Edit tour

Windows Analysis Report
IES PAW Montepio.pdf

Overview

General Information

Sample name:	IES PAW Montepio.pdf
Analysis ID:	1525975
MD5:	4a551c9d39c68ad88fca7747e8e99934
SHA1:	e6ea992a83809249061e975908fa4ef7873ee930
SHA256:	fa7171135021f816e7259f88a273307da9b3e545f5502bb34025061772ec055f
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

IP address seen in connection with other malware

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 4136 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\IES PAW Montepio.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 5616 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7024 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1768,i,16637311774661600001,10864908080861009943,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Joe Sandbox View	IP Address: 34.193.227.236 34.193.227.236
Source: Joe Sandbox View	IP Address: 23.200.196.138 23.200.196.138

Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.dr	String found in binary or memory: http://x1.i.lencr.org/

Source: classification engine

Classification label: clean0.winPDF@14/50@0/2

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-04 10-25-14-960.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\IES PAW Montepio.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1768,i,16637311774661600001,10864908080861009943,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1768,i,16637311774661600001,10864908080861009943,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: IES PAW Montepio.pdf	Initial sample: PDF keyword /JS count = 0
Source: IES PAW Montepio.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: IES PAW Montepio.pdf

Initial sample: PDF keyword stream count = 101

Source: IES PAW Montepio.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: IES PAW Montepio.pdf

Initial sample: PDF keyword endstream count = 101

Source: IES PAW Montepio.pdf

Initial sample: PDF keyword obj count = 194

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://x1.i.lencr.org/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.2.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
34.193.227.236	unknown	United States		14618	AMAZON-AESUS	false
23.200.196.138	unknown	United States		2860	NOS_COMUNICACOESPT	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1525975
Start date and time:	2024-10-04 16:24:17 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 10s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	IES PAW Montepio.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/50@0/2
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 162.159.61.3, 172.64.41.3, 52.202.204.11, 52.5.13.197, 54.227.187.23, 23.22.254.206, 2.23.197.184, 93.184.221.240, 2.19.126.143, 2.19.126.149, 192.168.2.6, 23.200.0.21
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, client.wns.windows.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, wu.azureedge.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
VT rate limit hit for: IES PAW Montepio.pdf

Simulations

Behavior and APIs

Time	Type	Description
10:25:21	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

Input	Output
URL: PDF document Model: jbxai	{ "brand":["Banco Montepio", "Net24"], "contains_trigger_text":true, "trigger_text":"A operao foi concluda com sucesso.", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Input

Output

URL: PDF document Model: jbxai

{
"brand":["Banco Montepio",
"Net24"],
"contains_trigger_text":true,
"trigger_text":"A operao foi concluda com sucesso.",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
34.193.227.236	Sales_Contract_Main_417053608_09.2024.pdf	Get hash	malicious	Unknown	Browse
	Final_Contract_Copy-532392974.pdf	Get hash	malicious	Unknown	Browse
	Cbequipment-Voice Audio Interface.pdf	Get hash	malicious	HTMLPhisher	Browse
	Pure Storage Open Benefits Enrollment.pdf	Get hash	malicious	Unknown	Browse
	v2.1.pdf	Get hash	malicious	Unknown	Browse
	https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6InN2ZXJiZXJuZUBod2xvY2huZXIuY29tIiwicmVxdWVzdElkIjoiNzgwMDFlMWUtY2NmYy00M2ZhLTQxYmItMjk2M2EyNGZhMWVmIiwibGluayI6Imh0dHBzOi8vYWNyb2JhdC5hZG9iZS5jb20vaWQvdXJuOmFhaWQ6c2M6VVM6OTk1YjVjZmEtMGYyZC00ZTljLTgwOWYtYzc5YzUxN2RlNjFkIiwibGFiZWwiOiIxMiIsImxvY2FsZSI6ImVuX1VTIn0.0EWW2z_mxehDkMMQ98vMToXInjMXe5XMr7nBZXvNhumnuPscVlD99QQVhtOQEqMfyqFH2INPck0-ahuKra8sJg	Get hash	malicious	LummaC Stealer	Browse
	234565437863_PDF.zip	Get hash	malicious	Unknown	Browse
	Gov Annual Salary + Employer - Provided Benefits2.pdf	Get hash	malicious	Phisher	Browse
	Remittance 728 Norriselectric0032xslx.pdf	Get hash	malicious	HTMLPhisher	Browse
	Info Bonus Appreciation Letter_1151.pdf	Get hash	malicious	Unknown	Browse
23.200.196.138	report_209.pdf	Get hash	malicious	Unknown	Browse
	Statement 2024-14.pdf	Get hash	malicious	Unknown	Browse
	uenic.msi	Get hash	malicious	Unknown	Browse
	https://img1.wsimg.com/blobby/go/672d0f54-9add-420a-a58c-ef66bcb1ba03/downloads/sijapej.pdf	Get hash	malicious	Unknown	Browse
	c.cmd	Get hash	malicious	CarnavalHeist	Browse
	Voice_Message.pdf	Get hash	malicious	HTMLPhisher	Browse
	ADJUSTMENT ON PAY RISE FOR ALL FACULTY AND STAFF.pdf	Get hash	malicious	HTMLPhisher	Browse
	v2.1.pdf	Get hash	malicious	Unknown	Browse
	Sfoster REM.993510.pdf	Get hash	malicious	Unknown	Browse
	DOC-66642820.pdf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-AESUS	https://lil-loveeeees.blogspot.com/	Get hash	malicious	Unknown	Browse	3.233.209.230
	ethaertharety.ps1	Get hash	malicious	Unknown	Browse	23.22.69.86
	TsxJNxhxMJfQTd.ps1	Get hash	malicious	Unknown	Browse	3.214.210.17
	https://smallpdf.com/sign-pdf/document#data=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2VzaWduLnNtYWxscGRmLXN0YWdpbmcuY29tIiwic3ViIjoiN2NmYmYzYzYtZGJhZS00MDU2LWFmNjEtZTE1OTY4NGUxZTc4IiwiYXVkIjpbImVzaWduIl0sImV4cCI6MTcyOTI1NTE2OCwibmJmIjoxNzI4MDQ1NTY4LCJpYXQiOjE3MjgwNDU1NjgsImp0aSI6IjdjZmJmM2M2LWRiYWUtNDA1Ni1hZjYxLWUxNTk2ODRlMWU3OCIsInBheWxvYWQiOnsiZW52ZWxvcGVfaWQiOiIyNDYxNDE2ZC1iYWJmLTQzMDktOTRhYy1hZWJkYzRjMmZmY2MiLCJzaWduX3JlcXVlc3RfaWQiOiI3Y2ZiZjNjNi1kYmFlLTQwNTYtYWY2MS1lMTU5Njg0ZTFlNzgiLCJ0b2tlbl90eXBlIjoibm90aWZpY2F0aW9uIiwidXNlcl9lbWFpbCI6ImZyYW5jZXMud29vZEB1a3JpLm9yZyIsInVzZXJfZmlyc3RuYW1lIjoiZnJhbmNlcy53b29kQHVrcmkub3JnIiwidXNlcl9sYXN0bmFtZSI6ImZyYW5jZXMud29vZEB1a3JpLm9yZyJ9fQ.OqxYiO2DP6wYmX2t6u3X4Qa-FIZ5J__ELTV29qKimLo&eid=2461416d-babf-4309-94ac-aebdc4c2ffcc&esrt=7cfbf3c6-dbae-4056-af61-e159684e1e78	Get hash	malicious	HTMLPhisher	Browse	3.5.66.206
	https://rb.gy/a8jf8c	Get hash	malicious	Unknown	Browse	44.196.17.179
	UPDATED Q-LOT24038.exe	Get hash	malicious	FormBook	Browse	44.213.25.70
	Payout Receipt.pptx	Get hash	malicious	HTMLPhisher	Browse	3.5.1.122
	https://jhansalazar.weebly.com/	Get hash	malicious	Unknown	Browse	3.82.83.121
	c42oX67S73.ps1	Get hash	malicious	Unknown	Browse	52.23.7.200
	AHCHICSvjmApRFFQmAQXRyNbw.ps1	Get hash	malicious	Unknown	Browse	34.236.124.61
NOS_COMUNICACOESPT	SecuriteInfo.com.Linux.Siggen.9999.10361.13333.elf	Get hash	malicious	Mirai	Browse	89.154.247.83
	report_209.pdf	Get hash	malicious	Unknown	Browse	23.200.196.138
	https://novo.oratoriomariano.com/novo/99417/Entry.html	Get hash	malicious	Unknown	Browse	88.157.228.52
	http://novo.oratoriomariano.com/novo/94694/	Get hash	malicious	Unknown	Browse	88.157.228.52
	https://novo.oratoriomariano.com/novo/92164/	Get hash	malicious	Unknown	Browse	88.157.228.52
	Statement 2024-14.pdf	Get hash	malicious	Unknown	Browse	23.200.196.138
	uenic.msi	Get hash	malicious	Unknown	Browse	23.200.196.138
	jade.arm7.elf	Get hash	malicious	Mirai	Browse	94.132.45.220
	jade.mips.elf	Get hash	malicious	Mirai	Browse	94.132.45.255
	jade.mpsl.elf	Get hash	malicious	Mirai	Browse	95.92.102.18

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.202431667216886
Encrypted:	false
SSDEEP:	6:Qb/JbM+q2PN72nKuAl9OmbnIFUt8Hb/qYZmw+Hb/zMMVkwON72nKuAl9OmbjLJ:QbRbM+vVaHAahFUt8Hbz/+HbrMMV5OaC
MD5:	301273C7267AA5B22600E38833FCC58F
SHA1:	80AE72E2AC37EAEA4EBADD28B1D1156A61978C37
SHA-256:	D4E2B4771B5EA94530A344EE7A99435C6B4CDAF3E5A6EC228BDF3289B600CCA6
SHA-512:	B3397D242EE5D85141FEEDCF008AD1CA2B3106ADB5FED7923E013016A69611E19EA38C5128580109A4558B4485FC7102A39543F9941DAE788594DDCD45F52A70
Malicious:	false
Reputation:	low
Preview:	2024/10/04-10:25:13.375 46c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/04-10:25:13.389 46c Recovering log #3.2024/10/04-10:25:13.390 46c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.202431667216886
Encrypted:	false
SSDEEP:	6:Qb/JbM+q2PN72nKuAl9OmbnIFUt8Hb/qYZmw+Hb/zMMVkwON72nKuAl9OmbjLJ:QbRbM+vVaHAahFUt8Hbz/+HbrMMV5OaC
MD5:	301273C7267AA5B22600E38833FCC58F
SHA1:	80AE72E2AC37EAEA4EBADD28B1D1156A61978C37
SHA-256:	D4E2B4771B5EA94530A344EE7A99435C6B4CDAF3E5A6EC228BDF3289B600CCA6
SHA-512:	B3397D242EE5D85141FEEDCF008AD1CA2B3106ADB5FED7923E013016A69611E19EA38C5128580109A4558B4485FC7102A39543F9941DAE788594DDCD45F52A70
Malicious:	false
Reputation:	low
Preview:	2024/10/04-10:25:13.375 46c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/04-10:25:13.389 46c Recovering log #3.2024/10/04-10:25:13.390 46c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.087254365268313
Encrypted:	false
SSDEEP:	6:Qb/AO4q2PN72nKuAl9Ombzo2jMGIFUt8Hb/+Zmw+Hb/TDkwON72nKuAl9Ombzo23:QboO4vVaHAa8uFUt8Hbm/+HbbD5OaHAv
MD5:	83B84428DA3AA96E7A27B752970B65CD
SHA1:	358B8B28172646A99F689406A7BCF005F34AB7A8
SHA-256:	8E9EBC19A98E2F8BE143F7C1A8C8ADF484267838AA1D144CC27F1656A4E18274
SHA-512:	930C890D1C75E5A526C99FD4EF72D593FD1AF7279E062D1E563A9E605BCF7B85B7A3C3C34D99193780E4E4E52F14A8508EC412A68EEB17B2FD180D19E2D153EC
Malicious:	false
Reputation:	low
Preview:	2024/10/04-10:25:13.409 ac0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/04-10:25:13.411 ac0 Recovering log #3.2024/10/04-10:25:13.412 ac0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.087254365268313
Encrypted:	false
SSDEEP:	6:Qb/AO4q2PN72nKuAl9Ombzo2jMGIFUt8Hb/+Zmw+Hb/TDkwON72nKuAl9Ombzo23:QboO4vVaHAa8uFUt8Hbm/+HbbD5OaHAv
MD5:	83B84428DA3AA96E7A27B752970B65CD
SHA1:	358B8B28172646A99F689406A7BCF005F34AB7A8
SHA-256:	8E9EBC19A98E2F8BE143F7C1A8C8ADF484267838AA1D144CC27F1656A4E18274
SHA-512:	930C890D1C75E5A526C99FD4EF72D593FD1AF7279E062D1E563A9E605BCF7B85B7A3C3C34D99193780E4E4E52F14A8508EC412A68EEB17B2FD180D19E2D153EC
Malicious:	false
Reputation:	low
Preview:	2024/10/04-10:25:13.409 ac0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/04-10:25:13.411 ac0 Recovering log #3.2024/10/04-10:25:13.412 ac0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\66ca7422-1064-42d5-a97d-bc9bb408bf00.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.971139515803617
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqEJSsBdOg2HP/caq3QYiubcP7E4T3y:Y2sRdsxddMHPO3QYhbA7nby
MD5:	6A764638F2D0BCACDE2D0A62998771ED
SHA1:	5BC9053CE9BD759FD43F8C746F088FC97AE99D62
SHA-256:	330F7B85306EBE322BF9C314E85DBB12217B66B19CDE12364FD18EB2A2D10D6E
SHA-512:	F08A21ECCBBEA2B4CA71D020BD98EDFD5364B63AF9A4775DD6AEE43AB749DD001A38BDEDED07E00DE048A609A98FE25BE8199B628721EAB1D92B5C824B214008
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372611924697770","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":225822},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.971139515803617
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqEJSsBdOg2HP/caq3QYiubcP7E4T3y:Y2sRdsxddMHPO3QYhbA7nby
MD5:	6A764638F2D0BCACDE2D0A62998771ED
SHA1:	5BC9053CE9BD759FD43F8C746F088FC97AE99D62
SHA-256:	330F7B85306EBE322BF9C314E85DBB12217B66B19CDE12364FD18EB2A2D10D6E
SHA-512:	F08A21ECCBBEA2B4CA71D020BD98EDFD5364B63AF9A4775DD6AEE43AB749DD001A38BDEDED07E00DE048A609A98FE25BE8199B628721EAB1D92B5C824B214008
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372611924697770","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":225822},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	5859
Entropy (8bit):	5.254593169678489
Encrypted:	false
SSDEEP:	96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7CgsbH:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzh0
MD5:	C020503B146A50E7EFC252F333FF28D5
SHA1:	B2CAA5E1383BA992F6986E48E6DA42BCF578AF42
SHA-256:	B0C2EC650C3E3D3A2C4F667E157B90707ACD234716A4BF2FD1530C1544451AE6
SHA-512:	4EC6F277E01235322F4F22906BAE51AE56876CAE8FB60B90B1694CF3C80632E14584D06E78B792112D9D04DDD35EF05A7F4841F8EA5FD9373DC876D23AC267C9
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	327
Entropy (8bit):	5.1072547341661165
Encrypted:	false
SSDEEP:	6:Qb/klq2PN72nKuAl9OmbzNMxIFUt8Hb/kmhZmw+Hb/khNDkwON72nKuAl9OmbzNq:QbMlvVaHAa8jFUt8HbMmh/+HbMf5OaHP
MD5:	75A7B35D4EA7811A73B83652BD6C4903
SHA1:	34EF4267B280CFF7F628D9114B05A29CD551819F
SHA-256:	C7A0FE614636957F4194AC35A260684086110807B4D39C18450340F393900355
SHA-512:	F8A3473B8B8E2528E4C6A39A8B8E137DACC46BD9A088634A6680C36A243BB4DF2F3932310D94FBBDD435828B59AF86A95141F2B52FBCE4EBDB874E59F11DA9E1
Malicious:	false
Reputation:	low
Preview:	2024/10/04-10:25:13.621 ac0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/04-10:25:13.623 ac0 Recovering log #3.2024/10/04-10:25:13.624 ac0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	327
Entropy (8bit):	5.1072547341661165
Encrypted:	false
SSDEEP:	6:Qb/klq2PN72nKuAl9OmbzNMxIFUt8Hb/kmhZmw+Hb/khNDkwON72nKuAl9OmbzNq:QbMlvVaHAa8jFUt8HbMmh/+HbMf5OaHP
MD5:	75A7B35D4EA7811A73B83652BD6C4903
SHA1:	34EF4267B280CFF7F628D9114B05A29CD551819F
SHA-256:	C7A0FE614636957F4194AC35A260684086110807B4D39C18450340F393900355
SHA-512:	F8A3473B8B8E2528E4C6A39A8B8E137DACC46BD9A088634A6680C36A243BB4DF2F3932310D94FBBDD435828B59AF86A95141F2B52FBCE4EBDB874E59F11DA9E1
Malicious:	false
Reputation:	low
Preview:	2024/10/04-10:25:13.621 ac0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/04-10:25:13.623 ac0 Recovering log #3.2024/10/04-10:25:13.624 ac0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241004142518Z-195.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	0.654245965799755
Encrypted:	false
SSDEEP:	96:PcwepmKLRSGQYJYbtIwiuslrJxqD8Nu1y9:ReIKLRSGQGSiNlW4Nyk
MD5:	14B6D1F7B33B52C965F7A87FE9B30611
SHA1:	A6C959DF9D2FFE0462E99B79007A02A8FECA5851
SHA-256:	8EAD9905B1F0BAD8EB22FDF10F8191C402EC353D13DAB5D9C60F51DFB721CFD5
SHA-512:	8F40FEEECFCA9B8AB5F400FABCD221193C7BA85F4FD538C413E5260FB8E0975EA2428A8DFEAFEABB080FD53BB35573E66022752F0B44FF2850932612154C907F
Malicious:	false
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 12, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 12
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.4447098041247015
Encrypted:	false
SSDEEP:	384:ieNci5tFiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:Jus3OazzU89UTTgUL
MD5:	FDDB41B9779D1A99395730D2130C3923
SHA1:	D86F29A5585EC46CE2B0D9F1604F656777D624B2
SHA-256:	913B3C6474885FC16AD72C3B29B03B2E65CE555630E1897841B51EECDD146213
SHA-512:	6533A1E5F703254A034118CB231F0C8CF1C54EFDBBFFC710588517943083F6E3D99AB5645CCF15814A3082526E8EAFD55D9D86D9708993DC8E8B4D98CA87CAE8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	2.2132951869448116
Encrypted:	false
SSDEEP:	24:7+tFXnnuwKKfqL0MzkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmO:7MZnCKfq/mFTIF3XmHjBoGGR+jMz+Lh+
MD5:	846DC7D9A8154C82DB4DCDA7A7D92352
SHA1:	DF935D1958357C4B2CD4D4C1C051C2E4CB5C5477
SHA-256:	6FAE740DFC705D7F63228C2571F9604A6A3CFD2C0B86964EBD19C2A28084E422
SHA-512:	1A8D213ED6B263E2A72715626FE4E019D4AAF4CA42B21437DEC2FBABFE83D2EBD67FE46CFA511CA818B41F9EEFD34D4B04384231825DF8B062AF74B0787255E1
Malicious:	false
Preview:	.... .c.....M7.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.732136534099206
Encrypted:	false
SSDEEP:	3:kkFklGt/lfllXlE/HT8k/hvNNX8RolJuRdxLlGB9lQRYwpDdt:kKftOT8q3NMa8RdWBwRd
MD5:	86B56A7740090EF2735AD98D83FC2F77
SHA1:	749FB20BFF2C7D010B53BC70DFC58BA1A3CBB01C
SHA-256:	082F3615D091A1C898710394B6EDA89169EFB2E534DECE3DF3224BDEF03776EC
SHA-512:	F335EDFB6DA9A49C1313110E258F1D7D2A901335D172C0E577FD4C528DE78D41DF165187DFE4F7E2CD2368C26FDDF40D0DEBC8F10D0EFA350EFF627C5C5A81B1
Malicious:	false
Preview:	p...... ........5H.>i...(....................................................... ..........W.....m..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.1333860653411176
Encrypted:	false
SSDEEP:	6:kK29UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:RDnLNkPlE99SNxAhUe/3
MD5:	655A6DE8FA2C7B1E26DDF65293754C62
SHA1:	1AA1540187854D9E96BCE551D3E55E3AC437DFC4
SHA-256:	26401A919741341F07A5777192455824B52947E7B171A5639848D8DB07593D57
SHA-512:	D4581C276E94AA1E15DFC3EE2E571477D196D48DA2C612067E41A08FB832ED6C4BABA69003A7A426962D303981921C2AB47482BB2877AB3AE976202CA2CDF3DA
Malicious:	false
Preview:	p...... ..........hQi...(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	227002
Entropy (8bit):	3.392780893644728
Encrypted:	false
SSDEEP:	1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn
MD5:	265E3E1166312A864FB63291EA661C6A
SHA1:	80DFF3187FF929596EB22E1DB9021BAD6F97178C
SHA-256:	C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728
SHA-512:	48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.362455583074525
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBfO7nZiQ0YGXneIoAvJM3g98kUwPeUkwRe9:YvXKXBacXwGMbLUkee9
MD5:	CB6F0BDDEF72FF6F394EB0693380502D
SHA1:	91CC90E7E4F85B2DA92D59A546ABE9F92E10BBE0
SHA-256:	ED88450F7C8AB9C5550C0951DBDE075F8A47F0A73C80C2CE4A86448D35AC2C47
SHA-512:	10E3ED101EC3FBA95D240C74F5E483F75F65952E838C94B7A6EC0F26D1CCE21C2DB636DC5273B47EBF891CE8CD54276CBB31E0BD2EA7AB728517CFB552F2FB4A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6e9d1ece-c9b2-45d1-adde-8f52326299db","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728230167598,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.313174938759916
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBfO7nZiQ0YGXneIoAvJfBoTfXpnrPeUkwRe9:YvXKXBacXwGWTfXcUkee9
MD5:	BAADB794A30902BE6EEAE283018A48EB
SHA1:	DAAE9E1C9AC218535275173A717D7D6D71D1A8E9
SHA-256:	6AC610B499C2A47F85967686555A40C8EE299DE14886E832898F60D3490CC2C3
SHA-512:	D8DCEBB60EA6D885A70A6C8E4E28D0E59B480BBE2C58753260AF2488E8CB7A35206724A5F8318C5371AF9B78EB659031907D8150741366396AF6E3E9761B19AF
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6e9d1ece-c9b2-45d1-adde-8f52326299db","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728230167598,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.292254402964877
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBfO7nZiQ0YGXneIoAvJfBD2G6UpnrPeUkwRe9:YvXKXBacXwGR22cUkee9
MD5:	E9AB239187A0680F54F5D7767D66E608
SHA1:	18D2FC4F0154F0DDAB378B2B97871848C56BCEB2
SHA-256:	D0FC35C1B89CD0451D3D087C3CBA99730B15DD7E6CE6664EB46D31D7D1E9707E
SHA-512:	AB8FC7BF00F381605AB5985A96198F28E49C8318B1C3698CABD7856A7CDF8C230CA3C292D0D4989F749EB63B79ACD799E97A47573F97611B6E2339E2E6A2F292
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6e9d1ece-c9b2-45d1-adde-8f52326299db","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728230167598,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.342446305993105
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBfO7nZiQ0YGXneIoAvJfPmwrPeUkwRe9:YvXKXBacXwGH56Ukee9
MD5:	A80DCC7DF47634A83131A779D3F407FD
SHA1:	1BB0188696A28B21AAB97158FC4E7AF3B00C2CA2
SHA-256:	47EBA16486A0B996566879EDFEE4E1BD75D91D04366328D5917D50126F8C499D
SHA-512:	93826C016E7E2875A91FBCA036560E57AD4636FE6D3A806D0A26F112445CFF166B075B031DFABF338D53BD248003B07E2874E6B9A5286D8015C1F1179E718F62
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6e9d1ece-c9b2-45d1-adde-8f52326299db","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728230167598,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	5.680927566015592
Encrypted:	false
SSDEEP:	24:Yv6XBfXtpLgE7cgD6SOGtnnl0RCmK8czOCYvSF:YvEPthgs6SraAh8cvYKF
MD5:	B6753315B17847C26F4EC93FED4957ED
SHA1:	87365892B0486AC27885956528F52158A5CE0EED
SHA-256:	DBB050702574BC3A91880F499672B941AC28ED2800C622B433359F26F8CE278C
SHA-512:	905682AEA9CF3ABEA4812A4A77BC7C525DBFBE1E907F84DEEA3B01F538317C3ABA8E9E369FE805AF6BDE01EEBA76E43CC8402BB40B497FC05DCEDD48766AB196
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6e9d1ece-c9b2-45d1-adde-8f52326299db","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728230167598,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_2","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"67a3a874-888f-4d96-9f3d-26e70c3e0be1","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgUERGIGZpbGVzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjoiUkdTMDM1MS1FTlUtQ2hhbGxlbmdlcjIifQ==","dataType":"ap

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.646438802288783
Encrypted:	false
SSDEEP:	24:Yv6XBfXxVLgEF0c7sbnl0RCmK8czOCYHflEpwiV0:YvEPxFg6sGAh8cvYHWpwF
MD5:	E1B8A1CE9FB8A1E771B05A9642C5BCAD
SHA1:	4A0CE1C8060B3A4E027292AC63ACC435DAF0D95F
SHA-256:	C60F7BDD7201264D57BAB2F940AF0261B46D9E5DAD48DAF72D5F5222B89A8719
SHA-512:	3644AE38CFBECF66BD143802F195580D55F44154A061FBB78F6D476EBF40A2E6E67C64008DA3DBCD8F3782EEAEA27E808D91B4482FBBBCD9DE9208EFC5CF2DA7
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6e9d1ece-c9b2-45d1-adde-8f52326299db","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728230167598,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.289657128059703
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBfO7nZiQ0YGXneIoAvJfQ1rPeUkwRe9:YvXKXBacXwGY16Ukee9
MD5:	BB4BE8A994D3EF5AF9AEA91C98FCC06C
SHA1:	297ABEBB0EFB62B2BCEBC63394E457B6FA2D91A8
SHA-256:	58D379215ABAF3F2B3D708852126709F69557A88F107B5ED3D7369ADE0F59BF7
SHA-512:	D87C21C9827274E479BE4497D767822A88F7064CF93E909E9BB2C01423749CFBB18697DAFFE6CEC9B9577C91856501C8316990259D7E118F56679EF53BAFCE3E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6e9d1ece-c9b2-45d1-adde-8f52326299db","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728230167598,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1098
Entropy (8bit):	5.679080227042081
Encrypted:	false
SSDEEP:	24:Yv6XBfXg2LgEFcs2SOGt0nl0RCmK8czOCUaBtCrfSF:YvEPgogq2SrhAh8cvUgEmF
MD5:	925C2F51628A4C3BD9CCE69DB2737386
SHA1:	C7A33B6A4C2DE5992BE2B3E7068EA94AF39A5E8B
SHA-256:	EE325CEE7D385BB4C4E4F80654579E3C6091AE5A57BA066BE44C99CA7E09045E
SHA-512:	4AD757D8F043D58BDC93896DCF897905540EC4DAF2CD96DA1331BB473EE7670F27B4D8B2BB552A4A6E6F29F40D82BEEA8A0C0E6E3A1000CD0C369A2B2621DE24
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6e9d1ece-c9b2-45d1-adde-8f52326299db","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728230167598,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_0","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"abdf1d9d-2114-4953-95a6-4eed783b9872","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlR1cm4gc2Nhbm5lZCBwYXBlciBkb2N1bWVudHNcbmludG8gaW5zdGFudGx5IGVkaXRhYmxlIFBERnMuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNoYWxsZW5nZXIyIn0=","dataTy

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.694764292072316
Encrypted:	false
SSDEEP:	24:Yv6XBfXoKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK50:YvEPoEgqprtrS5OZjSlwTmAfSKK
MD5:	7B3A51DD03D3E837AC99CF8916079E5F
SHA1:	E6FC4DD7C600D1157B3CDE2C5BDCB048E6951CFF
SHA-256:	061FD2CF2975222B1DF25AA95D84F5B62DFDDA118EC318FA466141B6363D120B
SHA-512:	EDCA5C5584F6012E6A03887EE011BC0BBCDF36CCA38FEFD154BB212053C90E202A3A9513172DDCD7ECB733E7406F7F7E857F92C92032E4B9570B108449F2E9CE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6e9d1ece-c9b2-45d1-adde-8f52326299db","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728230167598,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.2946543189133415
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBfO7nZiQ0YGXneIoAvJfYdPeUkwRe9:YvXKXBacXwGg8Ukee9
MD5:	1E264153C5B41E715C3FB2B204521B7E
SHA1:	42CDF9A32203BCCE345DBE70BD35D652172F25B0
SHA-256:	0246472F2B05D97F736D71EEA031C7A77E5CB47CB91E0E731C67B89A221ED0F9
SHA-512:	788DBFF13E77CFE0CC9C41B4AD1D178D537BB8CE0B46519491495621C31E4EC940637E21E6A9806D9001D84B73672B65235E8BCD04173832BFB823745F0E61C1
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6e9d1ece-c9b2-45d1-adde-8f52326299db","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728230167598,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.7687475737652925
Encrypted:	false
SSDEEP:	24:Yv6XBfXHrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNc:YvEPHHgDv3W2aYQfgB5OUupHrQ9FJK
MD5:	0AA3AE6CA37EA43E24CCEE4A11D1116D
SHA1:	D60AE55C43909F28F9850CA53B59756B499EE864
SHA-256:	44A5FB75FA39151A891433E37CEE1F22B157A395CD9F33E95A385793158736BE
SHA-512:	4EA33D635228FD67975BE49459D90A61206F07056CDAEEE1C16A8DF2466ABD833BEF2F1920BFA453FEDC9D15944020A4C248A0CC2687D3373F7094DF5EAC2975
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6e9d1ece-c9b2-45d1-adde-8f52326299db","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728230167598,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.278238156663401
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBfO7nZiQ0YGXneIoAvJfbPtdPeUkwRe9:YvXKXBacXwGDV8Ukee9
MD5:	88935A4A97DA9B1DC0C31D29A2C9B3C8
SHA1:	91A5E182CBA4E26DC3DAC3641A097C5D1FF59587
SHA-256:	E927AE188C8F744AF2345DCF5438ACB976E43D6BB63DCE28C422326CCEA1710E
SHA-512:	B54497596E724CA96C438A06F3E23185F68AC5D3863F7E282F289658960C2D7A9A7AAF9B614C3E5E0D89F1F1DFD724D42EE956E122436ECB707CC13AA6138BC8
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6e9d1ece-c9b2-45d1-adde-8f52326299db","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728230167598,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.28123110415668
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBfO7nZiQ0YGXneIoAvJf21rPeUkwRe9:YvXKXBacXwG+16Ukee9
MD5:	3B9C9F3C0C5ECB8F0FAF356BE539CE87
SHA1:	D137FB6F084F1CC0D62771FE1A63CFEF6D088033
SHA-256:	746B067BC4ED24E8C8FF51B6096E344AD1D3E0B6976B304CBA3504A2C16ADE23
SHA-512:	5CA234EFC64642E7A489E69FE958F7DD56ED58F787F0B4EE6CE58FC686A0F9DFD85926AA687E78FC290FF9B4E6D70931874F1F1D3C6231B616B7E7C992B466A1
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6e9d1ece-c9b2-45d1-adde-8f52326299db","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728230167598,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1054
Entropy (8bit):	5.658978185055295
Encrypted:	false
SSDEEP:	24:Yv6XBfXVamXayLgE6cTg4QSOGtNaqnl0RCmK8czOC/CrfSF:YvEPJBgSXQSrOAh8cv6mF
MD5:	7821C33F51B45166545BB7BA68C05359
SHA1:	9DF6C0EA3D40990239E20C5411E9BFA1FAE19758
SHA-256:	79BD6CDF3D755EF90B1C63FD7B16662C589342ABDD892DEC81EF54D85E3CC1B2
SHA-512:	2D53077E448643F2B08BD576019F32E4ADB6F524A42C9AF70C33164EA3689A372226C4D34E7372C9BA3B2EB1532CE9BB2C09773B80CCC5376E2A27A61CB2EECB
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6e9d1ece-c9b2-45d1-adde-8f52326299db","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728230167598,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_1","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"7fe39695-394c-4706-9b50-651e7499d428","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNoYWxsZW5nZXIyIn0=","dataType":"application\/json","encodingScheme":tru

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.25678417985872
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBfO7nZiQ0YGXneIoAvJfshHHrPeUkwRe9:YvXKXBacXwGUUUkee9
MD5:	F71591F4E6E2F2AA287321CB6ADA2BDD
SHA1:	12814BA790CE2A6183F8B722FCFA73FA603E45E4
SHA-256:	C781AF4147533CC894FE0375377F29F062B4AD8175CEF68CDE9A822BEAE26F9B
SHA-512:	E52DC6A1876969938A20FA86B5C80079588FA166DD077C958483176770E3C822A1E054648C3C89DBA6B45F30561FA364E3F665EA16AF0910F2C8D3464F04C8E9
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6e9d1ece-c9b2-45d1-adde-8f52326299db","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728230167598,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.354088101331316
Encrypted:	false
SSDEEP:	12:YvXKXBacXwGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWQ:Yv6XBfXm168CgEXX5kcIfANhF
MD5:	DC414374CF437345794A00E94F292FA9
SHA1:	D2C3E59ACDC83BE100EA26F5594E825F04897421
SHA-256:	281629CFE0E96046BB9DA1029A9A20728DA017E5FFBDCF20E0211FF4C3F82312
SHA-512:	262126116B8EEF992C0923C395D13EE6EE0FB168CA1E250FC6FFB96DAA938F29B376733D2D692566B650DDE8092673CD5CD2BA5AB4AB477682936252EFBA2C8C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"6e9d1ece-c9b2-45d1-adde-8f52326299db","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728230167598,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1728051922631}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.122036724988118
Encrypted:	false
SSDEEP:	24:Yo2DrauMLaydVxX/BJCTcCJcY4Zc6K1oUYjWn2j0Ss9u34A2YC2LS2fDn5dh9HqC:YqDfocPZc6o24IJ31fCkrnvh9p
MD5:	215DC8F8ECBF08C84D2ADF45B12F8450
SHA1:	EB8026BE94B0997485F4ED9E1789C282A8A3C1EC
SHA-256:	8DDFFEEE99322F0DDC1F3E652F8B52B1602C84F35DBCE0EB289318C705F81080
SHA-512:	8840406FDC96729E6BFF103D6B96F951D1B0144891435D5A0E9400115AD648DB08995BA584C1A1951A432601B76E77A146E42B5AC3733CE7EA0AF32AC191D38A
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"840614f32269042d3c7be9bffe9aef5c","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1728051922000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"7f403c0234a539fa9069f1afea65626d","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1728051922000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"9ce8265907ae82c3cdddff3a32832289","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1054,"ts":1728051922000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"3878c26cf71c6004264154f2752ef1ae","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1091,"ts":1728051922000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"2a4b695b3db568ad0555f539f867ee53","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1098,"ts":1728051922000},{"id":"Edit_InApp_Aug2020","info":{"dg":"5d6766c132a007e1eebd0014242f4b8e","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.145780203237242
Encrypted:	false
SSDEEP:	24:TLhx/XYKQvGJF7ursSkDxRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUu1:TFl2GL7msLD9Xc+XcGNFlRYIX2v3kuDD
MD5:	3A84CCFE9BE51EDD7A91EBD089F67D25
SHA1:	D524F491676FB5443580E2F6E17DA2AAA2074054
SHA-256:	A1205A277A85E0254E664D5B455276A5A07D068269BAD61ED58A599D0CD3EFB4
SHA-512:	208A052D4F808F425A65B059859E8F3E8392E8F3A26B9899051431C6AFF27C9CF2939B0C443975EDBAFBC2D78F83F65A24F5E00F4D0649E6BE70E729224B1FA4
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.5529355729787757
Encrypted:	false
SSDEEP:	24:7+thkDxUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxLqLxx/Xj:7MeDiXc+XcGNFlRYIX2vuqVl2GL7ms9
MD5:	17B8BCA86460B0402ED292F1053DAA02
SHA1:	A42D07A22D4E2A4E4599A332DB10B6EE6E389F61
SHA-256:	F66FFCB870434E5A98790E18BE7287DDCA0EC90E60A7CF67B8CDAA8F3A970BF8
SHA-512:	313DB679B96C2FA8E38A2CB953CDE2A1D89072E7A62F7BD70C2EFCFE59B752FE1F29FBB5CFADB4A9DAE4E92334EF822A8C0ED36F2C836984F23C48121A4BFAE9
Malicious:	false
Preview:	.... .c......q^...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b.b.b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIf02e2.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.4965336456103326
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K82RqdNG4lYH:Qw946cPbiOxDlbYnuRK/7oYH
MD5:	9618A4F43EBFF785C12F3A2683FCC1F9
SHA1:	C1B5521B550C6BF678B30DC982E94A771B7D7F0B
SHA-256:	0346CF5DADD03AEBDE39DA0AF826805ED0648F59501F16B46686444F766E33E1
SHA-512:	8B2DE6AE718197174B17C82E2809A6971362CA03BF4897FE069CD45C0FCEBCFED6B58E3955B2BD2E55205492FC024BF90BDED30A5DA7184F5A97A3C737603D41
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.4./.1.0./.2.0.2.4. . .1.0.:.2.5.:.2.0. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91g7osa6_88l9f8_3vk.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	144514
Entropy (8bit):	7.992637131260696
Encrypted:	true
SSDEEP:	3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
MD5:	BA1716D4FB435DA6C47CE77E3667E6A8
SHA1:	AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
SHA-256:	AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
SHA-512:	65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
Malicious:	false
Preview:	PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..\|....,.A.....Z..a<.C._..../G\|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.\|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r\|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?\|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9ighfn0_88l9f9_3vk.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	7.991460702951741
Encrypted:	true
SSDEEP:	1536:Ovj3fXvOA7zO3qgSPp67cNtHbKpPBXrzyUVLOhCn:OvjeSq37BcXWpJ/Pt
MD5:	3B5F73FB39FA1A34F87572B93BF62653
SHA1:	31B182D7C3C53990FA5F87F5732165BB837C9797
SHA-256:	2D490088481168DC4A9C5DF594BF42089F974BC29316D8594C72A5BB8EC3D5B0
SHA-512:	8A429777FF04523C780DF89F79D0258E1C17FCA6F6F7EE9346716D14836A1235C8A791FEE4FBAC56623650E687A673436CF128AF584F95BC76820FB40748C797
Malicious:	false
Preview:	PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..\|....,.A.....Z..a<.C._..../G\|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.\|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r\|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?\|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-04 10-25-14-960.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.338264912747007
Encrypted:	false
SSDEEP:	384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
MD5:	128A51060103D95314048C2F32A15C66
SHA1:	EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
SHA-256:	601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
SHA-512:	55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
Malicious:	false
Preview:	SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.3625689600685
Encrypted:	false
SSDEEP:	384:f578zVCTFKj65yaVRD/itX5gU3OXLhpH+lGgKywg588lnxqpYl0iY5Yt8yMN4Pv1:ndw
MD5:	96BDCA2A55A4F831169E00AEFFBDB04F
SHA1:	3223DF10D74B32E1C9E43A808811C4C4DF012D0F
SHA-256:	3C97ABE088732CB796B7B928284DC6C044F06D3CEE922B87A40EE8FFC1DD2AA9
SHA-512:	2132BE4BC1F30A2619170C481B8DC8C1E5F803D0B52967A5F45EEDC30241B4CCA3390AAAD75598978A630D870858F1B8766A23F87954A5AB57E127AF19A325D1
Malicious:	false
Preview:	SessionID=dfa93782-ab96-4e93-9e69-61d28b84bc28.1728051914974 Timestamp=2024-10-04T10:25:14:974-0400 ThreadID=3508 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=dfa93782-ab96-4e93-9e69-61d28b84bc28.1728051914974 Timestamp=2024-10-04T10:25:14:977-0400 ThreadID=3508 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=dfa93782-ab96-4e93-9e69-61d28b84bc28.1728051914974 Timestamp=2024-10-04T10:25:14:977-0400 ThreadID=3508 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=dfa93782-ab96-4e93-9e69-61d28b84bc28.1728051914974 Timestamp=2024-10-04T10:25:14:977-0400 ThreadID=3508 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=dfa93782-ab96-4e93-9e69-61d28b84bc28.1728051914974 Timestamp=2024-10-04T10:25:14:977-0400 ThreadID=3508 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.392500871743267
Encrypted:	false
SSDEEP:	768:FcbRrrHsrKL2e1kRWzkWYFuRC2OSDOXdWaCnpbFXuRs2QdWOSw:Fc3
MD5:	ECBB09CB32B59E21DFCC8F39F0E64FBC
SHA1:	E036525FF8049F1E6748A065DAA86F404B037915
SHA-256:	6A2EEB007480F1F91C01FCBB317615BD564A6D49E0AF41028A3852935DB14219
SHA-512:	B90D6E645319E32BE9ECBDFCF4D5C72A80C9101208D8435756055B5021BA01FEA8F9A2D15F27586742C5A19C44AFC7E4F1EC68FF99FE182530BD642F959C95F9
Malicious:	false
Preview:	05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : *************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***********************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\2a2b1b92-ece2-408f-ad46-7ed0c03822bd.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\643e6473-959d-4220-921a-7baaea6103f9.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xaWL07oywYIGNPUGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JaWLxywZG6GZn3mlind9i4ufFXpAXkru
MD5:	FFA982D6F2F9B46A1DECDD28BF3EF0E1
SHA1:	B1D05ED9BD6A80BD0E3377E9F62B47EF83FCC0C8
SHA-256:	93D954FA4BBEDCDFBC7BF14FA1BB3986056261F4A5035C3CFF229FF16D12B78B
SHA-512:	BF2931508F2039FFF4A74EC9B2FF2706FCF05DC5D56E22CA9C74B7C4AF9E8B4173419791DE648FD77AE7C4B441734E7C70C964A2B91C816FC98C9BA78BEB7879
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\a397b872-204d-493f-ad17-c90279ecb8e5.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\c7f3809b-9fa8-44d1-ade4-fb318c953a1b.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.66829583405449
Encrypted:	false
SSDEEP:	3:So6FwHn:So6FwHn
MD5:	DD4A3BD8B9FF61628346391EA9987E1D
SHA1:	474076C122CACAAF112469FC62976BB69187AA2B
SHA-256:	7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
SHA-512:	FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
Malicious:	false
Preview:	<</Settings [/c <<>>].>>

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	98682
Entropy (8bit):	6.445287254681573
Encrypted:	false
SSDEEP:	1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L
MD5:	7113425405A05E110DC458BBF93F608A
SHA1:	88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF
SHA-256:	7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46
SHA-512:	6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D
Malicious:	false
Preview:	0...u0...\...0....H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240807121815Z..240814121815Z0..~.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!... .}...\|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	737
Entropy (8bit):	7.501268097735403
Encrypted:	false
SSDEEP:	12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa
MD5:	5274D23C3AB7C3D5A4F3F86D4249A545
SHA1:	8A3778F5083169B281B610F2036E79AEA3020192
SHA-256:	8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97
SHA-512:	FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574
Malicious:	false
Preview:	0...0.....0....H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..240806194648Z..240827194648Z.00.0...U.#..0.......q]dL..g?....O0...U........0....H.............vz..@.Nm...6d...t;.Jx?....6...p...#.[.......o.q...;.........?......o...^p0R.......~....)....i.n;A.n.z..O~..%=..s..W.4.+........G...*..=....xen$_i"s..\...L..4../<.4...G.....L...c..k@.J.rC.4h.c.ck./.Q-r53..a#.8#......0.n......a.-'..S. .>..xAKo.k.....;.D>....sb '<..-o.KE...X!i.].c.....o~.q........D...`....N... W:{.3......a@....i....#./..eQ...e.......W.s..V:.38..U.H{.>.....#....?{.....bYAk'b0on..Gb..-..).."q2GO<S.C...FsY!D....x..]4.....X....Y...Rj.....I.96$.4ZQ&..$,hC..H.%..hE....

Static File Info

General

File type:	PDF document, version 1.4, 1 pages
Entropy (8bit):	7.492968735971815
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	IES PAW Montepio.pdf
File size:	88'497 bytes
MD5:	4a551c9d39c68ad88fca7747e8e99934
SHA1:	e6ea992a83809249061e975908fa4ef7873ee930
SHA256:	fa7171135021f816e7259f88a273307da9b3e545f5502bb34025061772ec055f
SHA512:	beb99ed37001dc4b7c57f603068bf8d1ff76d1ae4b4543e8d1f247c92886fca62b14a2ad6e7cb35e21ac60ebe3ce134022a3998832756ffe0e3354bf34c2f517
SSDEEP:	1536:eFNvMFOJmA+t98QTKLTB/6OfFBgXsqFVdcotXii:ezMFHT/OQ5VdcMXB
TLSH:	F8831968F59ACC8CF886B615816934798B9CF0F77ACC64921C2C4BCEB00A955F7532E7
File Content Preview:	%PDF-1.4.%.....1 0 obj.<</Creator (Mozilla/5.0 $Windows NT 10.0; Win64; x64$ AppleWebKit/537.36 $KHTML, like Gecko$ Chrome/115.0.0.0 Safari/537.36)./Producer (Skia/PDF m115)./CreationDate (D:20230728050418+00'00')./ModDate (D:20230728050418+00'00')>>.

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.492969
Total Bytes:	88497
Stream Entropy:	7.992024
Stream Bytes:	58480
Entropy outside Streams:	4.872595
Bytes outside Streams:	30017
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	194
endobj	194
stream	101
endstream	101
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5
6	2419192d2a262600	d681d8219bb38486684b32bda9d0928b
7	2401192c2e262220	c2fa3efbc5a00159ee70fe4b71000076
8	0014409dbc8624cd	a3ddc6f500381663164a69f2f73a843a
9	001d209d1466c54d	8cf2b66df888956608087ab1384032ff

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 4136, Parent PID: 4004

General

Target ID:	0
Start time:	10:25:11
Start date:	04/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\IES PAW Montepio.pdf"
Imagebase:	0x7ff651090000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 5616, Parent PID: 4136

General

Target ID:	2
Start time:	10:25:12
Start date:	04/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff70df30000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7024, Parent PID: 5616

General

Target ID:	4
Start time:	10:25:13
Start date:	04/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1768,i,16637311774661600001,10864908080861009943,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff70df30000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report IES PAW Montepio.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\66ca7422-1064-42d5-a97d-bc9bb408bf00.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241004142518Z-195.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Windows Analysis Report
IES PAW Montepio.pdf