Edit tour

Windows Analysis Report
Service INV213351.pdf

Overview

General Information

Sample name:	Service INV213351.pdf
Analysis ID:	1531076
MD5:	b76c98650321d07e199293b07669a159
SHA1:	d7cf87ceb3e083214473abfa64abae3871e2bf36
SHA256:	e6795c7ecb90875cd60496c3361c55182c58266caa2e2e7695552491481f79fc
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

IP address seen in connection with other malware

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 3268 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Service INV213351.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 3212 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 3576 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2244 --field-trial-handle=1508,i,16701083651804924548,11225176438331712936,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Joe Sandbox View

IP Address: 23.217.172.185 23.217.172.185

Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.dr	String found in binary or memory: http://x1.i.lencr.org/

Source: classification engine

Classification label: clean0.winPDF@15/53@0/1

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-10 14-24-11-891.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Service INV213351.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2244 --field-trial-handle=1508,i,16701083651804924548,11225176438331712936,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2244 --field-trial-handle=1508,i,16701083651804924548,11225176438331712936,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Service INV213351.pdf	Initial sample: PDF keyword /JS count = 0
Source: Service INV213351.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A91ga5xyl_u8pqvw_4og.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A91ga5xyl_u8pqvw_4og.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: Service INV213351.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Service INV213351.pdf

Initial sample: PDF keyword obj count = 58

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://x1.i.lencr.org/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.2.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.217.172.185	unknown	United States		16625	AKAMAI-ASUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1531076
Start date and time:	2024-10-10 20:23:17 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Service INV213351.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@15/53@0/1
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 95.100.50.221, 162.159.61.3, 172.64.41.3, 23.3.109.48, 107.22.247.231, 54.144.73.197, 18.207.85.246, 34.193.227.236, 2.16.100.168, 88.221.110.91, 2.19.126.149, 2.19.126.143, 192.168.2.6, 23.200.0.33
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, client.wns.windows.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, a767.dspw65.akamai.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
Report size getting too big, too many NtCreateFile calls found.
VT rate limit hit for: Service INV213351.pdf

Simulations

Behavior and APIs

Time	Type	Description
14:24:18	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

Input	Output
URL: PDF document Model: jbxai	{ "brands":["PeerBie Inc"], "text":"PEERBIE INC 555 Mission St. San Francisco, CA 94105 Bill to: Specialty Lighting Group United States Contact Person: Daniel Carroll Invoice #: 213351 Created: 5 Aug 2024 Terms: Due on Receipt Payment Method: EFT Only Status: Past Due # DESCRIPTION AMOUNT(USD) 1. Timely, integrated analysis to simplify regulatory processes and improve operational quality through July, 2024. $21, 000.00 2. Active investment initiative strategies across public and private markets for individual investors. $18, 500.00 Consultation with Comprehensive Reports - Daniel Carroll - Dedicated VIP Relationship Manager - Early access to new products - Invitations to exclusive events - Surprises and rewards - Priority live chat support $5, 000.00 Total: $44, 500.00 Amount Paid: $0.00 Balance Due: $44, 500.00", "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Input

Output

URL: PDF document Model: jbxai

{
"brands":["PeerBie Inc"],
"text":"PEERBIE INC 555 Mission St. San Francisco,
 CA 94105 Bill to: Specialty Lighting Group United States Contact Person: Daniel Carroll Invoice #: 213351 Created: 5 Aug 2024 Terms: Due on Receipt Payment Method: EFT Only Status: Past Due # DESCRIPTION AMOUNT(USD) 1. Timely,
 integrated analysis to simplify regulatory processes and improve operational quality through July,
 2024. $21,
000.00 2. Active investment initiative strategies across public and private markets for individual investors. $18,
500.00 Consultation with Comprehensive Reports - Daniel Carroll - Dedicated VIP Relationship Manager - Early access to new products - Invitations to exclusive events - Surprises and rewards - Priority live chat support $5,
000.00 Total: $44,
500.00 Amount Paid: $0.00 Balance Due: $44,
500.00",
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
23.217.172.185	https://media.thesocialpresskit.com/american-bankers-association/BNAT2024PrintablesPostcard2.zip	Get hash	malicious	Unknown	Browse
	original (3).eml	Get hash	malicious	Unknown	Browse
	http://cdn.prod.website-files.com/66006200351a0e5dfaa727ed/66de69bda1d04790a2e6ba98_54204894406.pdf	Get hash	malicious	Unknown	Browse
	COVID-19.pdf	Get hash	malicious	PDFPhish	Browse
	Globalfoundries.com_Report_46279.pdf	Get hash	malicious	HTMLPhisher	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	original (1).eml	Get hash	malicious	Unknown	Browse	2.19.126.151
	brayton HR Bulletin_270852_3BU4-ZSJO2U-JMY3.pdf	Get hash	malicious	Unknown	Browse	23.203.104.175
	vEOTtk6FeG.elf	Get hash	malicious	Mirai	Browse	184.50.185.53
	RFNnJGB7wy.elf	Get hash	malicious	Mirai	Browse	96.26.27.22
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Fw_ Complete with Docusign_ J929272_SOW Extension_002_09-OCT-24_201415.pdf.eml	Get hash	malicious	Unknown	Browse	2.19.126.140
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	ASmartCore_[1MB]_[unsign].exe	Get hash	malicious	LummaC	Browse	23.192.247.89
	2NkFwDDoDy.elf	Get hash	malicious	Mirai	Browse	104.73.138.82
	Set-up.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.1465987238687525
Encrypted:	false
SSDEEP:	6:J3UlMq2PN72nKuAl9OmbnIFUt8W3U+Zmw+W3UykwON72nKuAl9OmbjLJ:JklMvVaHAahFUt8Wk+/+Wky5OaHAaSJ
MD5:	BF79D930A5C8A6BA06B28BE9C86A99EA
SHA1:	7630C1DFEF53D15902E8BBA60EA0961065342EF3
SHA-256:	2D21C8754B7BE0B6A9C4B4E4F2733D3B583B8B70ED2478031F01F9F6FA86DF18
SHA-512:	F1EC5C00E0A43B6B8487B46788C0A407C5832C78262597FBE940FC48CC60ACF8531C39AE744613494ADB52B92661AE810A840103892D4061F1378A8F9A1C2C3B
Malicious:	false
Reputation:	low
Preview:	2024/10/10-14:24:10.975 e44 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/10-14:24:10.978 e44 Recovering log #3.2024/10/10-14:24:10.978 e44 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.1465987238687525
Encrypted:	false
SSDEEP:	6:J3UlMq2PN72nKuAl9OmbnIFUt8W3U+Zmw+W3UykwON72nKuAl9OmbjLJ:JklMvVaHAahFUt8Wk+/+Wky5OaHAaSJ
MD5:	BF79D930A5C8A6BA06B28BE9C86A99EA
SHA1:	7630C1DFEF53D15902E8BBA60EA0961065342EF3
SHA-256:	2D21C8754B7BE0B6A9C4B4E4F2733D3B583B8B70ED2478031F01F9F6FA86DF18
SHA-512:	F1EC5C00E0A43B6B8487B46788C0A407C5832C78262597FBE940FC48CC60ACF8531C39AE744613494ADB52B92661AE810A840103892D4061F1378A8F9A1C2C3B
Malicious:	false
Reputation:	low
Preview:	2024/10/10-14:24:10.975 e44 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/10-14:24:10.978 e44 Recovering log #3.2024/10/10-14:24:10.978 e44 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.117659138304883
Encrypted:	false
SSDEEP:	6:J3Uqq2PN72nKuAl9Ombzo2jMGIFUt8W3ULZZmw+W3UKTVFkwON72nKuAl9Ombzos:JkqvVaHAa8uFUt8WkLZ/+Wk85OaHAa8z
MD5:	490C8687ABB4AAF809E1B3E3ACF49579
SHA1:	0D723E76C0E715C6ABF22EACEF9B12A23ED471EE
SHA-256:	DDB23803C18897E8F3C1AE9752FF088D6002154940937E9C450BD5731D791A83
SHA-512:	E4FBDF53E74E79F429B9D6E901986B755A8366AB9A98DF26F6690E003677C782276A5AD6109918DA08811C191979156AD22E516D3D84828869BCBEF03CC1D311
Malicious:	false
Reputation:	low
Preview:	2024/10/10-14:24:10.963 11d0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/10-14:24:10.965 11d0 Recovering log #3.2024/10/10-14:24:10.966 11d0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.117659138304883
Encrypted:	false
SSDEEP:	6:J3Uqq2PN72nKuAl9Ombzo2jMGIFUt8W3ULZZmw+W3UKTVFkwON72nKuAl9Ombzos:JkqvVaHAa8uFUt8WkLZ/+Wk85OaHAa8z
MD5:	490C8687ABB4AAF809E1B3E3ACF49579
SHA1:	0D723E76C0E715C6ABF22EACEF9B12A23ED471EE
SHA-256:	DDB23803C18897E8F3C1AE9752FF088D6002154940937E9C450BD5731D791A83
SHA-512:	E4FBDF53E74E79F429B9D6E901986B755A8366AB9A98DF26F6690E003677C782276A5AD6109918DA08811C191979156AD22E516D3D84828869BCBEF03CC1D311
Malicious:	false
Reputation:	low
Preview:	2024/10/10-14:24:10.963 11d0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/10-14:24:10.965 11d0 Recovering log #3.2024/10/10-14:24:10.966 11d0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\63653ab9-4e36-4ac7-82aa-48baf44f57a8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.952497930598832
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqyGrXhsBdOg2H/caq3QYiubcP7E4TX:Y2sRdsfdMHO3QYhbA7n7
MD5:	89BB01E643FCBD9DBF54D43C3AFE8C06
SHA1:	099ADB21298BFDFA8ACB5E4863F24B8C3D526DE3
SHA-256:	EBD6C79ECA9CC6A69E2C00C39212C6AE2EABC1AFFD48D84AD7F29FF43A93DBFB
SHA-512:	0C5885B972256E5B618CFA178C8BC3BFC58D743E3EA997C93532E2A8A23919F4F1A1A3A82C1139DE2A72AE3CA383919CED9CB588FF648D05264DB2777030427E
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13373144661363244","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":449295},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\985ceea7-c7e0-4d55-b1df-7cb8b0c9e9a7.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.971824627296864
Encrypted:	false
SSDEEP:	12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7
MD5:	F326539D084B03D88254A74D6018F692
SHA1:	395B367E0E3554C3E78A8211F2D4B9F0F427CA87
SHA-256:	9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007
SHA-512:	C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341048370594526","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":151499},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.971824627296864
Encrypted:	false
SSDEEP:	12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7
MD5:	F326539D084B03D88254A74D6018F692
SHA1:	395B367E0E3554C3E78A8211F2D4B9F0F427CA87
SHA-256:	9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007
SHA-512:	C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341048370594526","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":151499},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF532249.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.971824627296864
Encrypted:	false
SSDEEP:	12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7
MD5:	F326539D084B03D88254A74D6018F692
SHA1:	395B367E0E3554C3E78A8211F2D4B9F0F427CA87
SHA-256:	9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007
SHA-512:	C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341048370594526","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":151499},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	5859
Entropy (8bit):	5.245442760669364
Encrypted:	false
SSDEEP:	96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7cWk7b:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhW
MD5:	A9AA2593BB871D0E71F5B38BA2BEE84C
SHA1:	9A0DAF7742A1A3892DE8F09B320EEA20583D946E
SHA-256:	BB91B866761AA9DA008B22276DBF93C910A84601D26BADFF0AEC6E49598DC303
SHA-512:	BB9C83038E710960B8F11E32F9391AA684DE0F694A99C467BAA6363AD8EE064AD2F192A03ABA8CF555A3721FFCFE7332A77A2372A52F3645EFB719781BF1F21D
Malicious:	false
Preview:	*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.083125544394986
Encrypted:	false
SSDEEP:	6:J3U+OKq2PN72nKuAl9OmbzNMxIFUt8W3U+5XZmw+W3UskwON72nKuAl9OmbzNMFd:Jk+HvVaHAa8jFUt8Wk+5X/+Wks5OaHAo
MD5:	C5D049A8AAE093D3CC8A84D69AC15E33
SHA1:	132B17AAF678C65A6CAC30BB899C8EDDB0F30195
SHA-256:	9A251C4B4D726C379DE933FE504F99C97A42FB9F375727A0710E23B1324ABC4E
SHA-512:	0EEA17CDC7B0A7699C2B9B5FD58EFB110752FB90BFC035BB66030D56CCC2A1C8D50BCFCE1A23B1C1CF51EA7A81F4CB4C2A91768FC61DB3170D6C1D8728E823C0
Malicious:	false
Preview:	2024/10/10-14:24:11.481 11d0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/10-14:24:11.488 11d0 Recovering log #3.2024/10/10-14:24:11.493 11d0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.083125544394986
Encrypted:	false
SSDEEP:	6:J3U+OKq2PN72nKuAl9OmbzNMxIFUt8W3U+5XZmw+W3UskwON72nKuAl9OmbzNMFd:Jk+HvVaHAa8jFUt8Wk+5X/+Wks5OaHAo
MD5:	C5D049A8AAE093D3CC8A84D69AC15E33
SHA1:	132B17AAF678C65A6CAC30BB899C8EDDB0F30195
SHA-256:	9A251C4B4D726C379DE933FE504F99C97A42FB9F375727A0710E23B1324ABC4E
SHA-512:	0EEA17CDC7B0A7699C2B9B5FD58EFB110752FB90BFC035BB66030D56CCC2A1C8D50BCFCE1A23B1C1CF51EA7A81F4CB4C2A91768FC61DB3170D6C1D8728E823C0
Malicious:	false
Preview:	2024/10/10-14:24:11.481 11d0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/10-14:24:11.488 11d0 Recovering log #3.2024/10/10-14:24:11.493 11d0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241010182415Z-218.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	2.063029340109828
Encrypted:	false
SSDEEP:	384:k4v/aDOgQXFLvx1nKKKKKKKKKKKKaKKKKKKKKKKCw/LeMNJt0:k4HaWLAxk
MD5:	78C1018F08D1BDCF4AFF06EB3B518E86
SHA1:	B63606921B7237277058C47CEB12C4543BC217A2
SHA-256:	A55539C374D40D47A43B4369B3B510E95FFA6818F5A7621B2EE81AC11BFA0A7E
SHA-512:	90804F08F8A435B36B052E330C88FF54B446B2CBB4BF5873B55179F76EBBFE9BD5090749AD45A0F84CBF76C18C02AA09A43F37888F70023F744C428FFFC01A35
Malicious:	false
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 13, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 13
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.444670656129628
Encrypted:	false
SSDEEP:	384:SeIci5tliBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:QOs3OazzU89UTTgUL
MD5:	E20B5BEF6E77211E4C9A054B23C327A8
SHA1:	7C2A552DDA5679174C30D321FDF5D0163B886826
SHA-256:	C973C834391439059B12347F0773442C47036FB53078B18AD527984C2F307D7B
SHA-512:	D84CB3E62764D7D2647359EDDFACC0CFD2D8138F814B5196C106FF291CA669BD641282D30FB28083C8648260D87BE575D7CE0ECEDB5D4457AE2084759515170C
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	2.2131308113877437
Encrypted:	false
SSDEEP:	24:7+twWgnuwKcqLLzkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9E:7MwRnCcqPmFTIF3XmHjBoGGR+jMz+Lhm
MD5:	8A35BA17D2AD89724B39BCD172C06EF2
SHA1:	7DDC117BB54572D6F46621E822E1B00B250966F8
SHA-256:	61536472B663135893F4466C42569D0C005805F1E733FDD613A559C9FA70CDDC
SHA-512:	F33159051347BD33DAF6440447E0DE761F5E3715C2094CABC06A683EED004497623FA004C1F64E17A7E35648F16E5F9172710FA0ED552F34CC06996F70F71ECF
Malicious:	false
Preview:	.... .c...... .........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.7569015731729736
Encrypted:	false
SSDEEP:	3:kkFklOo/5ttfllXlE/HT8k7JzltNNX8RolJuRdxLlGB9lQRYwpDdt:kKXMzeT8yJRNMa8RdWBwRd
MD5:	56434AF34890D9C578D89847E071E30A
SHA1:	67A951DBCE5FA3802593532DE30D73F968031844
SHA-256:	3A09984956B9A339AA62865FEC0C0EC01B76DB0E2985FEAAB60A1091FBCD1D1C
SHA-512:	0AD20A9F209CC889AC6478D7D8176C7BF7DACD7E560468EDA5AD1F21A39D155104D9229A8BC73780C4D3B31CBB8448A0F7F0BE61F5E02BB54D7746A414085DFF
Malicious:	false
Preview:	p...... ............A...(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.150184159866505
Encrypted:	false
SSDEEP:	6:kKmOsL9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:eziDnLNkPlE99SNxAhUe/3
MD5:	445605758ED8B1231A735DA39B7D63C5
SHA1:	504D332D1F88D92BD8FEB6E4BF17A75E299C3F64
SHA-256:	551CF10641823613ED544F60292F92C517A2E98D2A5DB1C21FFD4055427BDF1A
SHA-512:	92E5CE3C320817154438EACF915C2C021733E18B2C718B5B05F94DD1A1005D7B8ADD08FA5B45378BF7F9035CADE970B182C0610D254D3304A04C2CD2B40F1F6F
Malicious:	false
Preview:	p...... ........QO..A...(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	227002
Entropy (8bit):	3.392780893644728
Encrypted:	false
SSDEEP:	1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn
MD5:	265E3E1166312A864FB63291EA661C6A
SHA1:	80DFF3187FF929596EB22E1DB9021BAD6F97178C
SHA-256:	C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728
SHA-512:	48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.3732977520512275
Encrypted:	false
SSDEEP:	6:YEQXJ2HXukP8Q8RxmnZiQ0YG2OcLeoAvJM3g98kUwPeUkwRe9:YvXKXukblc7cLVGMbLUkee9
MD5:	65783D2FB903BD53F44362C7E9EDECEA
SHA1:	A87D75106A3DCB0A6FC7CFED91604BA9B8D8C3BC
SHA-256:	C4A70B56F77E4E4465339F68A10AE25A81E776620E5B622A9DDF44B92FE4B26D
SHA-512:	B645E00D2FA369B36EBE42EA52AC54DDC15A325C2215378DEFBC2E2284517882E4C6D5C3ECC1AF0D326DAC16E9A4527B65B78FA36B4D00FFBFAB0EFBFCDCA838
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3b062702-e9e2-402b-ad79-fb9d085ccdcb","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728763851294,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.325929990736828
Encrypted:	false
SSDEEP:	6:YEQXJ2HXukP8Q8RxmnZiQ0YG2OcLeoAvJfBoTfXpnrPeUkwRe9:YvXKXukblc7cLVGWTfXcUkee9
MD5:	D7079FF2D6F8E0AB5EFADE496968432E
SHA1:	AABF6A824188BFB99130BA34637FBF949831515E
SHA-256:	E99A152A1AA97BE980CEE6A32EEE5133741DC6CBF2CAA1D7967318FB9214E856
SHA-512:	D4150C4C78A7F0B7A8183929981CA4C64279AE037C97C446A7F0D7AA8D0230D8939B27913128D966032E02E0AE441A5741A79B008EEA4519E8875704538508D0
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3b062702-e9e2-402b-ad79-fb9d085ccdcb","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728763851294,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.3040689054820955
Encrypted:	false
SSDEEP:	6:YEQXJ2HXukP8Q8RxmnZiQ0YG2OcLeoAvJfBD2G6UpnrPeUkwRe9:YvXKXukblc7cLVGR22cUkee9
MD5:	1035E2214E21CDF1B2597C935A09DBB2
SHA1:	D1DF0B3B9A4EC93DC1C0F66B373EBFC19D402A00
SHA-256:	C51E9F5E0AB62687E1F039521828CAFD373E9FE5846A3C5A4C7CFE3A2BF4B3E1
SHA-512:	EE52132CC17FEE9D31E7387C888F61B568962A2A0D016E78E34025D863DC582C6A9B779F6E6B833DCF11315804DCC31DAC43381EEA39A53FE96A3B1E13145A11
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3b062702-e9e2-402b-ad79-fb9d085ccdcb","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728763851294,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.353668901951445
Encrypted:	false
SSDEEP:	6:YEQXJ2HXukP8Q8RxmnZiQ0YG2OcLeoAvJfPmwrPeUkwRe9:YvXKXukblc7cLVGH56Ukee9
MD5:	B975B0842718BE95BFF331DA312D3958
SHA1:	B3386176914592538C17B6AB54E50206C0FF1C08
SHA-256:	FDA2A2AEEE13765C81610983E8E87FC85D09DE56CC08D924C048B78914C50420
SHA-512:	1001AE3DE26C807C2F991C2A906715AC03639AEB89F95785DECDD9EB5B085A375F820DF9FFF29D1A9608CA6D9BDB07C0223B25A48045F3275608C6DBBE8EDB41
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3b062702-e9e2-402b-ad79-fb9d085ccdcb","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728763851294,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	5.687157532885577
Encrypted:	false
SSDEEP:	24:Yv6XLba46pLgE7cgD6SOGtnnl0RCmK8czOCYvSr6:Yvi6hgs6SraAh8cvYKr6
MD5:	E1E2694FA315C150A10A21D7375E56BD
SHA1:	F5CB71E22EFC1E19BCFFD72BA490D22503C19B39
SHA-256:	277BB1867EEE288158E61BFCF75C2D5596A709FF8AF3E4DB562E396E7C5B30CA
SHA-512:	DDD10F053F8AD6F31777CE890D475CE16584F51B51882E64A462A5E376C5DA5E9A63EC3DE2F76B80566B8CE9C41454E671C1959D4727BC3575D7FCED198D7BD7
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3b062702-e9e2-402b-ad79-fb9d085ccdcb","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728763851294,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_2","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"67a3a874-888f-4d96-9f3d-26e70c3e0be1","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgUERGIGZpbGVzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjoiUkdTMDM1MS1FTlUtQ2hhbGxlbmdlcjIifQ==","dataType":"ap

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.651926946201981
Encrypted:	false
SSDEEP:	24:Yv6XLba4cVLgEF0c7sbnl0RCmK8czOCYHflEpwiVw6:YvicFg6sGAh8cvYHWpwr6
MD5:	D6CB7734CC31BDB557AAD21F06EBF82C
SHA1:	54F9B7B18AEBD321D88F1DD5A6FA795B4B80BAEC
SHA-256:	D929CE905D8C55035D66E57C5D6B7CFD3956AD5A0248BDF0C9B47A311C6C79F0
SHA-512:	DC84127A7D85B70F1422A514352EA51C163ED172DB815E5E605ACD03D2E887552C273A3B21D930637F57DF12500D76653478B915ADC8DE1C82A4AE8E82539BF7
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3b062702-e9e2-402b-ad79-fb9d085ccdcb","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728763851294,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.304035094829974
Encrypted:	false
SSDEEP:	6:YEQXJ2HXukP8Q8RxmnZiQ0YG2OcLeoAvJfQ1rPeUkwRe9:YvXKXukblc7cLVGY16Ukee9
MD5:	5724DFAB175A65C1B5F5B47344C1087C
SHA1:	025FC861BB9C96F36C8A418C70037F483B7266BC
SHA-256:	739523F44F96646A434B46C030ADBCD5F2FFCFD53BED254C46A6EC67170CFD0D
SHA-512:	C4DBF6829C4972EABAA8C417ABE9F946A2464AD59EAC00BC19D966E4ADF10A02C484B1C56A13632F5E65F28BE5D277CE5E6AA380B4B4888A7D6511F0D17A4E73
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3b062702-e9e2-402b-ad79-fb9d085ccdcb","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728763851294,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1098
Entropy (8bit):	5.686358271999871
Encrypted:	false
SSDEEP:	24:Yv6XLba4B2LgEFcs2SOGt0nl0RCmK8czOCUaBtCrfSr6:YviBogq2SrhAh8cvUgEmr6
MD5:	CE4CA0474796DC71EE545858D7632E4E
SHA1:	CDEF6FC56D489AF27E305836A5F797D378E75896
SHA-256:	B86AAB0849DE3835E74ACA66CFFE9404C99A501E7A688FDF90AEF19CF0E5E977
SHA-512:	D0BA5D64E90B255830D08B59D538B541537825A2892D50D75766A96653F4D0E9541CDFCA1464A0A78BA191441641BCCF3D97F0B87A0054C476BE3AEF609B4174
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3b062702-e9e2-402b-ad79-fb9d085ccdcb","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728763851294,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_0","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"abdf1d9d-2114-4953-95a6-4eed783b9872","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlR1cm4gc2Nhbm5lZCBwYXBlciBkb2N1bWVudHNcbmludG8gaW5zdGFudGx5IGVkaXRhYmxlIFBERnMuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNoYWxsZW5nZXIyIn0=","dataTy

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.69908858512312
Encrypted:	false
SSDEEP:	24:Yv6XLba4BKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5w6:YviBEgqprtrS5OZjSlwTmAfSKu6
MD5:	0BC3D686A16CD5E44C641BDAE963D311
SHA1:	D753F8E8FAC294BB93A01857CA9F3545AACAD20A
SHA-256:	B6985CCFF2108F1E8CBFFA6C717F72EC61B3719C488D1D0F99044EFD047EF9B1
SHA-512:	9D444300378AD88D935D410B937A047858B2EB6865DFD3D78D8965577B514DF16DCBCB56B9C7294281CF1EA67D03C55B0D4CB02B86897D83C10402AF2B842D38
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3b062702-e9e2-402b-ad79-fb9d085ccdcb","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728763851294,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.309635985503049
Encrypted:	false
SSDEEP:	6:YEQXJ2HXukP8Q8RxmnZiQ0YG2OcLeoAvJfYdPeUkwRe9:YvXKXukblc7cLVGg8Ukee9
MD5:	5AECAC0CEEC8DB6A3921A426A8DF0D70
SHA1:	3E4BFBA447141DBA29B37FBD4AAB7F0859ECC905
SHA-256:	2D1C438E81F0122579F0A627789881F5F864BBC4C054BFEDCD09281ACD9F59F5
SHA-512:	1B5C9D70A5313D24C66EFB0F1F8FA64FDA8FB657760E6C8F140700AD6AA45563D673E6F82014CCD72FADC498089EAE53C97230A864101661FE345D4C51397993
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3b062702-e9e2-402b-ad79-fb9d085ccdcb","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728763851294,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.773244922808839
Encrypted:	false
SSDEEP:	24:Yv6XLba4MrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNI6:YviMHgDv3W2aYQfgB5OUupHrQ9FJu6
MD5:	D4B0E4CA3EC2C9807A0EF52E52B5685E
SHA1:	5B9D5AECFB9174BC539156230B207B1F5D5E032D
SHA-256:	4D8F1382334340D5F66E768CB7544511DEC75868ED1DE34D6CDC3A299FA6A50D
SHA-512:	EF3FF2B1F189E012E9C2ECCC9D95E38EDCD4E8A74584D34886FAA2B7D155D6BB89FC0E8E0F1956A6CE5B4EA6B77AB5EA11E1234D1FC92352C9FC751E99B6F512
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3b062702-e9e2-402b-ad79-fb9d085ccdcb","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728763851294,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.293116856472425
Encrypted:	false
SSDEEP:	6:YEQXJ2HXukP8Q8RxmnZiQ0YG2OcLeoAvJfbPtdPeUkwRe9:YvXKXukblc7cLVGDV8Ukee9
MD5:	19006CD9A4D4D4847A21170BB6FAE372
SHA1:	A9066C43870D57791329FA184A425F1E905A6DFE
SHA-256:	5D6F7D013C7514CEF5CFB047E33E7049CE99FA5357A4B0A561EDEDF67C01B450
SHA-512:	718BC12B33F163429017F9E05F2371482D9C0359630E5143174006F431B922228F10B08984D2919AC6BDA4D9711BC33707B53B01F93257D62BED2FC9B08542F1
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3b062702-e9e2-402b-ad79-fb9d085ccdcb","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728763851294,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.296317172604156
Encrypted:	false
SSDEEP:	6:YEQXJ2HXukP8Q8RxmnZiQ0YG2OcLeoAvJf21rPeUkwRe9:YvXKXukblc7cLVG+16Ukee9
MD5:	441B799599588EECFE028407E7FE61AF
SHA1:	6D29D5BB26F6F08D4C7FB4F7052269270D2D4C0C
SHA-256:	6442DA3989441025EBED4A776583A94C2A60EB4CD6F4E02CD6D151387C669C5B
SHA-512:	601395399FF6BDF58A90BE90DCABC1A7FC841D1889CBCF7E229B1E26B66B8C4406CA26006A2CD7F30816A1E89180B1132C2673130F5D7D200EA6547EF19EB711
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3b062702-e9e2-402b-ad79-fb9d085ccdcb","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728763851294,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1054
Entropy (8bit):	5.665915043634973
Encrypted:	false
SSDEEP:	24:Yv6XLba4mamXayLgE6cTg4QSOGtNaqnl0RCmK8czOC/CrfSr6:YvioBgSXQSrOAh8cv6mr6
MD5:	E0520FB532BAC7FE25DA5856B2CA4D19
SHA1:	1146DD77E1871E5366FAAA09B0D75B47C8E0D28E
SHA-256:	8907C894A76EC333DDDEFDC34F6F7D208F81318CDFA09B54DC8B647475CA6DC0
SHA-512:	40B4D884CD4F77E5DCCC1127540BB459B78F1FBEDFD049576833B2807E31C3F31BD9C989F9AC460826B000A4127B013AC5B74BA3F8589C50F2AF6FBB7C49B8E5
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3b062702-e9e2-402b-ad79-fb9d085ccdcb","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728763851294,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_1","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"7fe39695-394c-4706-9b50-651e7499d428","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNoYWxsZW5nZXIyIn0=","dataType":"application\/json","encodingScheme":tru

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.272732291011576
Encrypted:	false
SSDEEP:	6:YEQXJ2HXukP8Q8RxmnZiQ0YG2OcLeoAvJfshHHrPeUkwRe9:YvXKXukblc7cLVGUUUkee9
MD5:	72AE978ABAD193B82D3DBACF6D669DBA
SHA1:	96EC63E67DB5B509E82C83A555A142053C42B3D4
SHA-256:	EDE7C9F67CBCD3B5576EBC76B77598CDB3A4CFDAE77E87BF12B353A525760513
SHA-512:	6BBE7B986F5D7B0FCCEED163F85E83E5DA0F947D19796B35795D2B2D661A8AEF4708791CE842741D30D2ED50E43D982FF8149F3F0BAE2D39E84B8BC0168D777F
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3b062702-e9e2-402b-ad79-fb9d085ccdcb","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728763851294,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.361436804674952
Encrypted:	false
SSDEEP:	12:YvXKXukblc7cLVGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWs6:Yv6XLba4x168CgEXX5kcIfANhr6
MD5:	2C81407423943FA60B7B3C11F8349CCD
SHA1:	B430670D817173AC28ACEA2A736004FAFC3CF18D
SHA-256:	4A0F6287E59CBE20471F10537448FAADA7A057AC5DCA53EE0AEE70C1F57E83C2
SHA-512:	68A54C11C1935CB21511BDC76032368665ED6CE8ED1D59B1FF7F7B47C7D37F2BF1AFF7D41853A10751F8622DF2894612B0D3D5A71A063B8B6E7B4F6CB8E0C6C3
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3b062702-e9e2-402b-ad79-fb9d085ccdcb","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1728763851294,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1728584661330}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.1440194259306615
Encrypted:	false
SSDEEP:	48:YPGGGvIJgdcgU4MW6h6lbDCKfrcemdGlEYIK9gwjA:KyvDMGXvfr1Ewg
MD5:	759703EC57EA0D0457F47AC31AFB9209
SHA1:	5E601E58048A35351D13B6AA0E4B19FD57B8BBBC
SHA-256:	DC4290991FC820E484B7861486B9FDEA0FE38A067FE397DAE488B6C2BAD425AA
SHA-512:	6BAA80A89CDA98E9A647BC2E6428AC79A7A5E4B022819F4C07DFAF501BFCE1075614A1B7F3C5A2AEC005735E69AF6B81B248BF08E662E5699DAD71634CDD4CF6
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"64818c7a68c2f5bd088d2654791a85ed","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1728584661000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"ed87d9d9a4c27130907014b52de644f1","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1728584661000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"63043e9af84659aa451aefe0edaa6ddb","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1054,"ts":1728584661000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"bc4bda8375eb60cd027d9c863cb64850","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1091,"ts":1728584661000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"ee507019baa6c2c5f8bcc349fa7bc0a8","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1098,"ts":1728584661000},{"id":"Edit_InApp_Aug2020","info":{"dg":"94bb274d9ea4b2c1a5f9bf607a6a27ae","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1476179337407932
Encrypted:	false
SSDEEP:	48:TGufl2GL7msjl5Xc+XcGNFlRYIX2vzllCUlF:lNVmsjl5Xc+XckFPYIX2LlHlF
MD5:	FD6A09A6EE6A0AFF89674EA8ECF99B0C
SHA1:	F42B719DBEFC698FD73BCDBED48F2BEC03E6747D
SHA-256:	C3ADDF2192BB2D733671C3871B1F5D1AA1A0F2155D7B8F2D5E92CAE9CCC17E81
SHA-512:	04BC673BF03ECE47560E9EE94DC49DB21D78FDC9F5E4337AAD30650B5787CFF6D1840DBB1AD8B3B44D97DCC08D273177439129F8DB626D9D940B8F34020FFBC9
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.5546740950060847
Encrypted:	false
SSDEEP:	48:7MeljXc+XcGNFlRYIX2v3kUloqFl2GL7msY:7lljXc+XckFPYIX2TloKVmsY
MD5:	152E2DAB99BF4D7DBB96E84222D16D13
SHA1:	CDD641836A6702DC4DFE218BDE615BCACBE78CC6
SHA-256:	D9E3CFC6745CB89C7879B70402B9E0DAC0B70CBE77F6DE7D818F04E03CD7A4C5
SHA-512:	1D067D8640855E2D0D077C5212813B38887F3A8C30B71792C1FD9083213916EF4B3AD691E605B680A2DDB647AB4F267E45D9162A9DF05FE53570D9017575F97E
Malicious:	false
Preview:	.... .c......E.X..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b...b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI2f4f0.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.482672224739532
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8ErOqRIlH:Qw946cPbiOxDlbYnuRK49
MD5:	A269144BE909A60F3C5BBD7BE5E2FA47
SHA1:	C34A066ECD0238EBAA7E15F6ECDFF02421EB93D6
SHA-256:	BF1A0DFCC469CA332B52C5D09A15BAD60F611403E35941F0E7EDEDFA1A7F5DE1
SHA-512:	6C2AB531D84AA8B8FA36F1EA60BCA46269678213F6EF27BEB3842FE5C1DAAC60C76FF6DAF7DC3B517576EA00E1462D31126A2704A14BE30A1B56CB758CFB79B6
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.0./.1.0./.2.0.2.4. . .1.4.:.2.4.:.2.1. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A912gnvb5_u8pqvv_4og.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	144514
Entropy (8bit):	7.992637131260696
Encrypted:	true
SSDEEP:	3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
MD5:	BA1716D4FB435DA6C47CE77E3667E6A8
SHA1:	AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
SHA-256:	AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
SHA-512:	65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
Malicious:	false
Preview:	PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..\|....,.A.....Z..a<.C._..../G\|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.\|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r\|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?\|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91ga5xyl_u8pqvw_4og.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.043872558314716
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOkUOJy8UUOJyRLCSyAAO:IngVMre9T0HQIDmy9g06JX0UYyXUYyFR
MD5:	2BF1AD0FC4E89D13F4DD9FCC9BF109C3
SHA1:	9E794FF823760EBD38D99255198F781A3DC2EF33
SHA-256:	DA4D00A95C95213A6AB7BDC53DEC0F8BC2E61E3C923D8AA3D52569D4AF6C3237
SHA-512:	5171CE3C26295BF4FD5A630DE3BBBCC6F66DB692CE2CFCB15C135B5534858D5E838CB4E57CA9FFBF02541C5E1E5042C88772092916C1817180803FF6CA1D9BB0
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<FF49A8C4F0BE8047A0B921B3C9937E08><FF49A8C4F0BE8047A0B921B3C9937E08>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91po0ft0_u8pqvu_4og.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	144514
Entropy (8bit):	7.992637131260696
Encrypted:	true
SSDEEP:	3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
MD5:	BA1716D4FB435DA6C47CE77E3667E6A8
SHA1:	AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
SHA-256:	AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
SHA-512:	65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
Malicious:	false
Preview:	PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..\|....,.A.....Z..a<.C._..../G\|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.\|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r\|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?\|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-10 14-24-11-891.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.338264912747007
Encrypted:	false
SSDEEP:	384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
MD5:	128A51060103D95314048C2F32A15C66
SHA1:	EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
SHA-256:	601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
SHA-512:	55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
Malicious:	false
Preview:	SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.3534823162954215
Encrypted:	false
SSDEEP:	384:0BbI8uhxgJU2ZLryWKzDVzD5zDHzDGbvEhtZPwYvmJ0waSv9ZcL/gtTMGeCbrarp:dRB
MD5:	036A0034A437D8A7B721098974EBF413
SHA1:	BD351F1E3FD9AD0DDFC583B1B4C559A9598B809A
SHA-256:	993EEC69DF89B077BBA63445661D0DEC2560ECBE15A3BB36B27E5FA9C5172318
SHA-512:	CA199872B9B72BA4A766437E99221CC088D984DD8E0C077B0268CEA26E3EE0C169CBFAA5DEA2C3CB36DDF0F288F242424A9D90B9CCB79B6BD116E23284FC8AC1
Malicious:	false
Preview:	SessionID=097036eb-f8e3-4f59-8488-146153dd7df4.1728584651903 Timestamp=2024-10-10T14:24:11:903-0400 ThreadID=3744 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=097036eb-f8e3-4f59-8488-146153dd7df4.1728584651903 Timestamp=2024-10-10T14:24:11:905-0400 ThreadID=3744 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=097036eb-f8e3-4f59-8488-146153dd7df4.1728584651903 Timestamp=2024-10-10T14:24:11:905-0400 ThreadID=3744 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=097036eb-f8e3-4f59-8488-146153dd7df4.1728584651903 Timestamp=2024-10-10T14:24:11:905-0400 ThreadID=3744 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=097036eb-f8e3-4f59-8488-146153dd7df4.1728584651903 Timestamp=2024-10-10T14:24:11:906-0400 ThreadID=3744 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.390553425872183
Encrypted:	false
SSDEEP:	192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcb4IcbEI9FcbZ:V3fOCIdJDeuH9K
MD5:	063BC5953008C854B0D3AAA31F4DF311
SHA1:	D566E92DA570578A7794AAB793DDFFD35F374A8C
SHA-256:	8B6194A3157262453A584F79C2F3B2D32962A8AB8483A6B31B7D34B651E89CD1
SHA-512:	931853884C8BF4F74C0352A909A4CF3B0C52EA6B017090E2DDCA7F599F0E501618539007A192E426D995A72F5A7724AA023901D20EDB8A713814301C44A26147
Malicious:	false
Preview:	05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : *************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***********************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\1eafc0fa-6503-4781-8f8d-0fa723d5f7f4.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\abc2eff6-9386-4517-ba24-d0dba47799d3.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\b5b08139-a438-4e26-b3f1-04f2b56a95ff.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/259WL07oXGZfQYIGNPZdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:O59WLxXGZ4ZGH3mlind9i4ufFXpAXkru
MD5:	AE6E9264D4A736DE180485A2DD226988
SHA1:	C215EFFC5901F2971FEE7EB6E4E6DEF379BA852A
SHA-256:	6046FD0CF7BDD907456690FA143FF9570B3F94FB4B4F408EFDBC55F9DEB4D1D2
SHA-512:	F9C92F634090DA4550B42EFC3199E30858307C44E8EEAC113475E69F363DCEA7C6B27C6FC39F0256FACB0B667E43EF88529EFCFC2E0572C87D6CC53B2816E0F4
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\fa8b1f57-f508-4432-8cab-0340c27ae129.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9UQ:O3Pjegf121YS8lkipdjMMNB1DofjgJJs
MD5:	411E1D966EDAB90136CB7B3581B3DD2D
SHA1:	650E5BF319B35D52B6AD00A3C45F3153E061A687
SHA-256:	C4AF78A233EAD1866C70361FA9F8287D7297FEF19138B4C4885249658B6EEC4D
SHA-512:	920F575BCE6933F64A7367B22C80BB04EE367B29CC5C12C82C494620727B69828AE26EB6CD3A4E3B4D6196017E06D8514C686D5CE89B6CACF1B9B0A06718B6AB
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.66829583405449
Encrypted:	false
SSDEEP:	3:So6FwHn:So6FwHn
MD5:	DD4A3BD8B9FF61628346391EA9987E1D
SHA1:	474076C122CACAAF112469FC62976BB69187AA2B
SHA-256:	7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
SHA-512:	FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
Malicious:	false
Preview:	<</Settings [/c <<>>].>>

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	98682
Entropy (8bit):	6.445287254681573
Encrypted:	false
SSDEEP:	1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L
MD5:	7113425405A05E110DC458BBF93F608A
SHA1:	88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF
SHA-256:	7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46
SHA-512:	6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D
Malicious:	false
Preview:	0...u0...\...0....H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240807121815Z..240814121815Z0..~.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!... .}...\|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	737
Entropy (8bit):	7.501268097735403
Encrypted:	false
SSDEEP:	12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa
MD5:	5274D23C3AB7C3D5A4F3F86D4249A545
SHA1:	8A3778F5083169B281B610F2036E79AEA3020192
SHA-256:	8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97
SHA-512:	FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574
Malicious:	false
Preview:	0...0.....0....H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..240806194648Z..240827194648Z.00.0...U.#..0.......q]dL..g?....O0...U........0....H.............vz..@.Nm...6d...t;.Jx?....6...p...#.[.......o.q...;.........?......o...^p0R.......~....)....i.n;A.n.z..O~..%=..s..W.4.+........G...*..=....xen$_i"s..\...L..4../<.4...G.....L...c..k@.J.rC.4h.c.ck./.Q-r53..a#.8#......0.n......a.-'..S. .>..xAKo.k.....;.D>....sb '<..-o.KE...X!i.].c.....o~.q........D...`....N... W:{.3......a@....i....#./..eQ...e.......W.s..V:.38..U.H{.>.....#....?{.....bYAk'b0on..Gb..-..).."q2GO<S.C...FsY!D....x..]4.....X....Y...Rj.....I.96$.4ZQ&..$,hC..H.%..hE....

Static File Info

General

File type:	PDF document, version 1.4, 1 pages
Entropy (8bit):	7.673804614608919
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Service INV213351.pdf
File size:	44'492 bytes
MD5:	b76c98650321d07e199293b07669a159
SHA1:	d7cf87ceb3e083214473abfa64abae3871e2bf36
SHA256:	e6795c7ecb90875cd60496c3361c55182c58266caa2e2e7695552491481f79fc
SHA512:	6b0f4da640cd8bccf53c1a7161253a4979989fd029c914bf04d8394aa4d7d77184cdefe16bcfc8b288ac2aead279cf8d258d3a4a54a66e6fda70c924c093564f
SSDEEP:	768:lFKffNrL/Ih+8tFCGeUy+/QGHuC+mJUpE2MAcrbojcdafgmDTl:lcrch+8PReUx/ZuCvJLNAIb2cds/l
TLSH:	8913AFB5F99E9C8DF4E3839252653D8F88FDF21242D4A5E130740E56FD0068A9B326DA
File Content Preview:	%PDF-1.4.1 0 obj.<<./Title (..)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (...Q.t. .4...8...7)./CreationDate (D:20241010174130Z).>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>>.endobj.4 0

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.673805
Total Bytes:	44492
Stream Entropy:	7.918278
Stream Bytes:	35503
Entropy outside Streams:	5.160559
Bytes outside Streams:	8989
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	58
endobj	58
stream	17
endstream	17
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 3268, Parent PID: 4004

General

Target ID:	0
Start time:	14:24:08
Start date:	10/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Service INV213351.pdf"
Imagebase:	0x7ff651090000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 3212, Parent PID: 3268

General

Target ID:	2
Start time:	14:24:09
Start date:	10/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff70df30000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 3576, Parent PID: 3212

General

Target ID:	4
Start time:	14:24:11
Start date:	10/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2244 --field-trial-handle=1508,i,16701083651804924548,11225176438331712936,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff70df30000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Service INV213351.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\63653ab9-4e36-4ac7-82aa-48baf44f57a8.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\985ceea7-c7e0-4d55-b1df-7cb8b0c9e9a7.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF532249.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241010182415Z-218.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Windows Analysis Report
Service INV213351.pdf