8c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):324
Entropy (8bit):5.14976657153532
Encrypted:false
SSDEEP:6:WwlM+q2Pwkn2nKuAl9OmbzNMxIFUt8BwyFYZmw+Bw1bMVkwOwkn2nKuAl9OmbzNq:JlM+vYfHAa8jFUt8CWY/+CVMV5JfHAab
MD5:511E6B09E44891045B83DC7B60B7EE59
SHA1:AA629774168098D91450D81C5394AD6F1AC5DB7A
SHA-256:3F51EAFC7A34D9F128812706D30D760C29FBA500D3CA12BB116680FB102DCB66
SHA-512:9D5F23F6D9E9EEA38CEC2EE7D32933304B96117CB69733D6C21CED078ADCB91186EE7736781756B3FEB3AA3778E9D8FAF54E53095613A5919DD4A7D57962F14B
Malicious:false
Reputation:low
Preview:2024/10/02-06:21:47.224 1c8c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/02-06:21:47.232 1c8c Recovering log #3.2024/10/02-06:21:47.242 1c8c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241002102151Z-155.bmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PC bitmap, Windows 3.x format, 164 x -116 x 32, cbSize 76150, bits offset 54
Category:dropped
Size (bytes):76150
Entropy (8bit):3.373829615489924
Encrypted:false
SSDEEP:768:Ahc3zJDzHI+DLeBkyyBZiHz11gBWtaOcP4YMa73Ps1DS:ac3zJDzo+DLeBkyyBZiHz11gBWtaO+d
MD5:B6650A80E357B9E75665798727AB6157
SHA1:B7E3AB87F6DB1DA1C68F04A422C4D112FD1429EE
SHA-256:7AC578FF3700A3F92C6E22EE7193330C49AD7E689A162F97558D08A9AB3E6A17
SHA-512:BB71D404F01D9123537CCD62E8208A0AF699F55FA83035244678B2D4080089663AD5A76F738AA9F7CA11A05D8866E23B34164FD20D0C5B5E4FCEE6DBC19C890B
Malicious:false
Preview:BMv)......6...(............. .................................................................................................................................................................................................................................................................................................................e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.e.+.............................................................................................................................................................................................................................................................................................e.+.e.

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:dropped
Size (bytes):86016
Entropy (8bit):4.444974597873706
Encrypted:false
SSDEEP:384:yezci5tmiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rps3OazzU89UTTgUL
MD5:B6A6A0BD9F449BE4255F5FC6D06EB946
SHA1:AED8EC2A2AF7FE424D9C146B1A1535DFEFFD7FE4
SHA-256:5C346A89179B86EE8985622104F92923C6BACCF183A271F051ECCC0A692F1BDC
SHA-512:4893C9C0BE4690951C92FED008FB3FC22E71ADB88270223D8194003B22185BFED86A5D1C32D216E4A60DB148007A96C7294883F4043CB6BF049CB876A6A51F71
Malicious:false
Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):8720
Entropy (8bit):3.7705008396095674
Encrypted:false
SSDEEP:48:7M3p/E2ioyV1ioy9oWoy1Cwoy11KOioy1noy1AYoy1Wioy1hioybioy9oy1noy15:7Upju1FwXKQs3b9IVXEBodRBkB
MD5:8DE6594BDBC519F0F0BB52B6BA2EFD4F
SHA1:A914ABD344EB19F89108652F1A4774A25421CD48
SHA-256:58FB2FEFFB0C6973B124F1E6794A4D6228C7CB89A3FE7AFA58483D046ACA6A1F
SHA-512:3ADB2E1308B3D5998E392AF71E6CF678409302C15035F38CDA44AA9E8493A021F44D9D27460A9D5602CAB7DF7ED0C30DEBD043578D3D065677FFA7ED9CF0849F
Malicious:false
Preview:.... .c.....Or.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:Certificate, Version=3
Category:dropped
Size (bytes):1391
Entropy (8bit):7.705940075877404
Encrypted:false
SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:false
Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:data
Category:dropped
Size (bytes):192
Entropy (8bit):2.779094196322516
Encrypted:false
SSDEEP:3:kkFkl4fDX+El1fllXlE/HT8kxd/XNNX8RolJuRdxLlGB9lQRYwpDdt:kKhfDX+El2T84ldNMa8RdWBwRd
MD5:8DAD6B01652C1762C5FD9351F9FAF934
SHA1:B4BB4621DCDD2173641306D7F55F4D96F6B0A60C
SHA-256:2356192211E32F2812D26A31F92F2D73598651C9DB45C9CB47334DBAC160761A
SHA-512:0CAFD795070956FEB69F4C9BC9B520E9D8F618EA8EF9236146EE1BE9677166F06B00B8ED6DCC4351D1FB1B0F435294708FD4E1741369DB56BEBC2795BD4B901F
Malicious:false
Preview:p...... .........zv....(....................................................... ..........W.....+..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3980

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):185099
Entropy (8bit):5.182478651346149
Encrypted:false
SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:94185C5850C26B3C6FC24ABC385CDA58
SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:false
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):185099
Entropy (8bit):5.182478651346149
Encrypted:false
SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:94185C5850C26B3C6FC24ABC385CDA58
SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:false
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):295
Entropy (8bit):5.370208878237962
Encrypted:false
SSDEEP:6:YEQXJ2HXODE13DZUaRVoZcg1vRcR0YGVz5QqoAvJM3g98kUwPeUkwRe9:YvXKXOQDOaAZc0vl2GMbLUkee9
MD5:576CE44A1F5FA5BCD4FEADE0DADD0257
SHA1:42D108CF4544C9F56413890CCAF38EABF3280258
SHA-256:F3F16C1D7A952DE603420183A81D394AFF013ED02C3279437D7623C11577F0F5
SHA-512:B7952E233D18FAFC56B4C63333387B3C649AE21D384CA7D93DFDDA0BCB245893AFDC26D828106600CD6C88CD00B1BD3C984A1E95764F7BC8BEDC53583F71224E
Malicious:false
Preview:{"analyticsData":{"responseGUID":"f6afaf95-0680-4df3-bf01-fe698cf843c7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728040732931,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):294
Entropy (8bit):5.317008127981172
Encrypted:false
SSDEEP:6:YEQXJ2HXODE13DZUaRVoZcg1vRcR0YGVz5QqoAvJfBoTfXpnrPeUkwRe9:YvXKXOQDOaAZc0vl2GWTfXcUkee9
MD5:1F54B9A87E6700FAECEB78A805DDB4D4
SHA1:C11477BCB5C4C06F08E45CAB9DFF25764302C0C4
SHA-256:ED0E6F518C58BF80E35B343D330DDF9CD3E5DA741174E1C520ECAE1A82C77BC6
SHA-512:36F7AAB5E089D0324E66FCC4028A160498EB2E4C16A2B6A11F219F44217880DEFE5A9E36BAEA6EC5C9AEAC67B9753C8A6FAF5DCFA9489F025F22EAA03428BE0E
Malicious:false
Preview:{"analyticsData":{"responseGUID":"f6afaf95-0680-4df3-bf01-fe698cf843c7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728040732931,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):294
Entropy (8bit):5.2952676233389795
Encrypted:false
SSDEEP:6:YEQXJ2HXODE13DZUaRVoZcg1vRcR0YGVz5QqoAvJfBD2G6UpnrPeUkwRe9:YvXKXOQDOaAZc0vl2GR22cUkee9
MD5:485DF39FBFE7B92E6FF8DB1AE38BC2CD
SHA1:BBEB20BC54C818E71B98A0C0DF84A024B67CAAC4
SHA-256:EF47DC950048CBDD1A24BF52A4D957175F0A9C8B06A83611F95B176E1EFA3DEF
SHA-512:5201CC6DCA9918E5120E546F8305704B4C27095C9D00C4265E786544056D13466BD05522DBA8E2B0D61C0798B4B19110776F5B9363FEE851FFCE5CE680E60EF3
Malicious:false
Preview:{"analyticsData":{"responseGUID":"f6afaf95-0680-4df3-bf01-fe698cf843c7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728040732931,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):285
Entropy (8bit):5.357459577132096
Encrypted:false
SSDEEP:6:YEQXJ2HXODE13DZUaRVoZcg1vRcR0YGVz5QqoAvJfPmwrPeUkwRe9:YvXKXOQDOaAZc0vl2GH56Ukee9
MD5:F2C39B9807E73832C2E2571FE8E19A0D
SHA1:5ECB3F6833008359A41EED9B11831766BC1067C3
SHA-256:175FEE9F86A96BF2DD1E04EDF3899FF9CFBB8AEFA3675495EC2A12A78CF11BFA
SHA-512:22471B3E0BED2CEF4BBF033B0370816A59645C544D15B909991ABDBFBFE632EE942E045F89053651B82F9A672888D3F94AFE605B693CC75477F4C609C325292B
Malicious:false
Preview:{"analyticsData":{"responseGUID":"f6afaf95-0680-4df3-bf01-fe698cf843c7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728040732931,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1063
Entropy (8bit):5.66908687491833
Encrypted:false
SSDEEP:24:Yv6XOQDCzvhpLgEFqciGennl0RCmK8czOCY4w2un:YvYD6JhgLtaAh8cvYvB
MD5:E018BC49A7950D7B51D1A8CF97203968
SHA1:EF2193920F0B83569BF2BA4DDDA33F19F48AEEAA
SHA-256:566F508B358C1920E06172B299BEC437D802035A5F0704D6FE2F2F6CEBF6E093
SHA-512:E23CB12E292A7F9B89DDA0E5191222802228A80743D79CDD22AAF8ECD52451CEBFB8143C4ABA2640D15C0F699158A6589B1AC77CAE78ACB8FB2B56FC192E9A81
Malicious:false
Preview:{"analyticsData":{"responseGUID":"f6afaf95-0680-4df3-bf01-fe698cf843c7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728040732931,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1050
Entropy (8bit):5.659144450266356
Encrypted:false
SSDEEP:24:Yv6XOQDCzv9VLgEF0c7sbnl0RCmK8czOCYHflEpwiVun:YvYD6lFg6sGAh8cvYHWpw7
MD5:AB941D1A945592CD00724818A0B41B27
SHA1:1D38BDD16FBCD1081CC770C874A93B317544D77A
SHA-256:3AB364434AF86329620C67D26D4AF7211BFD080DAFA081DA439700E015DA1704
SHA-512:9F7FD41FED1632BDF5177E7CC7092B216DF5D71B28261EB7F390B383E28B48FCE8D4475F537F3A4644B46A6920486DD48FC4A0DF7C7F936BFABCCAFE809C0DFE
Malicious:false
Preview:{"analyticsData":{"responseGUID":"f6afaf95-0680-4df3-bf01-fe698cf843c7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728040732931,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):292
Entropy (8bit):5.309508591932325
Encrypted:false
SSDEEP:6:YEQXJ2HXODE13DZUaRVoZcg1vRcR0YGVz5QqoAvJfQ1rPeUkwRe9:YvXKXOQDOaAZc0vl2GY16Ukee9
MD5:7044D1E8419E375929F032E8042790DE
SHA1:9461BA3D92007A30CC3914C19665DB1A88405CDE
SHA-256:D4B562B781C52BEF7896C65DE235B830E94EDF518F4D116CB79FC5E544154BD0
SHA-512:CEC7630D36D0739A546BE153EC3A438EFC45900258478F34F6165507C167F4A1039A5C5F7210CB02A591C3542F1374487337944F0B0B6E716A5F23593EF01D70
Malicious:false
Preview:{"analyticsData":{"responseGUID":"f6afaf95-0680-4df3-bf01-fe698cf843c7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728040732931,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1038
Entropy (8bit):5.65262247950885
Encrypted:false
SSDEEP:24:Yv6XOQDCzv82LgEF7cciAXs0nl0RCmK8czOCAPtciBun:YvYD6Eogc8hAh8cvAA
MD5:95CEF73789FAEB926F9B7149838525E0
SHA1:43B64AA7A13D4F2333FDCD1786B9DB37736D7224
SHA-256:359D9C4D77FC57EB92784ADF9CB571A5308666E86D2C68D299ECCEA99B87B4A1
SHA-512:8070A81C69C42FCA5617AD12C4A18D23DF5A470E5AC74445EA21FE22FE565CDB2D27042F57F188CA0525196561BB7E00E929534289DA90B5A043E8DD85E48877
Malicious:false
Preview:{"analyticsData":{"responseGUID":"f6afaf95-0680-4df3-bf01-fe698cf843c7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728040732931,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1164
Entropy (8bit):5.705455314645634
Encrypted:false
SSDEEP:24:Yv6XOQDCzv8KLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5un:YvYD6UEgqprtrS5OZjSlwTmAfSK0
MD5:968967483E3A5016EBFB84ABDF901023
SHA1:63340D9DCE4714A294F8F372D9ACF7D0EABEC1B0
SHA-256:A3B511E47C6E2B723D1680D30D095668F35CE7EFA41D9A91F6DA9BA4F2BFF68B
SHA-512:0694FCE0BDDA28606691F2B418EC1A94F5E54A274A29DA8A2D0B62612985270D3B2740E1E570A8E0C2F288778A7BDF1B80A154A993C6C900F5F131F1CA7502D1
Malicious:false
Preview:{"analyticsData":{"responseGUID":"f6afaf95-0680-4df3-bf01-fe698cf843c7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728040732931,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.311956851261181
Encrypted:false
SSDEEP:6:YEQXJ2HXODE13DZUaRVoZcg1vRcR0YGVz5QqoAvJfYdPeUkwRe9:YvXKXOQDOaAZc0vl2Gg8Ukee9
MD5:213C3DDA86E07AA8C9F8AF7B31B6CBE8
SHA1:E8133DF1E75A06798C46A43022D60118D740590F
SHA-256:1D6A9DC1C661EB9C71F50063A5F173B4E8B612D3109949AEDC8B55FA3A73AD12
SHA-512:43A33C2AB5EB812F4AAD63A95C2A491B51409C9057AECCEDD2253177EACD13738D70F30FEA7A4A1A70D53894096F031066BF533ED9B85A6DE0763D3B864AA50D
Malicious:false
Preview:{"analyticsData":{"responseGUID":"f6afaf95-0680-4df3-bf01-fe698cf843c7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728040732931,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1395
Entropy (8bit):5.78235512671414
Encrypted:false
SSDEEP:24:Yv6XOQDCzvzrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNWn:YvYD67HgDv3W2aYQfgB5OUupHrQ9FJ0
MD5:E5EBDB72DCF4AFC4BCADB1EFBD1127CB
SHA1:47D94575D2400F7497619D9A4D976BD5CFA5FD6E
SHA-256:505619A40CB3DE75BDEEE2D63EA9BB75E5CACE9CE4E72E594019B7D77667C5CC
SHA-512:DE39A0F74044A607EFFFCB53BA2DF0728E7EA03CC24DFC6441E9B81585CEB3DA53082B078EB40EBC16396DB517F721874A274CF997481CFD05C2FD819101D501
Malicious:false
Preview:{"analyticsData":{"responseGUID":"f6afaf95-0680-4df3-bf01-fe698cf843c7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728040732931,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):291
Entropy (8bit):5.295421771263146
Encrypted:false
SSDEEP:6:YEQXJ2HXODE13DZUaRVoZcg1vRcR0YGVz5QqoAvJfbPtdPeUkwRe9:YvXKXOQDOaAZc0vl2GDV8Ukee9
MD5:4F6ACB32C1AB43EDC69B0F2B803C3DD6
SHA1:2F80B96384330C256A6FD140EAF7AC6D997B88DA
SHA-256:F41D270E898762DE5E6E8707213AB6FB990D5F586383675B1348393279EA38C2
SHA-512:DC0C1A8B0BDF73190A877147B22F597056DC70BC4DBBACD10BAACEEE9EA935F0D1F4F9D57CD35216B0A68D35706ACBA103CEC0F8D4399535ECCE44305085A9A1
Malicious:false
Preview:{"analyticsData":{"responseGUID":"f6afaf95-0680-4df3-bf01-fe698cf843c7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728040732931,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):287
Entropy (8bit):5.300238724576573
Encrypted:false
SSDEEP:6:YEQXJ2HXODE13DZUaRVoZcg1vRcR0YGVz5QqoAvJf21rPeUkwRe9:YvXKXOQDOaAZc0vl2G+16Ukee9
MD5:5D7ADC3CDBFB9A09164E8A85C1F3EEEB
SHA1:AF22991DE875BDCAA9594C2E1055419EF1F2493A
SHA-256:33A4BDB82524F89C1F13776162B55656154E45B56B2B2214CD938424B793D5EE
SHA-512:DBBB2F528353542DE6F99F75D8FC2BEB3474C409EFD44FE34B158B7DBE05BD51281DB073921C6E19B6ED952DAFFFEC7C98F9A1DF1E3F30D436F66CB6ABA536E2
Malicious:false
Preview:{"analyticsData":{"responseGUID":"f6afaf95-0680-4df3-bf01-fe698cf843c7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728040732931,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1058
Entropy (8bit):5.659348668113799
Encrypted:false
SSDEEP:24:Yv6XOQDCzvhamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8Bun:YvYD6FBguOAh8cv+NK5
MD5:DA5B6BDC5D6915EB0FDDF3B195B7F29F
SHA1:766C0E2A0FD31B1748B57E1348256503BEF105F4
SHA-256:81AF9694F4C94AC3FED17293F70F5A62E1846615B71471544F8AC93FEA7B114E
SHA-512:F16416B8C93A5540D67AB28A6FD5D01177605A31751482B42D987CB84983DD5AC06A431FD802AABA707D913AC479665424EB4E6092D9D71076036154C4934890
Malicious:false
Preview:{"analyticsData":{"responseGUID":"f6afaf95-0680-4df3-bf01-fe698cf843c7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728040732931,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):286
Entropy (8bit):5.276640982467133
Encrypted:false
SSDEEP:6:YEQXJ2HXODE13DZUaRVoZcg1vRcR0YGVz5QqoAvJfshHHrPeUkwRe9:YvXKXOQDOaAZc0vl2GUUUkee9
MD5:458F0F4F833A1E8E03078337D98B880F
SHA1:69D04AF97E6367A7E68E6A97140AF59DEE339BA1
SHA-256:AE11C81D9C92F3C0148C5FC7FB2B0DDF36895B4D3E5101F05F1A0B52AF96DA8F
SHA-512:EBAEE8D1D7E099D49CBEF09C9D3B620F1FF5D1689F1512111D10A2C9BA80836876037F81BDDA7B3FCAC8C7FF49E56EBD946E2391DEF3D5F7EA7593A9CE1AC90C
Malicious:false
Preview:{"analyticsData":{"responseGUID":"f6afaf95-0680-4df3-bf01-fe698cf843c7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728040732931,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):782
Entropy (8bit):5.374348724217098
Encrypted:false
SSDEEP:12:YvXKXOQDOaAZc0vl2GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWern:Yv6XOQDCzvK168CgEXX5kcIfANh7n
MD5:96B40DD95BA9C908FE6BA4B82CBDEC59
SHA1:03F914B7D2C6499DE1322119337BCA096E6DC721
SHA-256:5E053A24380D180210E73D4DBABFA0335D72EEB34FC2DA439D1BEC570DBF3F79
SHA-512:E932486B48855A982937386A0F94C6D47EA0B189D011D9C4413AA1506F88999000C832A00C7D94AEEEF07A5A0E4A5CBCEAE0DB32136682311D527487814C0D1C
Malicious:false
Preview:{"analyticsData":{"responseGUID":"f6afaf95-0680-4df3-bf01-fe698cf843c7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728040732931,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1727864512961}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:data
Category:dropped
Size (bytes):4
Entropy (8bit):0.8112781244591328
Encrypted:false
SSDEEP:3:e:e
MD5:DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:false
Preview:....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):2818
Entropy (8bit):5.144146969539416
Encrypted:false
SSDEEP:24:Ylf1/9qBa/GS3ayzrkcCt2xtJigXMqUh2ajWx8j0SyL9y62hvZ12LSccv55BUW9M:Ylfp9FH7aaOkO0vAL2cv5XUW9WPt
MD5:D43CD08723A6FF932C25A25327DD3FF8
SHA1:33B5467B53E6299860BCC0B13738C476BBD5018C
SHA-256:620F25BA0B1A4D7532BC52D486786BF4B32FA40C1972CCB169EBCF9E00348FBB
SHA-512:7047014EE44E993B39E25795E637689B3B069FB10B93BD4A459B2CA85D0045642FD2F1A0C290F64E73AEB17F9A661C4F0C2581F4192510AFBCE2DD307AE5590C
Malicious:false
Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"ce5786a1c0c818aa4a4fddff4283dc25","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1727864512000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"938c78e8beab112127a4d2fb8ae3f795","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1727864512000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"724a2bd4cf98ac6a3aabda56678c6a0e","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1727864512000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"92f6b04ec9c566b17ee85f9c5f4419d9","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1727864512000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"c43d09dce5b5dac3bcccc73f913949b1","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1727864512000},{"id":"Edit_InApp_Aug2020","info":{"dg":"ed7dccd1d457d0bc1be35ae3a129f00c","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:dropped
Size (bytes):12288
Entropy (8bit):1.1876540872552577
Encrypted:false
SSDEEP:48:TGufl2GL7msEHUUUUUUUUaGSvR9H9vxFGiDIAEkGVvpGg:lNVmswUUUUUUUUaG+FGSItag
MD5:5E80C1A6AECAFB514C0282237439D176
SHA1:9245EA9E1B68E2A6D11768BAE578A9CEE07CA2D8
SHA-256:B646EAEFACF20DD3370E00B1732E5AB0EBFBF5B9EB57C500E2CFFD196622D101
SHA-512:7EC3862E308962E16AD95BEC63EF18F05C67599C0D991E3F4AEE0FCD00A76F019D5B373DB15914492EB77DD792187FC9A5954777F4A17CB04E11B6BDD86A3984
Malicious:false
Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):8720
Entropy (8bit):1.6074825162296704
Encrypted:false
SSDEEP:48:7MTKUUUUUUUUUUaEvR9H9vxFGiDIAEkGVvLfqFl2GL7ms5:7VUUUUUUUUUUaUFGSIt9fKVms5
MD5:2169AF5E21E23CACA8617FE28AC85E3C
SHA1:2336B37512F6AD1CCDE6DC8A7849A3C19F3D25B5
SHA-256:EA31BA0088E3EC17C5911D640287035FA4CD131A1E50C6B2B2D23F08F5F70B9E
SHA-512:F303966E62C9B439AF14B091DA8E13ADE817191C3EB03297ABAC9A15601092D72AF719FC9BDC85DA7CCE96FF4FDFEFA5E9B7C1096E6CFBCC7825F8A830BA8597
Malicious:false
Preview:.... .c......V.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI753d5.LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):246
Entropy (8bit):3.511206980872271
Encrypted:false
SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8gjas9:Qw946cPbiOxDlbYnuRKLp9
MD5:7478038AB631BD59BD70B5A96F32E86F
SHA1:C731FBBA98C19A5AF247DC1B23E76D52AF87E9A4
SHA-256:EB7595B069832557C009E0FCE9FAB9F49C03310EDAFA9DE57523CFAF20F73831
SHA-512:0BA165046B9D3D53DA226C503E2C2E17031E99EEAD0C7F58218796EB1D1BF3E56590755548F1A927D7BD9B95E17D14D6B6938765AF60668EE34544413238E0D2
Malicious:false
Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.2./.1.0./.2.0.2.4. . .0.6.:.2.1.:.5.4. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-02 06-21-49-223.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393)
Category:dropped
Size (bytes):16525
Entropy (8bit):5.345946398610936
Encrypted:false
SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:false
Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393), with CRLF line terminators
Category:dropped
Size (bytes):15114
Entropy (8bit):5.349341736967668
Encrypted:false
SSDEEP:384:ap1sNRoiAETHzTLMHZPcWkZQ4bEyCTeDsDKDq3rZ9ZMZhwMKYIdVCVAzEziHuQtB:1fs
MD5:1603DA1E1958467146595B21C20A00E7
SHA1:7C158BC78AD7771E6C99C4ABB875520C7F4608CF
SHA-256:01A7B0B424A6A3B78042C61DC6E164CCBB62AC04F399620D90D3C1C1D9B377C0
SHA-512:989569DD46D902D60F81F283624F0550B552F1FB1F1DB16BA9B0D4637FD35A1ED3328AC46B243E16001C184632EC11603C718CBD32FE24D1A51C4B492F84BD34
Malicious:false
Preview:SessionID=90e5d5aa-e5d2-4d30-a45c-a6bfb9bc0f95.1727864509247 Timestamp=2024-10-02T06:21:49:247-0400 ThreadID=7840 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=90e5d5aa-e5d2-4d30-a45c-a6bfb9bc0f95.1727864509247 Timestamp=2024-10-02T06:21:49:248-0400 ThreadID=7840 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=90e5d5aa-e5d2-4d30-a45c-a6bfb9bc0f95.1727864509247 Timestamp=2024-10-02T06:21:49:248-0400 ThreadID=7840 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=90e5d5aa-e5d2-4d30-a45c-a6bfb9bc0f95.1727864509247 Timestamp=2024-10-02T06:21:49:248-0400 ThreadID=7840 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=90e5d5aa-e5d2-4d30-a45c-a6bfb9bc0f95.1727864509247 Timestamp=2024-10-02T06:21:49:248-0400 ThreadID=7840 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):29752
Entropy (8bit):5.391190501160992
Encrypted:false
SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rU:w
MD5:65582042C4EB263F094A881D4095200C
SHA1:BCB5A35DE3900A49F662606F9BEA2B59480DE3A1
SHA-256:556A7A8DCC966DD0F97B78BC98A4E83EFBD8EC095CED922C6A43383DF76EB229
SHA-512:2BDE082F6787105EAD8854C078B647C8F2D5DFBE34EA647437DA8196CA1C138E6F36459E7912CC27B870172A682AA06964503372F76B5B0319D1C70ECAD19D29
Malicious:false
Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\075a9cc8-733c-4c98-9d64-8ece926129c7.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:dropped
Size (bytes):1407294
Entropy (8bit):7.97605879016224
Encrypted:false
SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
Malicious:false
Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\2f072b9e-3b78-44fa-bfe9-5ceb58b95f90.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:dropped
Size (bytes):1419751
Entropy (8bit):7.976496077007677
Encrypted:false
SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
MD5:18E3D04537AF72FDBEB3760B2D10C80E
SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
Malicious:false
Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\74924284-135f-4138-8875-4a8d79da3f3a.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:dropped
Size (bytes):386528
Entropy (8bit):7.9736851559892425
Encrypted:false
SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:5C48B0AD2FEF800949466AE872E1F1E2
SHA1:337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:false
Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\83631ba5-05ee-4d14-84fb-650475fe11dd.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:dropped
Size (bytes):758601
Entropy (8bit):7.98639316555857
Encrypted:false
SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:3A49135134665364308390AC398006F1
SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:false
Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

Static File Info

General

File type:PDF document, version 1.6
Entropy (8bit):7.953442076359946
TrID:
  • Adobe Portable Document Format (5005/1) 100.00%
File name:nference.pdf
File size:1'965'683 bytes
MD5:c29f553dab871caf1c324a362b9e9496
SHA1:50a9a32815e697ee4d5b05b2487ca5b0beff7ec4
SHA256:5d491cd99ea9efbda91c8f304ae498f7aeef140aef81f7ac77851fc67f64a9d5
SHA512:a51e34b6bd2f61dc3d325a3f2a7f9ae0debf6c5d2e17caab893da2f35da0464379b7ed047921b7746f470978a9a24d6d22a236c24a43b58e7385b10c1ffdfdf9
SSDEEP:49152:mgti8FC+xnIbyY1GJojrQIEBX6CALN7aPkTT/CeiJsLV28F:W2IbyYZxEBXALNzTqDkd
TLSH:8295123482B2AD9DC05C41B6571B2ACF0DDF3593858631CB7BEEAA46A700FC590DB693
File Content Preview:%PDF-1.6.%......339 0 obj.<</Linearized 1/L 1965683/O 341/E 38831/N 19/T 1958782/H [ 856 870]>>.endobj. ..xref..339 28..0000000016 00000 n..0000001726 00000 n..0000001792 00000 n..0000002306 00000 n..0000002741 00000 n..0000003287 00000 n..00000

File Icon

Icon Hash:62cc8caeb29e8ae0

Static PDF Info

General

Header:%PDF-1.6
Total Entropy:7.953442
Total Bytes:1965683
Stream Entropy:7.968178
Stream Bytes:1905305
Entropy outside Streams:5.237577
Bytes outside Streams:60378
Number of EOF found:2
Bytes after EOF:

Keywords Statistics

NameCount
obj366
endobj366
stream192
endstream192
xref2
trailer2
startxref2
/Page19
/Encrypt0
/ObjStm0
/URI0
/JS0
/JavaScript0
/AA0
/OpenAction0
/AcroForm0
/JBIG2Decode0
/RichMedia0
/Launch0
/EmbeddedFile0

Image Streams

IDDHASHMD5Preview
35800000000000000006ac12f95cd9746f4ba25137fc543487a
3630000000000000000817220fb094437ac3890a8f7a1709a80
60000000000000000b09402c87f3df2d11ef07e040f2344cd
70000000000000000f69931ba7c89a2af59349d29afa284fa
80000000000000000d9c80f0f4dd70d87572ca67d882d8bb0

Network Behavior

Network Port Distribution

UDP Packets

TimestampSource PortDest PortSource IPDest IP
Oct 2, 2024 12:21:59.775062084 CEST5822553192.168.2.41.1.1.1
Oct 2, 2024 12:22:12.317990065 CEST5758753192.168.2.41.1.1.1
Oct 2, 2024 12:22:27.802381039 CEST6262553192.168.2.41.1.1.1

DNS Queries

TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
Oct 2, 2024 12:21:59.775062084 CEST192.168.2.41.1.1.10x4c8aStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
Oct 2, 2024 12:22:12.317990065 CEST192.168.2.41.1.1.10xeea0Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
Oct 2, 2024 12:22:27.802381039 CEST192.168.2.41.1.1.10x1539Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

DNS Answers

TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
Oct 2, 2024 12:21:59.782891989 CEST1.1.1.1192.168.2.40x4c8aNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
Oct 2, 2024 12:22:12.325088024 CEST1.1.1.1192.168.2.40xeea0No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
Oct 2, 2024 12:22:27.810173035 CEST1.1.1.1192.168.2.40x1539No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:06:21:46
Start date:02/10/2024
Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\nference.pdf"
Imagebase:0x7ff6bc1b0000
File size:5'641'176 bytes
MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:1
Start time:06:21:46
Start date:02/10/2024
Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:0x7ff74bb60000
File size:3'581'912 bytes
MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:3
Start time:06:21:46
Start date:02/10/2024
Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1748,i,17802959422580266742,13211954815294876157,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:0x7ff74bb60000
File size:3'581'912 bytes
MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

Disassembly

No disassembly