Edit tour

Windows Analysis Report
240224.pdf

Overview

General Information

Sample name:	240224.pdf
Analysis ID:	1528221
MD5:	484710419547229bf9815338935e2b25
SHA1:	193f7a605a13e3b468654e3e1fcec663fd8de4d2
SHA256:	30d515fccee55b568b05514a6ef29fb6e32a75adb938651584a4760eec9a1cc0

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Classification

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 6264 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\240224.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 1388 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 1200 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1628 --field-trial-handle=1608,i,2588310587884783511,50133307269892959,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic

DNS query: name: x1.i.lencr.org

Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443

Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49707
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49707
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49707
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49707
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49707
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49707
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49707
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49707
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49707
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49707
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49707
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49707 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49710
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49710
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.18:49711
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.18:49711
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49710
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49710
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49710
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49710
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49710
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49710
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49710
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49710
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49710
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49710
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49710
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49710
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.18:49710 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.18:49710
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.18:49711
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.18:49711
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.18:49711
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.18:49711
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.18:49711
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.18:49711
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.18:49711
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.18:49711
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.18:49711 -> 23.217.172.185:443

Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707

Source: classification engine

Classification label: clean1.winPDF@17/37@1/11

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 11-03-31-899.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\240224.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1628 --field-trial-handle=1608,i,2588310587884783511,50133307269892959,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1628 --field-trial-handle=1608,i,2588310587884783511,50133307269892959,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown

Source: 240224.pdf	Initial sample: PDF keyword /JS count = 0
Source: 240224.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: 240224.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	3 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
x1.i.lencr.org	unknown	unknown	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.22.254.206	unknown	United States	14618	AMAZON-AESUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
2.23.197.184	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
93.184.221.240	unknown	European Union	15133	EDGECASTUS	false
23.217.172.185	unknown	United States	16625	AKAMAI-ASUS	false
184.28.88.176	unknown	United States	16625	AKAMAI-ASUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1528221
Start date and time:	2024-10-07 17:02:47 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	240224.pdf
Detection:	CLEAN
Classification:	clean1.winPDF@17/37@1/11
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 184.28.90.27
Excluded domains from analysis (whitelisted): fs.microsoft.com, e16604.g.akamaiedge.net, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net
VT rate limit hit for: 240224.pdf

LLM Input / Output

Input	Output
URL: PDF document Model: jbxai	{ "brand":["CNESST"], "contains_trigger_text":true, "trigger_text":"INFORMATIONS BANCAIRES", "prominent_button_name":"TOTAL DU DPT", "text_input_field_labels":["Numro facture", "Description", "Escompte", "Montant"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"Rf. 1208181 - 6388350 Cantin, Isabelle 1600 av D'Estimauville, 6e QUBEC QC G1J 0H7 TAT DE DPT Page 1 de 1 Date du dpt: 2024-10-15 Numro du virement 240224 INFORMATIONS BANCAIRES Nom de l'institution financire: FEDERATION DES CAISSES DESJARDINS DU QUEBEC Numro de l'institution Financire/succursale : 815 / 20116 Adresse de la succursale : 225 AVENUE ST-MAXIME ST-RAYMOND QC G3L 3W2 Date facture 2024-10-03 Numro facture 8330252 Description Remb. Stationnement Escompte Montant 112, 03 TOTAL DU DPT CAD 112, 03 ** Fin du rapport ***", "has_visible_qrcode":false}

Input

Output

URL: PDF document Model: jbxai

{
"brand":["CNESST"],
"contains_trigger_text":true,
"trigger_text":"INFORMATIONS BANCAIRES",
"prominent_button_name":"TOTAL DU DPT",
"text_input_field_labels":["Numro facture",
"Description",
"Escompte",
"Montant"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"text":"Rf. 1208181 - 6388350 Cantin,
 Isabelle 1600 av D'Estimauville,
 6e QUBEC QC G1J 0H7 TAT DE DPT Page 1 de 1 Date du dpt*: 2024-10-15 Numro du virement 240224 INFORMATIONS BANCAIRES Nom de l'institution financire: FEDERATION DES CAISSES DESJARDINS DU QUEBEC Numro de l'institution Financire/succursale : 815 / 20116 Adresse de la succursale : 225 AVENUE ST-MAXIME ST-RAYMOND QC G3L 3W2 Date facture 2024-10-03 Numro facture 8330252 Description Remb. Stationnement Escompte Montant 112,
03 TOTAL DU DPT CAD 112,
03 ***** Fin du rapport *****",
"has_visible_qrcode":false}

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.168307294435256
Encrypted:	false
SSDEEP:
MD5:	860872E9229604DA43C80EB6A9DC86CC
SHA1:	C6273E7562EFA34D330529BAACFC788A756C2972
SHA-256:	03733E1B088F2BF7C65E0A9E134DD3AC054ABCBAEF296B99A35597A061879F55
SHA-512:	03744D9A69D0B7B71ACAEA471725EDD4726E13A742FF217C6EF6A5DB234AD81259B77820B92958D6C6728F7D0E5D8DB5CB57D595C36269E7140D77663853B72F
Malicious:	false
Reputation:	unknown
Preview:	2024/10/07-11:03:29.799 440 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/07-11:03:29.801 440 Recovering log #3.2024/10/07-11:03:29.801 440 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.17128165182883
Encrypted:	false
SSDEEP:
MD5:	C679A8280F4C5CDC1A6309CBB3455FDF
SHA1:	A81830232E36B2147B80F10C2E4B1470A0AAC276
SHA-256:	4BA17A405E35812488ABDCC56C550167FCE08160641ACD3F4858CE4EA44CA678
SHA-512:	635FA4576F03EADD8BA178E7F3F92EA35D44719146476C48F4C1FEC616624ECFE3812FB699FCA1D2646433F3801E24BC33AC9E08E0BD35719BCFCD157A578562
Malicious:	false
Reputation:	unknown
Preview:	2024/10/07-11:03:29.691 ed4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/07-11:03:29.694 ed4 Recovering log #3.2024/10/07-11:03:29.694 ed4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\77b53fc5-8344-459e-bb5a-7b1e196d1f67.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	476
Entropy (8bit):	4.958059973342442
Encrypted:	false
SSDEEP:
MD5:	E420B86DBB4E7CDF7171DD9D37B106BA
SHA1:	E5014576B393B71EE5E1178DBCF7F9F7C6E3426B
SHA-256:	FABFB64B18FAB4C0CE01876CAEB2DF8635574F745547457C15074DC2C89B83A3
SHA-512:	B4F6D7DE32EEC331FEEE84ADB528ED344C1C86ECC561FD156AD24BD894BF01D71CDA2410CFA574D20A99EC3BE30DEF302E12403C6BD83BC6EAD8777F93117A1D
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341148831376991","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":148280},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.18","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	E420B86DBB4E7CDF7171DD9D37B106BA
SHA1:	E5014576B393B71EE5E1178DBCF7F9F7C6E3426B
SHA-256:	FABFB64B18FAB4C0CE01876CAEB2DF8635574F745547457C15074DC2C89B83A3
SHA-512:	B4F6D7DE32EEC331FEEE84ADB528ED344C1C86ECC561FD156AD24BD894BF01D71CDA2410CFA574D20A99EC3BE30DEF302E12403C6BD83BC6EAD8777F93117A1D
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341148831376991","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":148280},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.18","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	7400
Entropy (8bit):	5.243227961227268
Encrypted:	false
SSDEEP:
MD5:	ECB3CA353AD687D9722E678DAAB196A3
SHA1:	6E0F2CDB7281EB29DC2275F756F844C13902C138
SHA-256:	59A1530F1C37629D84D10F49FA35196E2E3FF54C9B54BDB4C6F2318371D2CDC4
SHA-512:	92CC5F317E82BEF1E120FBC14BD2D0BEC7D362888C2FAD37FE500527BB515CCB0CE289887580E89531B30A1B6A91A4AAB52A6A9794D587298902DFBD8123B8AE
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-...o................next-map-id.1.Pnamespace-5767294d_7b9a_47c6_b1e0_955ef27d1acf-https://rna-resource.acrobat.com/.0=..Nr................next-map-id.2.Snamespace-0be79751_1d4a_40c3_9b57_40751dcd8802-https://rna-v2-resource.acrobat.com/.1....r................next-map-id.3.Snamespace-90f7539d_81d9_41c2_b2e3_1ee7ed96c7c7-https://rna-v2-resource.acrobat.com/.2S.<.o................next-map-id.4.Pnamespace-1700ec5e_d769_43b7_97b8_3e6ca674d396-https://rna-resource.acrobat.com/.3...^...............Pnamespace-5767294d_7b9a_47c6_b1e0_955ef27d1acf-https://rna-resource.acrobat.com/D..#^...............Pnamespace-1700ec5e_d769_43b7_97b8_3e6ca674d396-https://rna-resource.acrobat.com/....a...............Snamespace-0be79751_1d4a_40c3_9b57_40751dcd8802-https://rna-v2-resource.acrobat.com/B[_.a...............Snamespace-90f7539d_81d9_41c2_b2e3_1ee7ed96c7c7-https://rna-v2-resource.acrobat.com/.^..r................next-map-id.5.Snamespace-cc1e5959_9927_4cd0_b606_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.207561790029181
Encrypted:	false
SSDEEP:
MD5:	53EA0DB61666231257854BAD74D3CD98
SHA1:	8B0A27C9BB7354FBA7FAB7A0873BF55B03255A63
SHA-256:	E34896F9A30214D6C4A7B783F1A37775B1655A537CED860276C4FED7B056646B
SHA-512:	1ECA94DFE6E82F7AAA3183DAD3E1349B273A3F8761C88A14B1D7042012CB12E450380820192D75353BA046FCC539FE1FC4EDD5791614A0F2CC82EFD8AC867131
Malicious:	false
Reputation:	unknown
Preview:	2024/10/07-11:03:29.853 ed4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/07-11:03:29.855 ed4 Recovering log #3.2024/10/07-11:03:29.857 ed4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Reputation:	unknown
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.1291579496462614
Encrypted:	false
SSDEEP:
MD5:	88B5289FAF20F8E6798A4E6A3A575E8B
SHA1:	C2B0D1B6736381DB777DF54F40DBFE4C48D2C343
SHA-256:	767B232347E37781702E972093892774CBD60C5F9660773F2EA4B1C7817B6BFA
SHA-512:	1CD932406CF24EB53F9EB7DEEF45BC292B601A43C9023F22DC48142DF7253DB33DB619280FF1377BD9729513B2867340F257694A206D442028495B8CEEB25D66
Malicious:	false
Reputation:	unknown
Preview:	p...... ........o.h+....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.359960782975109
Encrypted:	false
SSDEEP:
MD5:	EFE421768AA94F081F12FE9BDF75A118
SHA1:	DB8EC776426864D4DC0EBDC769E79EBDAC564FB2
SHA-256:	57A9A99E840AEB33B470202A0E471ED800B7BB93F237C6354DADFB505CFD52D1
SHA-512:	E06493552300B9EFFD8718427B3671A7D94840128E6F7EAFB743546D659D9243DC80208B6D9E48125DE64BA958C5D65030DFC4D388A6278458CA71C7BC206888
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"fdc0b6fb-ae46-4106-bb14-0642be32b88f","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1728489268634,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.307441075487917
Encrypted:	false
SSDEEP:
MD5:	6771C8D67757AC1B3362024FADF5D12F
SHA1:	45FDF98B4906822369D6F0B059564DEF48BF0565
SHA-256:	6435E5CE43780915F72FB7D86FB3BEB1EC195BB315E98B9805B9A9AD91C4122F
SHA-512:	90DA843E972D95B787CBCB85D0F40465D1C0C17FC719446A3CCB59F2DB4C243E54124563E50AC1ACAB958D9AB5965D74D7A0302F928A05CE0494CE9A4F75B6AE
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"fdc0b6fb-ae46-4106-bb14-0642be32b88f","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1728489268634,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.286436110882994
Encrypted:	false
SSDEEP:
MD5:	C664FC47943544058E882D6FF80E057A
SHA1:	3E9DB3404B53FEEE6A043F1485446961A446F4CF
SHA-256:	7275F50370A58711CEF63585074148BE18E6B01F475BF4EE5767D7ECB9CD8B12
SHA-512:	319B6CB112B02106E7199B2A8D9192158CECBC27DD2953B8FE9BED60EA53BDB83D117B8F8C0450BABD1DA15E2BB095E248721B02D5D148D28B67934F299D254F
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"fdc0b6fb-ae46-4106-bb14-0642be32b88f","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1728489268634,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.350231051302072
Encrypted:	false
SSDEEP:
MD5:	02E5D75FCA6CF6A49310BA5B372D8708
SHA1:	831A80A79E064D9BCC5C494A2C499D0EF504D199
SHA-256:	7B3F5BF76019844ABAECCF6A3617C50781C3C6278F421D7D9AA7C184623307D7
SHA-512:	269FFBAD0238FD6D4297CF605DFF1DB70CAE56137784CDE33CC778FF4741923C28D6929EA5BD0DD618CD3FC0DF495E0461A724A177F4628847EBE02D3B170D0D
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"fdc0b6fb-ae46-4106-bb14-0642be32b88f","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1728489268634,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1083
Entropy (8bit):	5.686947128089326
Encrypted:	false
SSDEEP:
MD5:	AD64822D931ACCEC423665181CFC87B3
SHA1:	F107654FAAC03651E6974B28C476553A6BEB7143
SHA-256:	7DB93CE2126B49DAB5451776D86434FF3A17295433B07A16219A9F508B9C57CB
SHA-512:	C46E8B75D695EC9AA98484453BF4E9E5B86823EAEF572CED760B927983028880F823A96CD49E57357D008C32A097CAAA2D8DB1BD3B00D1C454AB838C1298567D
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"fdc0b6fb-ae46-4106-bb14-0642be32b88f","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1728489268634,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_2","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"22b145c0-22bc-4bba-811f-7234f288595b","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjoiUkdTMDM1MS1FTlUtQ29udHJvbCJ9","dataType":"applicatio

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.666083354101548
Encrypted:	false
SSDEEP:
MD5:	3F317811A3CB3CFDDBBC83BA78D51F7C
SHA1:	5E1E3E9E1260B7102EA277FE61B3339C178564E7
SHA-256:	D803D00235F285806535BAF293D47193E61803E7FFA7DC9B683B8294192C0FF3
SHA-512:	253F7B6C61A655A877CDA1CF5A6BBA57C03BEF128DE4E8E699FA96548E0494AE4B8BEF4D2D9C566C6D7DB4C392176AF90E4623B7997C5EA6150ECFC46080EC0F
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"fdc0b6fb-ae46-4106-bb14-0642be32b88f","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1728489268634,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.300598322303774
Encrypted:	false
SSDEEP:
MD5:	A17B1E39B9C9C205E846238424E2FA76
SHA1:	0764AAD8A31DE964BA201656782AE0C1C460B328
SHA-256:	494FBE0388EBACDD6EC8D8D3172BA0C70FC93981B14E851A73F8C7B519644A08
SHA-512:	808242CF5850CF8D21905B219ECBE796AB3E0306FA0679DF7DB0F60439116184E3DBE37DA7A9D342964A361DEC21744D96CBFE55CC6ADC5910C757F1F8B3D1C3
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"fdc0b6fb-ae46-4106-bb14-0642be32b88f","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1728489268634,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1062
Entropy (8bit):	5.692403322611072
Encrypted:	false
SSDEEP:
MD5:	A048C160BAF41120AA5764E8095C549D
SHA1:	145010A98BD1E7B38ABCA72951B0B263BA8B876B
SHA-256:	C086A5A2CD79975A3DB1494AB8E37E7D3CFBD07F8F4DBC0C769ACBFFCBAFBAA5
SHA-512:	BFFC2599B3D481460CB49A84B1565CD925AA6256D7D8AC4CA775AAB18B0116EBABBAE9B28E1DF3AD4B60378848A9915B40DF1F5E60AFC80E54463A1122355B10
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"fdc0b6fb-ae46-4106-bb14-0642be32b88f","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1728489268634,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_0","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"58886bd3-acd7-4f84-ae2e-6684bc127c41","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNvbnRyb2wifQ==","dataType":"application\/json","encodingSch

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.704712427642561
Encrypted:	false
SSDEEP:
MD5:	748F44A89E6F3F1DEE4D1F35C6646CF3
SHA1:	5886D40250F2264AB0BC04F08D5D78CC8C8706FC
SHA-256:	30A3CED1B662C5746FFA7F6949395A0260DF67E0C35AA0CEDBAF0ECFC2D0CF6A
SHA-512:	4515FEEC38C8FE2CC677D56458616517ADD76836D419645B8154AFF884148556A9153E48024C7C11712CB16C80CAD2829E9E3E7953AA7360E64CF1BC846EB607
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"fdc0b6fb-ae46-4106-bb14-0642be32b88f","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1728489268634,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.305209051781938
Encrypted:	false
SSDEEP:
MD5:	159AB5268420279F21B73898568E6696
SHA1:	0F3C5019A8836A0201C53F749ABC4F865D74AD7C
SHA-256:	D93D14C585DF4F8CE6F1ED18109FE22FC56000AE729C2BE94E8E8687BF55DADF
SHA-512:	F424310A4FDDD7172E23D4AE738051E3BFADA10AF9E31E29C6FF1979D8A67577E15DB02ADDB3DB3518925B13FD2C80108065D7F1B77C6590A42FBDEC3A52A351
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"fdc0b6fb-ae46-4106-bb14-0642be32b88f","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1728489268634,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.785558153149982
Encrypted:	false
SSDEEP:
MD5:	159FEBB5A91BE1620195AB57F9C365A2
SHA1:	B957AF7BEC6F4D5434878A0FF6AF1BEAFC60DA31
SHA-256:	BD42A59E9188929DBBA0A23C7B7B51E2ABDC84B186F39266911CE461DA97E174
SHA-512:	F86B76A0B0EB5AC87FC67A3BB0D6F395A968529966AD80F5B45F339DA9742A7C77EF9926C76E27BCCC55FF07F56C006993EF6783D5FA35D09F18E51AAFEF105C
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"fdc0b6fb-ae46-4106-bb14-0642be32b88f","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1728489268634,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.288720348412627
Encrypted:	false
SSDEEP:
MD5:	EECDC9EBA06F986BF58546051880D272
SHA1:	6A51ED0AE615F12EA4DEE39D941FBB920CD4FBB7
SHA-256:	A4C3DB15D6C8EF9FB7996A56483FFFB5A333D385191321B91CA6BAE5F9B716B3
SHA-512:	8DE45B002ED9FBA82493047F4E2750FBEF2ECE19054F70917E6A0C0FC9DBF767194A0BAB36F9512979C888FE67E60BEE07ACE6839A5134766D6705DACFAA5BDA
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"fdc0b6fb-ae46-4106-bb14-0642be32b88f","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1728489268634,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.291859389170702
Encrypted:	false
SSDEEP:
MD5:	A29BAE36D4041D7E13F27D254D30CCCE
SHA1:	09E0487B3589A950A30E39EB7385F3690BC8C11A
SHA-256:	9140E74FF50C1A9A92117AA4B8BEAF5810680A7B7AD3BCECBD82EF6109F49002
SHA-512:	26736BF16380C319746416DE03F53CCC3926C1237A4D344A7FA7639848CB05ED1CB91A9053BD45EE1496869FF6C62892D028EE6F43A3B2D60A89A8DE7D579A03
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"fdc0b6fb-ae46-4106-bb14-0642be32b88f","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1728489268634,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1082
Entropy (8bit):	5.691266817681828
Encrypted:	false
SSDEEP:
MD5:	8111D4DE31E9473666040B9A09F593A8
SHA1:	BD755764D8C06700E0BD193E1225CE42E6866693
SHA-256:	F76E3ED89B9E3202CB265895BFE0EB7A83AD99BF9CD7DC9666B99FE4F21623C8
SHA-512:	249956FC5C173960EB999858B9E2C423EACF3BAB4322E51696462F111AC4A400EE9C172CC8C1172B034974F451CC1D1ADA3AA9CC1712120275510E7973779C23
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"fdc0b6fb-ae46-4106-bb14-0642be32b88f","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1728489268634,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_1","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"a8b11c37-7d39-4b12-9d33-a040ee4d296b","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNvbnRyb2wifQ==","dataType":"application

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.26884472861171
Encrypted:	false
SSDEEP:
MD5:	338D76AA634C67C0E2B0F43B3B99573E
SHA1:	891161F1D7ABB1648356ECE4322F94A833154522
SHA-256:	38C45D96E2AB16B56B01D1772AF5834FB72B6D5C3AC1F2D6A985652C801CDDD0
SHA-512:	EBCC0D70687B4EC33AEFF0F75E038A725E47FAFD97B34C44D28FF2FB5042CAB2A50F3647C196ED1DB7A2EC4ACF149B2D3CDA65FDFC3D39C8CC3FAA821AA242BE
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"fdc0b6fb-ae46-4106-bb14-0642be32b88f","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1728489268634,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.390827834813532
Encrypted:	false
SSDEEP:
MD5:	344D45D930F29C73403D2C96FF5B11BF
SHA1:	DA979C8C0C01456F572C1580C469BDDC0160DA12
SHA-256:	B8C1C2C8C311BE9360022001FF73349F58B18D732288FA54BCC71E1B4BD25B10
SHA-512:	4CA08056CF3FB85C7941B3C18DA08571FAA78873D6DED638124B1DCE62ADFF138835D347C9AC726A543DA062944A4CBD14C6B4BD98CFAE084727EB34B0249A93
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"fdc0b6fb-ae46-4106-bb14-0642be32b88f","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1728489268634,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1728313423673}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.124755742543902
Encrypted:	false
SSDEEP:
MD5:	7345233DAAB05D60A5863397E9117A4F
SHA1:	BC692D6EB2D6A9D9714334E69CB0D1E74EDA6BDD
SHA-256:	0223F443512B68D866B3E59F0A43BBBD4BF44E37652626DED1F2AACD09E21B12
SHA-512:	2B8B6DACBBB8586B52815F773ADC0A18848A271CF9E058DB68E5D6CB62512DEAAF1E70EC7665B76B8D71EDCF30387FB3CE223066BBDA79F352368DCF75A6150A
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"2352b33aaebc5fc94dc6497c41d7f712","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1728313423000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"e96ffa1f6a76c8001d44b24643e30f84","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1062,"ts":1728313423000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"4e82bf7078b160877ad07434076cdab2","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1082,"ts":1728313423000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"1f193c39e4c5e4222572910134d35441","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1728313423000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"af21c0fc7643742c3bbe5a2cc17ac59b","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1083,"ts":1728313423000},{"id":"Edit_InApp_Aug2020","info":{"dg":"3d81324f1d4d8d412ade1eb4eed177f3","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 28, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 28
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.4568804301794707
Encrypted:	false
SSDEEP:
MD5:	DDD83E97765A03EE7F8242FD7AF777F3
SHA1:	DA0B2E764D3A815BA098706F5242694CD5553E94
SHA-256:	42410C09513A52ECEE6F86BCA62901F324227A1E9E54DDB63AF3DFB6909C6550
SHA-512:	0A95BD7137FABE373BDC018FA2957DEFCC02EEB35DD81C9E5E566D7777C4C65C62F24FFA202AC2BCE8BE4A72A213391BE599D3C1585D523415D05BD6C15A3D39
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.9611624320459098
Encrypted:	false
SSDEEP:
MD5:	04B83DAC48809E94824E21809D4E7F39
SHA1:	9EFCD9DBA64D2379675EAA42D1D5248C045F4C54
SHA-256:	57CCA710EB3037AE06FE4397B81E78D61A07928B753E11DF3DB493FCE9F7766D
SHA-512:	4026BA8E15A64C881F88802659B35521A360E07F566A4E39D2551C92B315510C7E3B2022E1A2E470E78C77752E1987BC1FC2496049384DAB7CE8FCECA63DA240
Malicious:	false
Reputation:	unknown
Preview:	.... .c.....,.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^..^.^.^.^.^.^.^..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIc7745.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5030768995714583
Encrypted:	false
SSDEEP:
MD5:	366B28432DB1AF9AC6022FEDF54567CD
SHA1:	85DAC543953066A0F2C4CC739A28081339062E15
SHA-256:	D9A9C862B380709F0EFEDFA461264B154C1E8A5E54D054AA724D83DCC07D46E1
SHA-512:	3035DA9FAAFA194FFF9B9396FB9D7327FB1434D7564E8DF3264F2745BCE8588C570DDB17C69050B1F77E7B69A67B27122B1515644019DC4DA4C12E6B227CC8C5
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.7./.1.0./.2.0.2.4. . .1.1.:.0.3.:.4.2. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 11-03-31-899.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.352085917943317
Encrypted:	false
SSDEEP:
MD5:	E89CDF7025B70E5A72FFC801BADFB345
SHA1:	2C55C26FD5231BEBD6531BDB7962D12BE288A1BB
SHA-256:	2A90DFB97133E5C0219784D1C4A94C0DC45AE4787C40CFE6894A59D94C4FB88C
SHA-512:	22621DFF9C688C4B0BB3237350959B4357C65D1796834FC23E6636B4975BE942A969F7DB05E8FC10102DEBF93ED662BE28FC649B2456EB4B659EC84BF8E93621
Malicious:	false
Reputation:	unknown
Preview:	SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.325955435801523
Encrypted:	false
SSDEEP:
MD5:	99DBB7D3D0AA3ECDD9F8607926811E45
SHA1:	75C7A647DF9242C33B94970C82C07CA629B11122
SHA-256:	AEE3616EB06F73A6D1A8DAEDE8B9B41AC1EC2A229DFA93BE6CAAF7C0AFC6DBE4
SHA-512:	EC9450725298477FB9E34E1B90DF0A4E7C1018B70DF1CB229C89BE183D62B040E8E855B73A0A67AF082ACBB0FE6F51BC33BF3AD32AD35CD68BDB7C8D68374118
Malicious:	false
Reputation:	unknown
Preview:	SessionID=53aa10e4-4cdf-4f4a-be49-91f804f4f5e7.1728313411934 Timestamp=2024-10-07T11:03:31:934-0400 ThreadID=3568 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=53aa10e4-4cdf-4f4a-be49-91f804f4f5e7.1728313411934 Timestamp=2024-10-07T11:03:31:949-0400 ThreadID=3568 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=53aa10e4-4cdf-4f4a-be49-91f804f4f5e7.1728313411934 Timestamp=2024-10-07T11:03:31:949-0400 ThreadID=3568 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=53aa10e4-4cdf-4f4a-be49-91f804f4f5e7.1728313411934 Timestamp=2024-10-07T11:03:31:949-0400 ThreadID=3568 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=53aa10e4-4cdf-4f4a-be49-91f804f4f5e7.1728313411934 Timestamp=2024-10-07T11:03:31:951-0400 ThreadID=3568 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	35721
Entropy (8bit):	5.406277120093706
Encrypted:	false
SSDEEP:
MD5:	C42F505C2BE6BA8E6E19443A7EB73D79
SHA1:	11E71F6DA1F53A8E4D4F80001BC53A8C6674A3AA
SHA-256:	53087858FED820124CB2FBE1A75C799FFA7613A35D42B3A12050AFE1D46C8133
SHA-512:	4B1A45CD7912661EC6268E33F5EB10B10252DC04EB00D229D1DAD8C6F098B916F570E2E94985DB8705872272513CF21B21F266964510FEFC4E518C573E0023F4
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 12:14:34:.---2---..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 12:14:34:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\109fc839-bd29-4a01-b77b-8e8723ef3593.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Reputation:	unknown
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\37c0c9ce-ec72-43ce-a3ad-de7f6cf27811.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:
MD5:	8B9FA2EC5118087D19CFDB20DA7C4C26
SHA1:	E32D6A1829B18717EF1455B73E88D36E0410EF93
SHA-256:	4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
SHA-512:	662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\8f191d7c-d0da-4755-a2ea-0130c183f737.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\b2330402-f73c-4644-a90f-23e365e548d8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:
MD5:	68F28776A696E8BD26CBC2ABDF08259E
SHA1:	DBFDB2CB458022E0F6823E13A063B3575BF9071F
SHA-256:	5CE2D3653E8B1559CC45AC696EF2225A0B47F80B707970028C6180C721CAA70F
SHA-512:	10B2C13E52FBCDA9501CD4DCF33B34454E3CE523B9622C43194D2B856BB67F2DD53CC3722E14A5ECAE50AAE34C29B137E65895AA9362105AF60AA58118229BB6
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\d655ad5a-9cc2-4a68-924d-f929a7b6ae7c.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	543911
Entropy (8bit):	7.977303608379539
Encrypted:	false
SSDEEP:
MD5:	956BEC2EB32005025184F904D9622D32
SHA1:	C6A9A8B3F7A7AB8122FB00457C0F83D4A77F21AF
SHA-256:	DEFD4ADB96BA87467278B6B06980FDAB1EE460D971B62ED05A89FF32983784EF
SHA-512:	3A32B169312E5886D8C3029BF15AD291C41AF9FB03AE7D9B1A3CAB74E95C7AAAF3E384F2432BDB8F815075B11F30D4FF083271802B41616C9060E268EB3B5D3D
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

Static File Info

General

File type:	PDF document, version 1.4, 1 pages
Entropy (8bit):	7.948767677633712
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	240224.pdf
File size:	29'838 bytes
MD5:	484710419547229bf9815338935e2b25
SHA1:	193f7a605a13e3b468654e3e1fcec663fd8de4d2
SHA256:	30d515fccee55b568b05514a6ef29fb6e32a75adb938651584a4760eec9a1cc0
SHA512:	b6671cd0cafd510e79cc54a30a0b6e539fa08158ce9db532ff4d14106ba5131edd8692cc1a68d2488741653b5dae98dc7dc3f87104bc69b929358168719cd84f
SSDEEP:	384:SITbCXas+2t61ExMmoeZxJB3ZmLIGB2SOe1JNank0/mqCPmYC8BkRQ7Z1DD2uNqP:SMbC3MgZF3ZmLIGMq3aeBF1PqkldGf71
TLSH:	99D2E108B94A8ACDD9D49383FB064133A52FBD8325C8E2C564B1D2C3758CE676F63E52
File Content Preview:	%PDF-1.4..5 0 obj..<<../Type /XObject../Subtype /Image../Filter /FlateDecode../Length 11205../Width 369../Height 166../BitsPerComponent 8../ColorSpace /DeviceRGB..>>..stream..x...y\U...i...e.Cj!.B.2i..........Y...S.h.sN...3......"....2.)V^.3.V.....{..9{

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.948768
Total Bytes:	29838
Stream Entropy:	7.987333
Stream Bytes:	27303
Entropy outside Streams:	5.164724
Bytes outside Streams:	2535
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	17
endobj	17
stream	5
endstream	5
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 240224.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\77b53fc5-8344-459e-bb5a-7b1e196d1f67.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSIc7745.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 11-03-31-899.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

C:\Users\user\AppData\Local\Temp\acrocef_low\109fc839-bd29-4a01-b77b-8e8723ef3593.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\37c0c9ce-ec72-43ce-a3ad-de7f6cf27811.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\8f191d7c-d0da-4755-a2ea-0130c183f737.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\b2330402-f73c-4644-a90f-23e365e548d8.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\d655ad5a-9cc2-4a68-924d-f929a7b6ae7c.tmp

Static File Info

General

File Icon

Static PDF Info

Windows Analysis Report
240224.pdf