Edit tour

Windows Analysis Report
AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf

Overview

General Information

Sample name:	AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf
Analysis ID:	1528323
MD5:	753cf6d7cfd7752e032aadc9d90ab1f1
SHA1:	c64edc3c1f71a5b577b8d911ba4857b6327a65d4
SHA256:	f71e519d33533311e32a03dcef0fc597164e69400b5c18aafbbe7c89f4ba4dd8

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Potential document exploit detected (performs DNS queries)

Classification

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 6700 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6168 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6360 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2128 --field-trial-handle=1564,i,2100869641541677731,2839004751507369714,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic

DNS query: name: x1.i.lencr.org

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: classification engine

Classification label: clean0.winPDF@17/42@1/53

Source: AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf	Initial sample: https://www.twilio.com/console/billing/preferences
Source: AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf	Initial sample: https://support.twilio.com/hc/en-us/articles/360025603913-invoicefrontpage-reading-your-twilio-invoice
Source: AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf	Initial sample: https://support.twilio.com/hc/en-us/categories/203267647-Billing-Pricing
Source: AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf	Initial sample: https://support.twilio.com/hc/en-us/articles/360022524974-InvoiceFrontPage-How-do-I-Update-my-Billing-Settings-
Source: AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf	Initial sample: https://www.twilio.com/console/billing/
Source: AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf	Initial sample: https://support.twilio.com/hc/en-us/articles/360022561474-UsageDetails-How-to-Read-the-Twilio-Invoice-CSV-Supplement
Source: AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf	Initial sample: https://support.twilio.com/hc/en-us/articles/360025603913-InvoiceFrontPage-Reading-your-Twilio-Invoice
Source: AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf	Initial sample: https://support.twilio.com/hc/en-us/articles/360022524974-invoicefrontpage-how-do-i-update-my-billing-settings-
Source: AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf	Initial sample: https://support.twilio.com/hc/en-us/articles/360042138913-invoiceinstructions-payment-options-for-twilio-invoices
Source: AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf	Initial sample: https://support.twilio.com/hc/en-us/categories/203267647-billing-pricing
Source: AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf	Initial sample: remittance@twilio.com
Source: AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf	Initial sample: https://support.twilio.com/hc/en-us/articles/360042138913-InvoiceInstructions-Payment-Options-for-Twilio-Invoices
Source: AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf	Initial sample: https://support.twilio.com/hc/en-us/articles/360022561474-usagedetails-how-to-read-the-twilio-invoice-csv-supplement

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 13-20-58-721.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2128 --field-trial-handle=1564,i,2100869641541677731,2839004751507369714,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding A321031F7DB06867927B45B267C21287
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2128 --field-trial-handle=1564,i,2100869641541677731,2839004751507369714,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf	Initial sample: PDF keyword /JS count = 0
Source: AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	1 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
windowsupdatebg.s.llnwi.net	87.248.204.0	true	false	unknown
x1.i.lencr.org	unknown	unknown	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
2.23.197.184	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
184.28.88.176	unknown	United States	16625	AKAMAI-ASUS	false
2.16.100.168	unknown	European Union	20940	AKAMAI-ASN1EU	false
107.22.247.231	unknown	United States	14618	AMAZON-AESUS	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1528323
Start date and time:	2024-10-07 19:20:15 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@17/42@1/53
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SgrmBroker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 107.22.247.231, 54.144.73.197, 18.207.85.246, 34.193.227.236, 172.64.41.3, 162.159.61.3
Excluded domains from analysis (whitelisted): fs.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf

LLM Input / Output

Input	Output
URL: PDF document Model: jbxai	{ "brand":["Twilio"], "contains_trigger_text":true, "trigger_text":"My first Twilio account", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"Invoice for GOAA Sep 1 2024 - Sep 30 2024 Greater Orlando Aviation Authority 1 Jeff Fuqua Blvd Orlando FL 32827-4392 US Invoice Amount in USD $3.30 Due Date Oct 30 2024 Invoice Number GXMDFF-2024-09 Account SID AC0fd2c0cf3abf2f5620667e2e79b270cf Project Name My first Twilio account Issue Date Sep 30 2024 Payment Terms NET30 Usage Summary per Product Phone Numbers $3.30 Invoice Amount $3.30", "has_visible_qrcode":false}

Input

Output

URL: PDF document Model: jbxai

{
"brand":["Twilio"],
"contains_trigger_text":true,
"trigger_text":"My first Twilio account",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"text":"Invoice for GOAA Sep 1 2024 - Sep 30 2024 Greater Orlando Aviation Authority 1 Jeff Fuqua Blvd Orlando FL 32827-4392 US Invoice Amount in USD $3.30 Due Date Oct 30 2024 Invoice Number GXMDFF-2024-09 Account SID AC0fd2c0cf3abf2f5620667e2e79b270cf Project Name My first Twilio account Issue Date Sep 30 2024 Payment Terms NET30 Usage Summary per Product Phone Numbers $3.30 Invoice Amount $3.30",
"has_visible_qrcode":false}

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.19689118866955
Encrypted:	false
SSDEEP:
MD5:	F0261DE29C2B640ADDD5384166129E3A
SHA1:	2BFA3D5C2A1B3EF34B097A640C1C94CA1D3295B2
SHA-256:	131F1FFC30C6819352B262AD927199EC7C9904ADA3D49D53D9DBCC91CF0A7DD0
SHA-512:	19110FC880B57FD7AC40434D7D54F8F522F1F5DA267422B0A0A84A0CC9B733B7608556E5F9BDCD0E8E5821DE850BAE9F23ECE3CA60A27C20BECCA7A5FCA82788
Malicious:	false
Reputation:	unknown
Preview:	2024/10/07-13:20:57.065 17c4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/07-13:20:57.069 17c4 Recovering log #3.2024/10/07-13:20:57.069 17c4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.241169400131649
Encrypted:	false
SSDEEP:
MD5:	6E5D40AA035B9D3B8C2E3EF86D9E7E1A
SHA1:	3367612C3A63270A14B691D41D389AEB7A9B313B
SHA-256:	A6810C64690F7D953FF13B756A04DB841509AEC4752392AFCDC56BC70E9ED00E
SHA-512:	8B6B4038A1CEDC62EEA12D6A10A9E1A31C834F1E30BD7C9A4662965FD3562C01EBC31D650139DA312AD426B73DCDC2EF26EF6001400BC2307FE7823BD1918C5C
Malicious:	false
Reputation:	unknown
Preview:	2024/10/07-13:20:56.969 18f8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/07-13:20:56.972 18f8 Recovering log #3.2024/10/07-13:20:56.973 18f8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF487178.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\aa7858b8-41d4-4971-b311-d90fd8f58ad9.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	403
Entropy (8bit):	4.980810765667924
Encrypted:	false
SSDEEP:
MD5:	173DC84B0E0BB3D8D46C97CC8D6CFED2
SHA1:	F6FE3F64C3CD0E1928961633550573660B1DCDDA
SHA-256:	414C8C77FC1AD8805E73788A83C799CB3E405BA2DE467E24B48C6A1545BC9FC1
SHA-512:	E9518EDA2003AA2EE338064BDD45CD62373BA1A3EB126C8DBCCEF870F007AE33E4761CEAA0371BFE48E3AA9D2C9C528DB92AC7D9D5872DD6359FBC8961E44933
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372881662536607","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":113265},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c1fd999d-8c58-4e71-9645-7a12333e0d72.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	403
Entropy (8bit):	4.953858338552356
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4099
Entropy (8bit):	5.229793392159661
Encrypted:	false
SSDEEP:
MD5:	ED51985659D2E18814A14D4357F345FD
SHA1:	46B75EAA6A43D3D88461E19EBFF54135E87BF8B8
SHA-256:	41F6078EAA110B8AE1CBC947B346D0752F1034B6739B20381808836890377BC2
SHA-512:	6E538596DE9C246A72C6C2F733C93D93A63DDC358090092F82C017935E95CFA98CF412EE5CB1BB62C66216385136A21C671C8FC750C188172ADC3CA5445567B3
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.195375186175271
Encrypted:	false
SSDEEP:
MD5:	B98DD647BCE3898071170A5116C52AB6
SHA1:	64D5CF8245031CDA9DA1534F2286533BF1AC344D
SHA-256:	E95A81D23EAFF262F2867EA44F6554D759EA39FEC23ADC08BDA696DE2D2A1477
SHA-512:	57DAECA9705A3E9AF3B73A6BA582E319AC6541B2477BAE98C1D1F87CC68998E518BFED7900BAE03AFB23EF1D9948B7BC24118DAB832EA2FA2ABC5F46C36E5E55
Malicious:	false
Reputation:	unknown
Preview:	2024/10/07-13:20:57.103 18f8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/07-13:20:57.104 18f8 Recovering log #3.2024/10/07-13:20:57.106 18f8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241007172100Z-167.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	1.2199633429250014
Encrypted:	false
SSDEEP:
MD5:	A5DAC6C83F18AEEE86380E64F75F0801
SHA1:	D9CD2206B14DA57A4BD954D74E76FC68411ED07A
SHA-256:	B2FE39203340BA431A25020D3CF483BB0776A3B8C821B228A59C12AC8C030CE3
SHA-512:	60BA2D5311E5C44B0B1F92286943AB0F51A881F3912197D761BE482D99A918BD123D1AD0E2BB036A34A9B20CA86D2E9E2EA358D0B3A6DE18E04CF001D4688358
Malicious:	false
Reputation:	unknown
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	3.291927920232006
Encrypted:	false
SSDEEP:
MD5:	A4D5FECEFE05F21D6F81ACF4D9A788CF
SHA1:	1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
SHA-256:	83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
SHA-512:	FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	16928
Entropy (8bit):	1.2148138861598732
Encrypted:	false
SSDEEP:
MD5:	B20B0CBB1EB915DDB02AED460D920AB8
SHA1:	B4724D1B4CC9D3292C08D6C2E49FAE4F1D129D0A
SHA-256:	D38D5A550D38FD85CA4A6DEE3E18C2743F77E6C802B17AFD72F44823DF61B80C
SHA-512:	F5212A507A114B677C3C530DBBF926271DD4BDD654C96F6A8B8481B8CF98631C819E4CA036C34C1EB7E4FB336B4BAC409F2217B1161B2A33576B274CC5A8523C
Malicious:	false
Reputation:	unknown
Preview:	.... .c.....B.&.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Reputation:	unknown
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Reputation:	unknown
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.756901573172974
Encrypted:	false
SSDEEP:
MD5:	1ECACA9D8460A0C863382A4B8D57641E
SHA1:	840A00F0C7619B861A6D765187E2268514D44F06
SHA-256:	8177C09254CF19DB9BC9B5CD995C5AC23B598AE3AC27FD89DFC725539D7155CD
SHA-512:	3736A5E4C7E539D48E681820E7E648974A8B6E75735F9AE28F5433A39FEF98228D00F8807CA19956A1CC06CA747AF3A2EE21280D4EF33C37361EAE2E237C1A6D
Malicious:	false
Reputation:	unknown
Preview:	p...... ........E!EM....(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.1356875516282012
Encrypted:	false
SSDEEP:
MD5:	1CE0D279C42304EFE087AED9C15640F8
SHA1:	6B3FF7AA9645569932F27D0C4AB3B91D6A2F2D24
SHA-256:	A35215B7FB9965C08773D28170FADC5125A72D8070BF4E3B843430630061AB29
SHA-512:	52842AD700B0258CC3EE38B0A2DEFD5BE92796BC2875FEA7E45D06584C7FDB372C1829D7D318C233C7C6A7DBAE44B560E3160DF8B8697800B3611AF61871DABF
Malicious:	false
Reputation:	unknown
Preview:	p...... .........h._....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.366730023242885
Encrypted:	false
SSDEEP:
MD5:	176A46B18CBC64FF097E5621C3636F19
SHA1:	E89D09C7C2DB8F40226F026BBA09610C5E6EB73F
SHA-256:	F1049377763398A5D507A37197286C5D8D193521AD2848F23006249835FA25D7
SHA-512:	A86D369926422F73C9CBE63F1F1974529C1AC2ECB0202D0958FF4E250F1D665E69C6F0044FBAABC34AA6072662A7DD37C1FDD2425E839C8760D56E3EDB033101
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"281eabb6-d59e-43e6-95ae-9d3ca24c40f2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728500807310,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.3125400974160115
Encrypted:	false
SSDEEP:
MD5:	618248B937B815C0C42FDF2C47FD3016
SHA1:	7E863704EE9206C6C39BDE137696A30D7625FCE8
SHA-256:	382DA3FCAA039B815EFFEB0396D177BBC388BAE04983A01797660FABF7188FDD
SHA-512:	B5FA2C956570466C5CD1ED0AE230E8762AC699CBA20EC3EEF07438346785B1B58BBF127991499E329B48A5F4FE3468525AE0746D46128CE4E0640AA1F279E558
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"281eabb6-d59e-43e6-95ae-9d3ca24c40f2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728500807310,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.291619561620974
Encrypted:	false
SSDEEP:
MD5:	E937E21535112F1CB498601E3C60CD97
SHA1:	DE1843A296CD12367DC259CE26BF26C4706AE3D4
SHA-256:	7475F20DCC8B8EA163F3D56BA335DDB784154558DAE83F12B39B684452640A47
SHA-512:	FDF476BF53166E057834CEA2045A9366B53F9B550CEB3FF9DDBF9034957292D16B7E4773ED1F73F96DF35DBDC496E0B6EAFE33FF92EA20BCA4999ABFB3ADACCA
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"281eabb6-d59e-43e6-95ae-9d3ca24c40f2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728500807310,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.355228339595309
Encrypted:	false
SSDEEP:
MD5:	7428D0C1E78664789BCA43E2293FBAF3
SHA1:	CA9490F7533013ACD37993AAF9C6720E2EC134A6
SHA-256:	A556833F643AB2B05535A789797000C4CBE43F3E58D2E8CCA56FCDBD6822EE3C
SHA-512:	80D62EB527BF33D0DDDB51732FA614303704943D3DDE00209D199D79ABDA2B011FFAFABA786DDE14A0C6FBFD4D9C419ABD22A7A11E7A72353014884EF36318F6
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"281eabb6-d59e-43e6-95ae-9d3ca24c40f2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728500807310,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1083
Entropy (8bit):	5.678330534406748
Encrypted:	false
SSDEEP:
MD5:	04F5271B315D2BC1837A2670F62B3C99
SHA1:	8AF846C8FCA54E961331B85419D6E7859E777F25
SHA-256:	D34F4B204C6FDD46DC7E2E59B60A99F54B9A066E3298A8BC7875ADB9FA20DADB
SHA-512:	55D18566D8BDC582863C812EE2695169A4D72E62ECAF5096FF5566CA8B26651313E2F23471A16F12635A9AECF9B7FDE9EF1C110D099F88A4386A1A1BCFE20769
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"281eabb6-d59e-43e6-95ae-9d3ca24c40f2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728500807310,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_2","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"22b145c0-22bc-4bba-811f-7234f288595b","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjoiUkdTMDM1MS1FTlUtQ29udHJvbCJ9","dataType":"applicatio

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.650331413282483
Encrypted:	false
SSDEEP:
MD5:	0545292FF66934B5AF861A5E6A5EB8E0
SHA1:	74BC7D7650C133C1F99C8D8FD7DAD732A7F0E8BC
SHA-256:	A2FDE146D76A382586C35AC2391388EC5A9A8CD2BBF384556C6E4F202200877F
SHA-512:	276A41536916A9E42C868E2DDE3AD24EB85764D93203A5A80328E51D1392F73509AA423FF35FD0740B3483DCF59877C58C0EE37CFBBF86A7339A7228DB0DC64A
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"281eabb6-d59e-43e6-95ae-9d3ca24c40f2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728500807310,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.302152195212139
Encrypted:	false
SSDEEP:
MD5:	E6A7E823F53B2CBE699D111BF85D4949
SHA1:	75FC318E1C27E1C6D68F29B266D3B3AFE227F919
SHA-256:	87ED42E1588C51E30D64ED7287094784FF812BA2B3AFE6F61D6058D7D65143EC
SHA-512:	9ABBC2FCACD61BFADA45570D1A52D485C9C321A0F0305749B727B1FE248EC8D815D31681605EA529DD7E0397228A1E817C026342CAB245A057829DC40C941EFE
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"281eabb6-d59e-43e6-95ae-9d3ca24c40f2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728500807310,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1062
Entropy (8bit):	5.685934521667488
Encrypted:	false
SSDEEP:
MD5:	512C9AFF10FC8DE74EA2C220655F6344
SHA1:	63D2296EF968ACF4C4EF1183AE1AF65056C16740
SHA-256:	FD9A891740804825C24BAED5E1735DF999FB2D4C0411F4AA5B8025F9C92F4BFE
SHA-512:	21402A269D4C449480A6CF089D5AA4C3EC6AFF88C1A8F67ECFA1D12345C7A9E19B6B6216EA2C68E388338310A6AA93526801747F3179AC57EB070020840CB77C
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"281eabb6-d59e-43e6-95ae-9d3ca24c40f2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728500807310,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_0","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"58886bd3-acd7-4f84-ae2e-6684bc127c41","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNvbnRyb2wifQ==","dataType":"application\/json","encodingSch

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.694910589281151
Encrypted:	false
SSDEEP:
MD5:	0EAD656822EFE378589DA74A8B07E5B6
SHA1:	8898EBF9A0D60A664BA961749FFB25D80174C4CE
SHA-256:	BDE18DF5EBFC751695DB5BA7D0CC8F7F06111B1E2B9F8BEDE6610ED689B673B3
SHA-512:	BD65E477E5AD216FC3E6F21B908D24329F2AE4DCAA61D0BDDB8D666133ABE95AF9038A2BADFE98906F87F78FFBF8645A8B31D378E978E3CCF9D694D4ECCEA5A0
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"281eabb6-d59e-43e6-95ae-9d3ca24c40f2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728500807310,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.305491614966566
Encrypted:	false
SSDEEP:
MD5:	B9A5D787DEEE03E495E55BBCE90B5876
SHA1:	314F81A2103CE23C3148A8FB049BA9E39E3F073E
SHA-256:	FC82224B9B30011F47C231D8F98F60FC24CA19575875E4B611E1EA59F49E51EA
SHA-512:	4DAA6A8D41BED9AD50C6D510B0695693D687A5381FA1B93BB779FFD43798B56FBC482B623850CC75FE4BF0078EDADC976AFDC598A816D8BA31802AFF0FA13B7E
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"281eabb6-d59e-43e6-95ae-9d3ca24c40f2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728500807310,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.771401244518822
Encrypted:	false
SSDEEP:
MD5:	CEAEBF7A9CCA8EA100EC3B751E778DA0
SHA1:	0A8C0AA43C853CCF81059686164306ED5FCC401B
SHA-256:	9A7F31838C123DD50EADF67D59B21147981717D6B0060CF43B8309BB42C95435
SHA-512:	5A0831656DA4D206DE0108A6C9B9AEA9B63B2932B1F26E6537E4D3E13B36BEA27BEF1A2AF40629E4240C3FD60CFB5DF06A5C492EAC4C82A8B1C6614B3999C713
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"281eabb6-d59e-43e6-95ae-9d3ca24c40f2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728500807310,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.28900096958224
Encrypted:	false
SSDEEP:
MD5:	9C5DE88AE39211995A29A847F9061CB7
SHA1:	9C5F85F7C12DF1715AD87C42ED7527BFF340AA96
SHA-256:	6529B662D05BEEBF3F4859FEBDED042B437FD62B6B381E1401D75DDBC6B53EF0
SHA-512:	6A21C051A30CADE7C50B4A008F0820A1A4C47D1D6769E32040D1C109D13C8CB2071EB5AB2F24189C67312AB2E2E55512FC7FF546ACB19887E2949EE223C2D210
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"281eabb6-d59e-43e6-95ae-9d3ca24c40f2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728500807310,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.292754167634783
Encrypted:	false
SSDEEP:
MD5:	929D6189DBFA72C2D30F03FB41CB2C3E
SHA1:	A8CD0A700B63A036C88C0C2AE25ABC39F367BB92
SHA-256:	155DC169F81510283B601B1B2EF83ED5E46D7312B70FBC54B79762319846606F
SHA-512:	3BA446B818BF434DC9F4557221288408A3112FDEDE3CF1EA1EFF9DB9C9F9C6EF3DFBB4B7248EA9BFDAFB2332D8909439A5D3096DE43F81D63525DF8D310579D4
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"281eabb6-d59e-43e6-95ae-9d3ca24c40f2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728500807310,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1082
Entropy (8bit):	5.682213980846217
Encrypted:	false
SSDEEP:
MD5:	D3BB47C5C4F092D5579F1A2901DAB84E
SHA1:	51D109E3FB457386F97F1C32EDCC7ACC00A18AC8
SHA-256:	5562CEE2AB303A93E32AA60E2F397D777FCA5E63479C7DCC9F3CEE04598FC608
SHA-512:	D2ADB5B6E8A41D7DF65C3FEF53E36D2E991B442F03B3422ABC966546959C77568C8CEC2AEC5EC999B9B59F41659C119CB887578B14CA79F795BAE54BCB32A465
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"281eabb6-d59e-43e6-95ae-9d3ca24c40f2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728500807310,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_1","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"a8b11c37-7d39-4b12-9d33-a040ee4d296b","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNvbnRyb2wifQ==","dataType":"application

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.268660547221909
Encrypted:	false
SSDEEP:
MD5:	49F84411CCCD7C858B74D3BA7F3D254F
SHA1:	98A80DFBBACC53FC0A63D314F98492ACF2226920
SHA-256:	73C36E463A1F079338DE910B85BA8AA51283F695F5DAFCD3A4D9FB56AA263283
SHA-512:	3601631884416F1BBA4FF027B36FC14D38A8DBB97018F7A1BD35EC6D7949C4CB70A4E8E0D6835B1328C0EB9C21D97D64BF7BE1886DB9740AD21DEC7796602520
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"281eabb6-d59e-43e6-95ae-9d3ca24c40f2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728500807310,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.364617746523079
Encrypted:	false
SSDEEP:
MD5:	F3B9DB57BC5843FCA8B3B93DED87CE7A
SHA1:	FF0FAE62A923DD382B86453FA04C417DB7181DCB
SHA-256:	897AC841057EAD438C62E76591EF9D730758848790FC928C9D7E7D5EF994E116
SHA-512:	0FFEAAB97F6D24D46CE2682AB50797E2D2C5AEAFD83F0C59712BBDC8F5EECEAC5E4F41C410FDC66BEE74C1C00D1C7D52242A2D8F35B223852BA8F888C98654D9
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"281eabb6-d59e-43e6-95ae-9d3ca24c40f2","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728500807310,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1728321662347}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.141272592441467
Encrypted:	false
SSDEEP:
MD5:	8FD100768659C97D3D17E0ED6D600584
SHA1:	1E61BDF1189F442774271AD76FA5FCFF8C3E267D
SHA-256:	56AF7A51592E27DDDB8EB92F7FE73E4E957BA354B14ADBDDC42583BC0978AE2C
SHA-512:	F713B47E5E70DA92695FFE481C1657DF876C8C7F7AFFCED6B89E41AAA29725C1C1A0B91805D1F606CCBF468FA3C8E49F80A0AAB202D65FDDC64C39258FF95B5F
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"b157b34eb4be658d90d00d2c1cc73ac7","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1728321661000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"a93f33203a1cfdae12b35b6edf706d94","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1728321661000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"841492588a3b9625d6d53c53020490cf","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1082,"ts":1728321661000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"0f215a4b316904a3dab02eeb1275ac63","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1083,"ts":1728321661000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"0a0ab7b7353a07897c00dc593eb411f5","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1062,"ts":1728321661000},{"id":"Edit_InApp_Aug2020","info":{"dg":"828d5993dc226b223aea54c4b2f5cc34","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9884233951682913
Encrypted:	false
SSDEEP:
MD5:	59FEE994C8165461E9730FD850812F61
SHA1:	52E677BD92414219B8D8C65230AAC05A3EA3B891
SHA-256:	6F964E8EE6E8D83070D7AE5B9ED42BFA073F5A48D69D3A890C685F9665A53DF1
SHA-512:	7C917C2D463133D0FC89D8875F55119ECCDE7716A4293BB8A0D9158256D3878D5675DECC721AE7EC2E8FA80BDEB8A1F14BA3C5CA779DC300E3AAF2213D8BC9DB
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3454506781472195
Encrypted:	false
SSDEEP:
MD5:	B6AE232BC7A130CC4D6E8C2B9DE64962
SHA1:	C4D9312C4B67C083824998A2B2B23FADD813A995
SHA-256:	AB0BF9737790E6F5FFB94FC4542798FFB7D19D892E0777AA373550F7E38BCF4C
SHA-512:	EF9C9E0A1F1A619D3B5B20AC98D690E98533AD436CF7FD99B311F89E653674179B02F64C3F80DA5A258A47BECD8FC24C073909D9C7947A21574F7A650BDE9ACE
Malicious:	false
Reputation:	unknown
Preview:	.... .c..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI764ea.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5030768995714583
Encrypted:	false
SSDEEP:
MD5:	03E09B9C04CE3A1C65FBD645074418E7
SHA1:	9064FAEA796B19ECE5873C15241BDA9D0DF61EFB
SHA-256:	8534C021046F510DFA3B8D3C58B4325845328FD40986DA9E41B105C8A96D7E95
SHA-512:	3C0877AE7AF756789576DEB46275060FB31D943615C652FB22F7B49DE7F5499834C5DBE3205A13A202ECB2950364444AAE843892DB68A84C34321355C7108553
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.7./.1.0./.2.0.2.4. . .1.3.:.2.1.:.0.3. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 13-20-58-721.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.353642815103214
Encrypted:	false
SSDEEP:
MD5:	91F06491552FC977E9E8AF47786EE7C1
SHA1:	8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
SHA-256:	06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
SHA-512:	A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
Malicious:	false
Reputation:	unknown
Preview:	SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.417058516421469
Encrypted:	false
SSDEEP:
MD5:	440D4D771F08E245E8EDD32CF3FCC588
SHA1:	2EFAF92A9F295BAFB3844FA409CC7AFF6AE44C73
SHA-256:	A95B9CDA7905A2C7E5F4AB2648012B9C814B196E2662E7BA92687EABEAAE4F70
SHA-512:	08DD08299EBE963DD872249E166950540B31349FA3AE7E70B88FDC64BE722328A60565CB48B93A37344EA0C78877B29711DD62F7DB70BBDFB3D2E58384CDB22F
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\090431a3-13f7-4ee5-9638-d237d89f811f.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:
MD5:	1D64D25345DD73F100517644279994E6
SHA1:	DE807F82098D469302955DCBE1A963CD6E887737
SHA-256:	0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC
SHA-512:	C0A37437F84B4895A7566E278046CFD50558AD84120CA0BD2EAD2259CA7A30BD67F0BDC4C043D73257773C607259A64B6F6AE4987C8B43BB47241F3C78EB9416
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\8a0f7221-b922-4c96-94de-0fe5cbc0cf16.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:
MD5:	733564CE55672FD4189BEC28E939DE63
SHA1:	EFD2F3DFF9E49EF5324F67B6937E792BB8D277DF
SHA-256:	3EFFA15F3CECA764012CAC27DA2F856F533D444FE35650AAC9CA555DF13E6903
SHA-512:	223180120BE82A687712D5346A3F5E907E22EDBA855D87C0F0983D2406F9DC483D663521F160553E352210A9B838BB4EDFBB5122D8D0F9B061F67CFB17F856B9
Malicious:	false
Reputation:	unknown
Preview:	...........}.s.H....W`E.........M9h...q..p......%..!q.p....~..2......DlWtW!)?_.\|....?..?.s.w1.i..G...h6.]..y...p..m.b..N..rr..F..Xc...l.4.."..Q.... hL.p......s...x6..:.....x.~.6.Q..~......~b7..k.l......Yc.G[....hY3...C..n..\|.'6......i4f...,.."...O.b...x..,..jgc..bTn....,u.F..0......V.K,u..p....X.wAap...+.G..v....i.z...E.Rj8.a.r..<@.q.'...!.4..]...\|..3...-.2...`...4..i...w......$0D.....i./a......Z.]..e.mj..c}.?.....o......c...W..+....c...W...?8...n.......U..7..O........@....'...^.z..=.m....o.o<..~....... ...C{......w.m.h.-Q...6.(..uk/w!...Z..n.....p.U........T^w..[....1l...../i......0..1U\|}../xS}.q..B\|.......h>....S....g...A.s6.=.&....~.\.......-N.p...._.xex.....}.r..q$..<.S;l=. ..P..55;....[.}.T......d.p..vd'vl.].DN..o...................D...].......I}.t...D`?..n.A.zT..:@.`S5.K..,R....h...XzT....F..Xt...R...+N.....ee...P...F+C.....dq...r..5..aP.zY....c.f/..Pn...:f.>.Z..s.+.......7...O.C.#..6.....=.K.5{.%6,..Z.....DqZ.4....g-%.p..n...\

C:\Users\user\AppData\Local\Temp\acrocef_low\b0a8962f-0971-4c53-a5fd-1a9a006f07be.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Reputation:	unknown
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\df8b133d-6f20-4855-a259-a227951d6bf9.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

Static File Info

General

File type:	PDF document, version 1.4, 3 pages
Entropy (8bit):	7.7177844689307875
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf
File size:	32'148 bytes
MD5:	753cf6d7cfd7752e032aadc9d90ab1f1
SHA1:	c64edc3c1f71a5b577b8d911ba4857b6327a65d4
SHA256:	f71e519d33533311e32a03dcef0fc597164e69400b5c18aafbbe7c89f4ba4dd8
SHA512:	fd5d3f0c2593e4a2ec76c9f413a072993e29a81d85d0916a2ccebb66e7492a493b20042c0f637be04653861d0bdfddb9b783299edcaac95b066b48b6a2953578
SSDEEP:	768:BUh8+o5kmemiYxozm3I6qYmy9uT8AyYQLUT:Su+o5amlYYmojLUT
TLSH:	CBE29DBDF6C80C4DE8C7C789A2B67C4E183E33118AE8A88239354743BD55E65772179B
File Content Preview:	%PDF-1.4.1 0 obj.<<./Title (..)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...2...1)./Producer (...Q.t. .4...8...6)./CreationDate (D:20241007075716Z).>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>>.endobj

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.717784
Total Bytes:	32148
Stream Entropy:	7.958676
Stream Bytes:	25216
Entropy outside Streams:	5.160668
Bytes outside Streams:	6932
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	44
endobj	44
stream	9
endstream	9
xref	1
trailer	1
startxref	1
/Page	3
/Encrypt	0
/ObjStm	0
/URI	16
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
17	70e8cc8e8ecce870	2262cf48b94c9485fd09276a4782207e
19	e8d4aa6949b2d4e8	1a69c1b414d3c0be0af3c4d07121b0dc

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF487178.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\aa7858b8-41d4-4971-b311-d90fd8f58ad9.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c1fd999d-8c58-4e71-9645-7a12333e0d72.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241007172100Z-167.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSI764ea.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 13-20-58-721.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

C:\Users\user\AppData\Local\Temp\acrocef_low\090431a3-13f7-4ee5-9638-d237d89f811f.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\8a0f7221-b922-4c96-94de-0fe5cbc0cf16.tmp

Windows Analysis Report
AC0fd2c0cf3abf2f5620667e2e79b270cf-2024-09-IVb259e02787a5bfa24f06d0c81101aff78115640656826087324.pdf