Edit tour

Windows Analysis Report
CountsDavid.pdf

Overview

General Information

Sample name:	CountsDavid.pdf
Analysis ID:	1524538
MD5:	05d8ae994a3bbbdb319216934d6ebe39
SHA1:	85e5469e39e8b3cfb89e2f3f3c0fa23010475bf0
SHA256:	43b146176ad126f44e6bde8c91618078096823ed286b376c985ff16d220caaad
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

IP address seen in connection with other malware

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 6504 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\CountsDavid.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 2260 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7268 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2120 --field-trial-handle=1640,i,9100371248233742910,7602983960999666297,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Joe Sandbox View

IP Address: 104.78.188.188 104.78.188.188

Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.dr	String found in binary or memory: http://x1.i.lencr.org/

Source: classification engine

Classification label: clean0.winPDF@14/51@0/1

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-02 17-29-04-767.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\CountsDavid.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2120 --field-trial-handle=1640,i,9100371248233742910,7602983960999666297,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2120 --field-trial-handle=1640,i,9100371248233742910,7602983960999666297,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: CountsDavid.pdf	Initial sample: PDF keyword /JS count = 0
Source: CountsDavid.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A96odzwj_ogj0zc_5ds.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A96odzwj_ogj0zc_5ds.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: CountsDavid.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://x1.i.lencr.org/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.2.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.78.188.188	unknown	United States		16625	AKAMAI-ASUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1524538
Start date and time:	2024-10-02 23:28:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	CountsDavid.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/51@0/1
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 34.193.227.236, 107.22.247.231, 18.207.85.246, 54.144.73.197, 162.159.61.3, 172.64.41.3, 88.221.110.106, 88.221.110.91, 2.23.197.184, 2.19.126.149, 2.19.126.143, 192.168.2.5, 23.200.0.21
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, a767.dspw65.akamai.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
Report size getting too big, too many NtCreateFile calls found.
VT rate limit hit for: CountsDavid.pdf

Simulations

Behavior and APIs

Time	Type	Description
17:29:15	API Interceptor	3x Sleep call for process: AcroCEF.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
104.78.188.188	Electronic Receipt for Carolann Campbell.pdf	Get hash	malicious	HTMLPhisher	Browse
	https://atpscan.global.hornetsecurity.com/?d=r7jv6mGLSFUWnAoVoWKJDiF7kKGt3Fw5kKbn5s5sfcpNyTRbK79Zci2IH8Nl2g5X&f=qvzVe-8YAX4Dy6XefosXpr9xe6cUPxuD05v5wTHFNiMjrMs6M0fDbIikzhduev0q&i=&k=3x5s&m=iAkhIt0HvpR1Oh2_h6Q0O4Hzfyk0g3SV3EvnL7Z4VUDMO-lWq1KA94UsI2rIZoVyTUZY62kGnDiHyWJGH-7ewwHTHsNEmZuBPXaeTQvRVKfNDkV8Z7LfIWxRCCZdooZC&n=ZEhYBDFv208HJKEkNw5PqFObkm08aq7YeFB_fsGRbHtm2gx4mSx3JSwYkGZ1WU18bxwJPkfxXGKYv_KHdz1U8g&r=jfqeskceaKp8lH_i6JGe3T3xyBa6G7cbOCXOc4EPK3XMqLBHJqWBZEP0B9-qih8i&s=7226c2d05f1feec1a62ae2af2728e02cdefac54ea37a3a7665785b4a5864d360&u=https%3A%2F%2Fpitstop.powellind.com%2Fxfer%2Fbhub.cgi%3Fact%3Ddirect_download_file%26package_id%3Dpowelldocmanager%2540powellind%252Ecom%255FO8FN5TMSR40O4R6VOBEQREUV86%26file_name%3Dpowelldocmanager%2540powellind%252Ecom%255FO8FN5TMSR40O4R6VOBEQREUV86%252Ezip%26username%3Ddlarue%2540schmidt%252Delectric%252Ecom%26direct_token%3DB175D31C2AE80D9A572ED101DA29F438%26file_type%3Dzip	Get hash	malicious	Unknown	Browse
	https://ebanksg.spdb.com.cn/sgbank/#/Home	Get hash	malicious	Unknown	Browse
	#U0631#U0648#U0632 #U0633#U06cc#U0627#U0647 #U06a9#U0627#U0631#U06af#U0631.exe	Get hash	malicious	Unknown	Browse
	PO.pdf	Get hash	malicious	Unknown	Browse
	(No subject) (71).eml	Get hash	malicious	Unknown	Browse
	AiRCO Mechanical.eml (52.3 KB).msg	Get hash	malicious	Unknown	Browse
	DOC-80697077.pdf	Get hash	malicious	HTMLPhisher	Browse
	San Xavier District of the Tohono O#U2019odham Nation.pdf	Get hash	malicious	Unknown	Browse
	Murexltd Mail Security Update Required For gjohnson@murexltd.com.msg	Get hash	malicious	HTMLPhisher	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	kUiqbpzmbo.exe	Get hash	malicious	XWorm	Browse	92.122.18.57
	Play_VM-NowCWhiteAudiowav012.html	Get hash	malicious	Tycoon2FA	Browse	2.19.224.93
	tcU5sAPsAc.exe	Get hash	malicious	RedLine	Browse	104.102.49.254
	deveba=.html	Get hash	malicious	Unknown	Browse	173.223.116.167
	Proposal From Transom.pdf	Get hash	malicious	HtmlDropper	Browse	23.203.104.175
	Payout_receipt.pdf	Get hash	malicious	Unknown	Browse	96.17.64.189
	Visix Digital Signage.pdf	Get hash	malicious	Unknown	Browse	23.203.104.175
	novo.arm7.elf	Get hash	malicious	Mirai, Moobot	Browse	184.28.163.53
	novo.m68k.elf	Get hash	malicious	Mirai, Moobot	Browse	104.65.167.25
	novo.ppc.elf	Get hash	malicious	Mirai, Moobot	Browse	23.204.25.166

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.190323332389389
Encrypted:	false
SSDEEP:	6:W8Mr1M+q2P92nKuAl9OmbnIFUt8B8OWZmw+B8O5MVkwO92nKuAl9OmbjLJ:zMr1M+v4HAahFUt8Gb/+G2MV5LHAaSJ
MD5:	4D71ED2D3A48CCEF48CB002825291F4E
SHA1:	104FBCF342B4CFFF5D406D71E5A958B617ACFE95
SHA-256:	BD010A6C5FFF516C63FF01E76D5A08B231D5458B36E1D5DBA9564A0FA3039413
SHA-512:	5309DBE4B865B48D221888BF286D65EAAF66A6DD0B65A30010827B89A731BE4DF4313D24F3BF2195156A1DAF1839FD7D299394C3E2B310AD2FFAB9955B4A9337
Malicious:	false
Reputation:	low
Preview:	2024/10/02-17:29:02.514 4fc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/02-17:29:02.516 4fc Recovering log #3.2024/10/02-17:29:02.516 4fc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.190323332389389
Encrypted:	false
SSDEEP:	6:W8Mr1M+q2P92nKuAl9OmbnIFUt8B8OWZmw+B8O5MVkwO92nKuAl9OmbjLJ:zMr1M+v4HAahFUt8Gb/+G2MV5LHAaSJ
MD5:	4D71ED2D3A48CCEF48CB002825291F4E
SHA1:	104FBCF342B4CFFF5D406D71E5A958B617ACFE95
SHA-256:	BD010A6C5FFF516C63FF01E76D5A08B231D5458B36E1D5DBA9564A0FA3039413
SHA-512:	5309DBE4B865B48D221888BF286D65EAAF66A6DD0B65A30010827B89A731BE4DF4313D24F3BF2195156A1DAF1839FD7D299394C3E2B310AD2FFAB9955B4A9337
Malicious:	false
Reputation:	low
Preview:	2024/10/02-17:29:02.514 4fc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/02-17:29:02.516 4fc Recovering log #3.2024/10/02-17:29:02.516 4fc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.16864054049922
Encrypted:	false
SSDEEP:	6:W8DFIq2P92nKuAl9Ombzo2jMGIFUt8B8S9Zmw+B8SPkwO92nKuAl9Ombzo2jMmLJ:zav4HAa8uFUt8GS9/+GSP5LHAa8RJ
MD5:	F23E4EC87D23A44474BDC08C40CE057C
SHA1:	34B1B925AC656B06203D345FC9C685E59DFC7DFE
SHA-256:	83B0DD8F28BB7B930FA6CC5A3EF41FF2555975E8BAE41C6758322D1E08F4DB4E
SHA-512:	1DB720380F6990761063988A94FBCA22058588F18F5E2545086596A284024A23CAF705705D655C65C8C17B4D4AADE5123B08601D2DF55AAD04FE8D4BE3148FBC
Malicious:	false
Reputation:	low
Preview:	2024/10/02-17:29:02.645 1cd4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/02-17:29:02.646 1cd4 Recovering log #3.2024/10/02-17:29:02.646 1cd4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.16864054049922
Encrypted:	false
SSDEEP:	6:W8DFIq2P92nKuAl9Ombzo2jMGIFUt8B8S9Zmw+B8SPkwO92nKuAl9Ombzo2jMmLJ:zav4HAa8uFUt8GS9/+GSP5LHAa8RJ
MD5:	F23E4EC87D23A44474BDC08C40CE057C
SHA1:	34B1B925AC656B06203D345FC9C685E59DFC7DFE
SHA-256:	83B0DD8F28BB7B930FA6CC5A3EF41FF2555975E8BAE41C6758322D1E08F4DB4E
SHA-512:	1DB720380F6990761063988A94FBCA22058588F18F5E2545086596A284024A23CAF705705D655C65C8C17B4D4AADE5123B08601D2DF55AAD04FE8D4BE3148FBC
Malicious:	false
Reputation:	low
Preview:	2024/10/02-17:29:02.645 1cd4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/02-17:29:02.646 1cd4 Recovering log #3.2024/10/02-17:29:02.646 1cd4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\378f3379-a775-42b4-8c8c-512de2bd81fc.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	508
Entropy (8bit):	5.052535727629826
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqaPhsBdOg2HXcaq3QYiubxnP7E4T3OF+:Y2sRdst6dMHW3QYhbxP7nbI+
MD5:	5F173174631721182F205AFC08659E99
SHA1:	E9BB648FE3C1185A6B75744399DB2FAC32B67466
SHA-256:	F3410F189832E2106D5A0E693070FC7233CD694DBC662D48BDDBFE9854446718
SHA-512:	09D08CD6F3DD3BEFF3A9CDAFBE9215FEB47F74A283FFA6625EB44313230FA9440DA774A44040977D227F42AD7FBB68DE343ACD403A473BAE15A5DAC0A055DBFD
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372464555162354","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":145209},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.052535727629826
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqaPhsBdOg2HXcaq3QYiubxnP7E4T3OF+:Y2sRdst6dMHW3QYhbxP7nbI+
MD5:	5F173174631721182F205AFC08659E99
SHA1:	E9BB648FE3C1185A6B75744399DB2FAC32B67466
SHA-256:	F3410F189832E2106D5A0E693070FC7233CD694DBC662D48BDDBFE9854446718
SHA-512:	09D08CD6F3DD3BEFF3A9CDAFBE9215FEB47F74A283FFA6625EB44313230FA9440DA774A44040977D227F42AD7FBB68DE343ACD403A473BAE15A5DAC0A055DBFD
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372464555162354","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":145209},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4509
Entropy (8bit):	5.236205923506478
Encrypted:	false
SSDEEP:	96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUcNlwGGmGZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLQ
MD5:	746074A30578EAE608704FAEC0620732
SHA1:	74985DB683D6C48A91D819AC54F7515740E9462E
SHA-256:	7045F73A3222F2CAF43F115F4DAADEBAAEECA167137BA02FE8690163A33FF130
SHA-512:	EB59535A3F10820BC404C14100277E773BC0CCE69AB512F8700993AA5A382AC20BA8C6FD83304AFEFDA2125B7CEE74BD692E4BA7CB279702840BDDD5ADE254D8
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.\|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.174353876711386
Encrypted:	false
SSDEEP:	6:W8fOq2P92nKuAl9OmbzNMxIFUt8B8KjZZmw+B8zNkwO92nKuAl9OmbzNMFLJ:zGv4HAa8jFUt8G6/+GB5LHAa84J
MD5:	848E2FB1954B971C9F43B3574201ED73
SHA1:	0D799D66391C941404CB4388544F791C8C6EE656
SHA-256:	9BB7D270FB61C770F9C639252F578353491D53FCDB02D2F605F17DD90C1D364A
SHA-512:	5E92F42CD1DD40026A5E1E728193697707CA6DF1C5B15149DADB9C2D054D088DF9DDDD4C976F969C08F316B185C121EAAEA1AE7D5A500871B2418A7FDACD40CE
Malicious:	false
Reputation:	low
Preview:	2024/10/02-17:29:02.894 1cd4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/02-17:29:02.905 1cd4 Recovering log #3.2024/10/02-17:29:02.906 1cd4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.174353876711386
Encrypted:	false
SSDEEP:	6:W8fOq2P92nKuAl9OmbzNMxIFUt8B8KjZZmw+B8zNkwO92nKuAl9OmbzNMFLJ:zGv4HAa8jFUt8G6/+GB5LHAa84J
MD5:	848E2FB1954B971C9F43B3574201ED73
SHA1:	0D799D66391C941404CB4388544F791C8C6EE656
SHA-256:	9BB7D270FB61C770F9C639252F578353491D53FCDB02D2F605F17DD90C1D364A
SHA-512:	5E92F42CD1DD40026A5E1E728193697707CA6DF1C5B15149DADB9C2D054D088DF9DDDD4C976F969C08F316B185C121EAAEA1AE7D5A500871B2418A7FDACD40CE
Malicious:	false
Reputation:	low
Preview:	2024/10/02-17:29:02.894 1cd4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/02-17:29:02.905 1cd4 Recovering log #3.2024/10/02-17:29:02.906 1cd4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241002212906Z-154.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	2.091628374869816
Encrypted:	false
SSDEEP:	192:mwm/Ws72N01qOOCSnNmi+aK0269dUfBKC4Sma0mkLsQPYDvJz9HNoKnp:mADOSV3+aKe9dOxn0mkLnPYDBz9HNom
MD5:	7B5326B0F8D1C12E51D2F06CBBF7A386
SHA1:	2EB1F2A1C61F0B8A0B570F037A8E795B6D565E52
SHA-256:	B09B6E1DD86FC92D11DCAD9DB98B78355CA59CFC289E73FABD459063E5FA2D59
SHA-512:	BEAA160BF2A23B55A5BE9129BD425EE9F6C16D8DCD09A9EB76D3CFC0D52DDFFE10E5D7C4A0F024182AB8638F5908C976862599A933FA9D00539CA07DB1E1093B
Malicious:	false
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 4, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	3.2935198045261167
Encrypted:	false
SSDEEP:	192:PedRBiVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:PeYci5H5FY+EUUUTTcHqFzqFP
MD5:	30BBE62C15F41D8C6F3CB11FADA4217D
SHA1:	204A8916A511CCCB66C59C06660478291545279F
SHA-256:	B741FA4EB4358081A7DA6CFAB9730A8729A947C267C0305B78332E9B032A5095
SHA-512:	4D0A576DC00D5361F8AFCE5E90DAD7F70544AD106D4842BC3C3D5BD0D89C4EBCA3216852A3B0CB6D39875516DBECB135AEF0BA4D75802804934E880F82BF0BF3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	2.2119969283022822
Encrypted:	false
SSDEEP:	24:7+thE25wK6pqLKzkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9e:7MhH6pqOmFTIF3XmHjBoGGR+jMz+LhM
MD5:	5A2BA6FDD83E78D6F391079133B28671
SHA1:	038B689D031D17C2A6B9DCC55D4C52A06378540E
SHA-256:	6F9F62E06769815B110D53E9CF217A615F28EC71E12763717CE572D7FEFDEB38
SHA-512:	E472CB5E981B156ACD17F410D58BDA57B433A22C5D146EADFBD96B5ACC45AF130BC6390C3441FC2CE5BCC2F6F80821869B6639099768D3D5318E3FAC33E9512F
Malicious:	false
Preview:	.... .c.......i........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.746484906506307
Encrypted:	false
SSDEEP:	3:kkFkltqT+kN/XfllXlE/HT8kVl1NNX8RolJuRdxLlGB9lQRYwpDdt:kKTTpQT8AVNMa8RdWBwRd
MD5:	ECF3F679F022F8F819197C3B188E09B9
SHA1:	5E9BABD1DDC22809C24033789F6518BA185EF001
SHA-256:	2C38239C14891A2BDB0143ABFAB10713A58E52E8244788AFC9D3F9B94B967FDC
SHA-512:	47991ABEB52A785A8957C87D8A772FE1DDF82EBD56359B446915C7DA2BBD78E1AD30D5BFC06D663F281EA5C70FFD0601D8491A46423818538B61B146B628F2C5
Malicious:	false
Preview:	p...... ...........!....(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.1440865988908953
Encrypted:	false
SSDEEP:	6:kKnmT9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:vmqDnLNkPlE99SNxAhUe/3
MD5:	D95CD47CAFAD38AAF4894D62693C98FE
SHA1:	3047D12074205206B2D94DE4FFDBC5E1314FD9EE
SHA-256:	A2DBEDAA6C2E33210AEF470FBE82753CFF25F84506B7BD1F57383DCB6CF47F1A
SHA-512:	7B097C52BB22D140284E916D0DC7C71EC9ACDF0097A4EAB520B44C5B0DF574ED874DCFF6D62EA7DEBD17CE02A8BA64FB0D4A6E5812D1B70882CA1DEE95AE0D18
Malicious:	false
Preview:	p...... ...........E....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.326903519855955
Encrypted:	false
SSDEEP:	6:YEQXJ2HXsg9PtWl9x+FIbRI6XVW7+0YGVV6loAvJM3g98kUwPeUkwRe9:YvXKXZc9UYpW7VGMbLUkee9
MD5:	C3BF5D91CCA06C5B6C6A6A00BD4CB0BA
SHA1:	C6C24FD3EF89DB2E959A796E19C75BE2EBD30CA7
SHA-256:	8AD753DD4B47E556316D7E6C34BA2118B94C6010691960260CC803EFCC242A2D
SHA-512:	EE84752297746B5F72C5EAB84D420218BEC90460638E64926A6A9CFBD995EBE1155FF4532D1E96842BFF325B1BAA87E24EEC6630B99BF883C82F7A2A76A46A80
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7846e527-29ac-4191-ac09-dc023f9f7a54","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728082493251,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.265015387799734
Encrypted:	false
SSDEEP:	6:YEQXJ2HXsg9PtWl9x+FIbRI6XVW7+0YGVV6loAvJfBoTfXpnrPeUkwRe9:YvXKXZc9UYpW7VGWTfXcUkee9
MD5:	5D018041299FD1D4D3F509AFB5877208
SHA1:	9B0A20E29A709C4316D35299B9C8FAB9079B7B47
SHA-256:	3C7992294E74C27B1EAA156EC5FC43AD3995D7E8685AD038A2F63B71B44AF97B
SHA-512:	AED1DAD8E951DE7100F616FF6F521DDF198802923D6076BB2CBE006F7A449A797C923332C04BC65D95FDA253DF69F886D1E83BE946B009BBC2DB8FA602F32628
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7846e527-29ac-4191-ac09-dc023f9f7a54","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728082493251,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.242865481376803
Encrypted:	false
SSDEEP:	6:YEQXJ2HXsg9PtWl9x+FIbRI6XVW7+0YGVV6loAvJfBD2G6UpnrPeUkwRe9:YvXKXZc9UYpW7VGR22cUkee9
MD5:	7FF5EE6853A1DEECE93F3CDCACDC6026
SHA1:	09C0EF78A4727EFA40E415522A062F82D47A4F13
SHA-256:	2350AD14320768AA2C28A68AAF7C3B198F42F95C6489AB63FE28400E4EC300A2
SHA-512:	05DB612AE837C2091A35FE0967E08E50AECE4B055839BE5B4DE3541A5AA7C06A73FDD460E92942EBC2565C6973760FEB645AFD89B51DDFE7DCAE4BB677E85F9E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7846e527-29ac-4191-ac09-dc023f9f7a54","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728082493251,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.3045171039498475
Encrypted:	false
SSDEEP:	6:YEQXJ2HXsg9PtWl9x+FIbRI6XVW7+0YGVV6loAvJfPmwrPeUkwRe9:YvXKXZc9UYpW7VGH56Ukee9
MD5:	2DF6076C9D812ABA0E579C7488FBBFB7
SHA1:	5ABBDC600E77B6367B955CB83224596C9A6A750E
SHA-256:	53C5505532DF78C91D618731AD86009091BDA8E0066EA740381D56FC7E47D44C
SHA-512:	230BD0419B2376F2044237102CBE08EDE08FB605D3F6EFE7BAE3698934021B1108945171A9D06DF33382E9905D411C839B65039E964161F62EDB9DDB9FAB9D51
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7846e527-29ac-4191-ac09-dc023f9f7a54","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728082493251,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	5.6623089981695625
Encrypted:	false
SSDEEP:	24:Yv6XZcPi6pLgEFqciGennl0RCmK8czOCY4w2Sr:Yvv66hgLtaAh8cvYvd
MD5:	7C1828DDAB3AF192A4C4A782079E4973
SHA1:	F9C51B510A73F3D269F2E29FE74BD06D30AC0803
SHA-256:	87FEE398FCBFA4F9F708C6874EBBCE6CDA5022D5D8E2FB2EFA9B4B97BFA0E136
SHA-512:	CF0E624E29B9557877716DDD841A7DD9BFB0AD1E082D007B24A43E3AAE8E8E4C061EEEFA064B634CDA7CE33106E12D3D0AD2DF71902337489208847196FB68F7
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7846e527-29ac-4191-ac09-dc023f9f7a54","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728082493251,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.64844187213689
Encrypted:	false
SSDEEP:	24:Yv6XZcPicVLgEF0c7sbnl0RCmK8czOCYHflEpwiVSr:Yvv6cFg6sGAh8cvYHWpw/
MD5:	4ADBD5B605471B163233B5CDB20ADD1E
SHA1:	85BF7320F30AC72A5061F749364050722350D3A7
SHA-256:	558E2C342E4E54BCC767B02F2D522B3DBDC67AD2A5083A75D0B1B65492B9035D
SHA-512:	2F8D7DF32BABB55D119196398D39C711E9CECF4E6D14317F93F9A51519FF9C697DD3CADB83BCC44883C128CA1BB16AAB78546BFAB30A67AE19D2FD8B7B579AA7
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7846e527-29ac-4191-ac09-dc023f9f7a54","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728082493251,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.252295752034621
Encrypted:	false
SSDEEP:	6:YEQXJ2HXsg9PtWl9x+FIbRI6XVW7+0YGVV6loAvJfQ1rPeUkwRe9:YvXKXZc9UYpW7VGY16Ukee9
MD5:	2F4436A8109D521E6D08BE96BCE44D22
SHA1:	AAC6AEF85D5E3F0222B8CA2EABDD1C35FDDA7EBE
SHA-256:	B42103BE62DDEC635C0AC8CFE4D8211169680B385D7896CBEE2D92509F4435DF
SHA-512:	7D30445394AA3173BFC3B2BD2E3767F984CF0C8D3ECFF4DC6008010621220B58849384ED735890658A1E6B50A55BBD1448C9F74A36149117CDA201E3CD5FA281
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7846e527-29ac-4191-ac09-dc023f9f7a54","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728082493251,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1038
Entropy (8bit):	5.643454437675418
Encrypted:	false
SSDEEP:	24:Yv6XZcPiB2LgEF7cciAXs0nl0RCmK8czOCAPtciBSr:Yvv6Bogc8hAh8cvAY
MD5:	7A67CC94EE17B1D7BDDA4A0EAB947FAB
SHA1:	2E71C3C1BB129BA29B23EDC49FBE0238D700EB03
SHA-256:	722883AF9F8B5B27AC0B9C8E5684A0C69EF5C8BEAF563C97411EA5AAE5E159AA
SHA-512:	E57969BE595A6F039D344FB2B24BBC19AA81DE2FC0FA2359D59A784D91F956A293A0519D53339DC50EA75F1FCD430B17147BA6EC836DAB7C8407969344363DB5
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7846e527-29ac-4191-ac09-dc023f9f7a54","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728082493251,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.6970826731325
Encrypted:	false
SSDEEP:	24:Yv6XZcPiBKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5Sr:Yvv6BEgqprtrS5OZjSlwTmAfSKM
MD5:	3D3681578BF860D0E900D5BB31873C78
SHA1:	5F966E3222B4E2F00D5979F3878E53246265FE6D
SHA-256:	204264693CE05E42671793817704EF8741F2273EC1D8C64416266A1A9B9C88CB
SHA-512:	60CEDB1804B7A9766358BB5C37A9F703707702DA70A6351D4DE20EB4ABB73EDDED6D20CE8CFC1F9313A085F80168E90EC72A509C68301F0494683C22C2FE88C6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7846e527-29ac-4191-ac09-dc023f9f7a54","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728082493251,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.2589498511114945
Encrypted:	false
SSDEEP:	6:YEQXJ2HXsg9PtWl9x+FIbRI6XVW7+0YGVV6loAvJfYdPeUkwRe9:YvXKXZc9UYpW7VGg8Ukee9
MD5:	7DECC2D1C0DE61AD0B01CA1B68CDFE1B
SHA1:	F8C83CB0B070DB7FE1D897592F3E71C364D213CC
SHA-256:	C5AA92F89C157E2A98F6DF4661C1CB66A0F8E1FB2997CD51BAC79761CA1C4F76
SHA-512:	8E5F0B84FEEABC0C2188DF0AE6565DD47220893DD3D56B9B17EAF590E15B628A8AF4EF33489FFC412592869BC2250BB8913CC131CB150908953CCBB8AF298E1F
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7846e527-29ac-4191-ac09-dc023f9f7a54","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728082493251,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.772639192840698
Encrypted:	false
SSDEEP:	24:Yv6XZcPiMrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNKr:Yvv6MHgDv3W2aYQfgB5OUupHrQ9FJM
MD5:	849781C907005498884A8637A1836701
SHA1:	5F718B8C4876E7FB942F6ED391F021D4A661A65D
SHA-256:	1C9532FA0647585363B26CD3D3B9BF3FDA8A3B45F1ECA23E3CC96D0284B279C6
SHA-512:	12FA6FF14859107FD2DAA6E36CE16193888E25E6AFB3E281EF4FB4D36460A5B9A8019669CD38D6E579C4F1C2626D4C97E00628D5ECA7081A250B878F2BB43CC2
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7846e527-29ac-4191-ac09-dc023f9f7a54","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728082493251,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.242779080392839
Encrypted:	false
SSDEEP:	6:YEQXJ2HXsg9PtWl9x+FIbRI6XVW7+0YGVV6loAvJfbPtdPeUkwRe9:YvXKXZc9UYpW7VGDV8Ukee9
MD5:	35EA60B64749A36D16DFAA7BD1112A42
SHA1:	58E68883C48066864205565497ADB051175D3241
SHA-256:	7F0C840289322426D494A9349491D762B9EC10C902D774B3D82FD56F3B123E29
SHA-512:	027AC8E6F3818129E9187C949167321E37E3FDFD39485BE8D4021855B2AF629661229A1E91D0FE8C44E1EF52F1B790736AC142E759C1185312FF6C51E6BFE4A4
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7846e527-29ac-4191-ac09-dc023f9f7a54","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728082493251,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.244179969900328
Encrypted:	false
SSDEEP:	6:YEQXJ2HXsg9PtWl9x+FIbRI6XVW7+0YGVV6loAvJf21rPeUkwRe9:YvXKXZc9UYpW7VG+16Ukee9
MD5:	1C98CC7001855D196664C8FBAD4C47BE
SHA1:	EADE9A4384DDD0B7B794D3346345009AF4593888
SHA-256:	B0D72396688AC9C0AB1BADEB205A7277D1FE3BF7D1D321BF0D25211AC994CEB9
SHA-512:	B9D202A56612238BDA946C9C21EC802311F4DEF56C80143DBEEAFC5A70985A75CB6C43D0DD2A0A915B241EDF77CFAAD50B32EDBD20B4B261BA24DF9DC0DB3095
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7846e527-29ac-4191-ac09-dc023f9f7a54","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728082493251,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1058
Entropy (8bit):	5.652658889825535
Encrypted:	false
SSDEEP:	24:Yv6XZcPimamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BSr:Yvv6oBguOAh8cv+NKl
MD5:	548E5798BB40461AD5F61DD0BCEAC44D
SHA1:	B4C12154BE88679A3B0BAA070B4AAB26BD17BA84
SHA-256:	E59C246F68EFF7486BD1E9F85511EFB76E23484B739946470ABEE4FBAE7FB54A
SHA-512:	B1714526E59E97E09FDB92D79169378F4CB12595F9EFDF1F9F9BE32DF249C957BD8E5CC516CC4A097E59C1AA8CE368B218024C70CDC888EE0C7EFED65DD975DE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7846e527-29ac-4191-ac09-dc023f9f7a54","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728082493251,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.219073604596552
Encrypted:	false
SSDEEP:	6:YEQXJ2HXsg9PtWl9x+FIbRI6XVW7+0YGVV6loAvJfshHHrPeUkwRe9:YvXKXZc9UYpW7VGUUUkee9
MD5:	B8229B058476F63992F563AF72397B27
SHA1:	0A7BE1C3D5809AB58F32677B67715885E0B7E619
SHA-256:	F317E440D55AB4B78CEDB285AE47FB3D24F3DC3F9E4FB227EF684D385016E851
SHA-512:	3CCBB447F79BDDF4312D7B000E4FF9C398801464D3477E8113CDA3CBADC12C8EE3EE08C7F79D14531226F4666B9EABCC60AB0C4FB4249B8FCB6E85695A445FD6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7846e527-29ac-4191-ac09-dc023f9f7a54","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728082493251,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.355030743664162
Encrypted:	false
SSDEEP:	12:YvXKXZc9UYpW7VGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWGr:Yv6XZcPix168CgEXX5kcIfANh7r
MD5:	DEA89A4D9F108C754B2844222DE73DAA
SHA1:	EFCF0EFDEAE350893940E2AC43FCBE1C7972A167
SHA-256:	D764D82DA3CDBB16226B67439675CF0D9B609D9ADF6A5E34964EFC27C8F7914D
SHA-512:	2B24C24C2F6DE808A85D914824F074E98326409EF74ED519DD71476AF5FF34186D675DFD82A6E4E9CDC65AFC8D25BE0E0BF30C57FB03FB85E9524E676A032D19
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7846e527-29ac-4191-ac09-dc023f9f7a54","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728082493251,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1727904548284}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.137321018046282
Encrypted:	false
SSDEEP:	48:Yq1/S9g/TEqj21of0VqCk5skqrcn9DApH:L1/cSTEqj21ofKqxLkacl
MD5:	CA1B3630F4D0F93CD57C71E2DB964C52
SHA1:	769E8C3C40E4232A0E529003A31D9CDF8EF7661E
SHA-256:	0D6D9A074EC33C1C2A05E999E2C6869D314D55EB2AA87D0FAE598A9F56A29908
SHA-512:	0794B8872A8587B18948B30B8F4145F0441B4CB8570FB302A28EA47D62AEE630F97F7A8C67BB65C98CC884606B26EBE036682949F15190645DEAF0009C1536CD
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"712b4ee836fcd2811986ef209f323e7f","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1727904548000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"b11e38525c6fd084160e81bcfa00783e","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1727904547000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"2b65e823dceb4806a12244b21c1b3aab","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1727904547000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"c6bfaf1f15b8c9d177051d914293abac","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1727904547000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"ddf0f73fa938e6a17ae67a2351b4fef1","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1727904547000},{"id":"Edit_InApp_Aug2020","info":{"dg":"4d5a2d795610c417b8e1e0df1a89953f","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9954129253098863
Encrypted:	false
SSDEEP:	24:TLKufx/XYKQvGJF7ursB1RZKHs/DsgpduVe8R1cSF:TGufl2GL7msvgOsKdusicS
MD5:	DBEBDC4384DFF4EEAD55F71C69E89362
SHA1:	C2A4C6E42CEFB71BC24CE5DB45F35425A82D54F3
SHA-256:	4F2E2417695EA89FEC1F5AA4F43124C0C219E6BFEDF5DD92B236F983DB452C9D
SHA-512:	923FE41118DCF39579818AA6636DF288269ED9DBCE848785D1D3A7D3EFFF89E20E95A21918A9387E3A938FFC9475A4B0CE67B153A0403477AFE092C71C7DE690
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3567784251637383
Encrypted:	false
SSDEEP:	24:7+tpn1RZKHs/Ds/SpkpduVe8R1cS3qLhx/XYKQvGJF7ursR:7MngOVp+dusic6qFl2GL7msR
MD5:	5F2209A5E50E6D2A8964E802C70958A7
SHA1:	31D94B8FB850F2C2986BF3958B35E60CFD13C891
SHA-256:	D8EA7A7104B01AF6E985FAA78BE4DA4EA28ED2FAEB4C0F11642D30F3B580A252
SHA-512:	365C85F52743FC956E88A056FAE4DDDD024937286E5F121329B7F75B853F94441FDABC0B7980A3D63160BC6BE141AB07898A0D034CB4CDDF4DE0F37ADEA81C57
Malicious:	false
Preview:	.... .c......u........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#...z.>.....}.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI4d518.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5030768995714583
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8gjqWww:Qw946cPbiOxDlbYnuRKLD
MD5:	33A735F7BF2C9489E2240A9CD60D1774
SHA1:	4588BCF218BB8D20CDBF59CA04A4233CB13BFF07
SHA-256:	E94BBD58BD126005134FC249556933841F9FB991D4471DCB0E1FEDED6A0A0F7F
SHA-512:	A70860674C529EACB7E4A19BF16FCF642415985D9994FFE58EACB3A625E25861C41C4CF3D305404EC04D688EEB81F0A9F1CF656F2B4C6CB37EA64B6B0513E763
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.2./.1.0./.2.0.2.4. . .1.7.:.2.9.:.0.9. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91jkk4ho_ogj0zb_5ds.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	144514
Entropy (8bit):	7.992637131260696
Encrypted:	true
SSDEEP:	3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
MD5:	BA1716D4FB435DA6C47CE77E3667E6A8
SHA1:	AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
SHA-256:	AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
SHA-512:	65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
Malicious:	false
Preview:	PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..\|....,.A.....Z..a<.C._..../G\|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.\|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r\|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?\|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91wfwnpq_ogj0za_5ds.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	144514
Entropy (8bit):	7.992637131260696
Encrypted:	true
SSDEEP:	3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
MD5:	BA1716D4FB435DA6C47CE77E3667E6A8
SHA1:	AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
SHA-256:	AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
SHA-512:	65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
Malicious:	false
Preview:	PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..\|....,.A.....Z..a<.C._..../G\|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.\|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r\|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?\|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A96odzwj_ogj0zc_5ds.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.028909898582472
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOtN+VKh0N+VKhdLCSyAAO:IngVMre9T0HQIDmy9g06JX3vwvJlX
MD5:	A7A814EC020B23CDE6F340C8BA482ABA
SHA1:	0E1A51AC69B1A21A19DF44778A750823FFD6428D
SHA-256:	68DC5F6FF54234EA333EDEA5577D36719DA73EA27917745C88CB701356F7BBBE
SHA-512:	77F47B7FB576BEDB88B8843F68A8AD92132DFD4B86B29FB99EE35D7B87F3D7F3216BE1FB3969B382C8784F7B2100785411767C27692FFDBCF8178A7C309E4524
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<0BA5A1B545AFFF4F93F03A364B28BFAD><0BA5A1B545AFFF4F93F03A364B28BFAD>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-02 17-29-04-767.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.376360055978702
Encrypted:	false
SSDEEP:	384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
MD5:	1336667A75083BF81E2632FABAA88B67
SHA1:	46E40800B27D95DAED0DBB830E0D0BA85C031D40
SHA-256:	F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
SHA-512:	D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
Malicious:	false
Preview:	SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.3436228955630645
Encrypted:	false
SSDEEP:	384:j26Dy+nK378UK20V8RtPC8y6SpO6wtqY2gfzVZV5Epd68A1duFpj4j4dEK06BksK:I1V
MD5:	0EDB1E6BCEA1F44D40F47BF89FD07C95
SHA1:	8503CD8DF307E89EF338C0448591165BD3DB0E45
SHA-256:	867A7A4AFB87B99B18176FD9D3EB0B1105D0498BCA367D26A7FC3C94CA090218
SHA-512:	CDC4D60AAA2950A5ABA53A39CFD7B08CA435268F8E193C1E3A6920536FE34F7BA7ED05C4BDD5019219A07E90B6975C988E54C75006791271B55D987D2CF01C7A
Malicious:	false
Preview:	SessionID=641d798a-da22-453c-86a4-ab3c05628503.1727904544780 Timestamp=2024-10-02T17:29:04:780-0400 ThreadID=5420 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=641d798a-da22-453c-86a4-ab3c05628503.1727904544780 Timestamp=2024-10-02T17:29:04:781-0400 ThreadID=5420 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=641d798a-da22-453c-86a4-ab3c05628503.1727904544780 Timestamp=2024-10-02T17:29:04:781-0400 ThreadID=5420 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=641d798a-da22-453c-86a4-ab3c05628503.1727904544780 Timestamp=2024-10-02T17:29:04:781-0400 ThreadID=5420 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=641d798a-da22-453c-86a4-ab3c05628503.1727904544780 Timestamp=2024-10-02T17:29:04:781-0400 ThreadID=5420 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.39073253367966
Encrypted:	false
SSDEEP:	768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbS:m
MD5:	606CF521C27303278C401D65A720AB22
SHA1:	4B4AACF312252098919D96D06F7F1771DCAA5006
SHA-256:	2D3E7B107FCFF9A190A11587483F2BC4447792CADA072C9D05F691252F59BF1C
SHA-512:	F8CBA17D86037335F1627A8B3B843BDB0D5F2832696130D6EEB8C397442AD5A0911F954AAB825322EF5B7C88635E69591BBBE0C5C65478F6D89D3E6A5C92076F
Malicious:	false
Preview:	04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : *************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***********************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\44ba485b-3adc-4b52-81cd-23c4f87ea3de.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\497388be-28c2-4fcf-a0b4-8e2642953d5c.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\607ec417-bb13-4dc6-be3c-334df83dd304.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
MD5:	18E3D04537AF72FDBEB3760B2D10C80E
SHA1:	B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
SHA-256:	BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
SHA-512:	2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\9ade6303-8768-45fd-aa5d-4d6d89143f23.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.66829583405449
Encrypted:	false
SSDEEP:	3:So6FwHn:So6FwHn
MD5:	DD4A3BD8B9FF61628346391EA9987E1D
SHA1:	474076C122CACAAF112469FC62976BB69187AA2B
SHA-256:	7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
SHA-512:	FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
Malicious:	false
Preview:	<</Settings [/c <<>>].>>

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	98682
Entropy (8bit):	6.445287254681573
Encrypted:	false
SSDEEP:	1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L
MD5:	7113425405A05E110DC458BBF93F608A
SHA1:	88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF
SHA-256:	7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46
SHA-512:	6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D
Malicious:	false
Preview:	0...u0...\...0....H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240807121815Z..240814121815Z0..~.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!... .}...\|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	737
Entropy (8bit):	7.501268097735403
Encrypted:	false
SSDEEP:	12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa
MD5:	5274D23C3AB7C3D5A4F3F86D4249A545
SHA1:	8A3778F5083169B281B610F2036E79AEA3020192
SHA-256:	8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97
SHA-512:	FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574
Malicious:	false
Preview:	0...0.....0....H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..240806194648Z..240827194648Z.00.0...U.#..0.......q]dL..g?....O0...U........0....H.............vz..@.Nm...6d...t;.Jx?....6...p...#.[.......o.q...;.........?......o...^p0R.......~....)....i.n;A.n.z..O~..%=..s..W.4.+........G...*..=....xen$_i"s..\...L..4../<.4...G.....L...c..k@.J.rC.4h.c.ck./.Q-r53..a#.8#......0.n......a.-'..S. .>..xAKo.k.....;.D>....sb '<..-o.KE...X!i.].c.....o~.q........D...`....N... W:{.3......a@....i....#./..eQ...e.......W.s..V:.38..U.H{.>.....#....?{.....bYAk'b0on..Gb..-..).."q2GO<S.C...FsY!D....x..]4.....X....Y...Rj.....I.96$.4ZQ&..$,hC..H.%..hE....

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ISO-8859 text, with very long lines (3486), with CRLF, CR line terminators
Category:	dropped
Size (bytes):	14456
Entropy (8bit):	4.2098179599164975
Encrypted:	false
SSDEEP:	192:gcPqYV/saFlwwR+kMqe8TlZMX1sgUVa3ddMVsuNeMcGdSD9obOUAVlcMudM/Y14e:g7Q/X4kMb0lZ6mgtdHOelGdWaolvsTZ
MD5:	32FCA302C8B872738373D7CCB1E75FD4
SHA1:	DA85FAF24ED0ECFD5D69CCFD6286D8B77D7EB4F1
SHA-256:	CD0DD26304B88C20801FE80B33C49C009E2E5D4411B5D7F83252E1D90CD461C6
SHA-512:	57F8CC85FAFB15455074431216E47433E50DF5DE74ED74C395B7FF2C433DB7CE06F0A1C1FE1EFDC17229DBC33325D559789F43901556DD1A12963B94F01D5A1F
Malicious:	false
Preview:	%PPKLITE-2.1.%......1 0 obj.<</PPK<</AddressBook<</Entries[2 0 R 3 0 R 4 0 R 5 0 R 6 0 R]/NextID 1006/Type/AddressBook>>/Type/PPK/User<</Type/User>>/V 65537>>/Type/Catalog>>.endobj.2 0 obj.<</ABEType 1/Cert<308204A130820389A00302010202043E1CBD28300D06092A864886F70D01010505003069310B300906035504061302555331233021060355040A131A41646F62652053797374656D7320496E636F72706F7261746564311D301B060355040B131441646F6265205472757374205365727669636573311630140603550403130D41646F626520526F6F74204341301E170D3033303130383233333732335A170D3233303130393030303732335A3069310B300906035504061302555331233021060355040A131A41646F62652053797374656D7320496E636F72706F7261746564311D301B060355040B131441646F6265205472757374205365727669636573311630140603550403130D41646F626520526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100CC4F5484F7A7A2E733537F3F9C12886B2C9947677E0F1EB9AD1488F9C310D81DF0F0D59F690A2F5935B0CC6CA94C9C15A09FCE20BFA0CF54E2E02066453F3986387E9CC48E0722C624F60112B035DF55EA6990B

Static File Info

General

File type:	PDF document, version 1.4, 2 pages
Entropy (8bit):	7.894931685181117
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	CountsDavid.pdf
File size:	53'052 bytes
MD5:	05d8ae994a3bbbdb319216934d6ebe39
SHA1:	85e5469e39e8b3cfb89e2f3f3c0fa23010475bf0
SHA256:	43b146176ad126f44e6bde8c91618078096823ed286b376c985ff16d220caaad
SHA512:	1dd0ab68e5123f87e29f9a929f444c4acdff3b87385670c1adc1e0c4fcb3a4bdfd6c84cb330a0662179924843b908539541ff3faf08323e28b81f70286a96644
SSDEEP:	1536:aBdRxOEJVf40bhluilTXwsy0vFt5B24XHlh6ULgAB:abRr340b++jh9BnFoQB
TLSH:	F233E0FDD8660C4CE8E34BD6C5B77E99681CF22346F47A5234350A41B8395C4BA31EAB
File Content Preview:	%PDF-1.4.1 0 obj.<<./Title (..)./Creator (..)./Producer (...Q.t. .5...5...1)./CreationDate (D:20240930191758).>>.endobj.2 0 obj.<<./Type /Catalog./Pages 3 0 R.>>.endobj.4 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.894932
Total Bytes:	53052
Stream Entropy:	7.935925
Stream Bytes:	49274
Entropy outside Streams:	5.057219
Bytes outside Streams:	3778
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	29
endobj	29
stream	7
endstream	6
xref	1
trailer	1
startxref	1
/Page	2
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
14	398991bac3cffcc0	fe9c2fe3c1be7b80f77f3cdfd21509cf

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 6504, Parent PID: 1028

General

Target ID:	0
Start time:	17:29:01
Start date:	02/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\CountsDavid.pdf"
Imagebase:	0x7ff686a00000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 2260, Parent PID: 6504

General

Target ID:	2
Start time:	17:29:02
Start date:	02/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7268, Parent PID: 2260

General

Target ID:	4
Start time:	17:29:02
Start date:	02/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2120 --field-trial-handle=1640,i,9100371248233742910,7602983960999666297,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report CountsDavid.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\378f3379-a775-42b4-8c8c-512de2bd81fc.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241002212906Z-154.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Windows Analysis Report
CountsDavid.pdf