Edit tour

Windows Analysis Report
W9.pdf

Overview

General Information

Sample name:	W9.pdf
Analysis ID:	1531115
MD5:	585bda4766885da586b18675b74c1eef
SHA1:	38eaef40ad8ff7788cc6aabd5f1ae55806e2b622
SHA256:	3068b530b08cc4a0607eecc7f2d1e027c9a4097bdc09fc2a2d4f70c0f7b031cf
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

IP address seen in connection with other malware

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 2556 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\W9.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 1440 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7236 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1656,i,7361816341777172123,18159337111518636409,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Joe Sandbox View

IP Address: 23.195.76.153 23.195.76.153

Source: W9.pdf	String found in binary or memory: http://pki-crl.symauth.com/ca_7a5c3a0c73117406add19312bc1bc23f/LatestCRL.crl07
Source: W9.pdf	String found in binary or memory: http://pki-ocsp.symauth.com0
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.dr	String found in binary or memory: http://x1.i.lencr.org/

Source: classification engine

Classification label: clean0.winPDF@14/51@0/1

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\A913uypll_12n0xpy_4xo.tmp

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\W9.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1656,i,7361816341777172123,18159337111518636409,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1656,i,7361816341777172123,18159337111518636409,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: W9.pdf	Initial sample: PDF keyword /JS count = 0
Source: W9.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A913uypll_12n0xpy_4xo.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A913uypll_12n0xpy_4xo.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0
Source: A93sodhp_12n0xq0_4xo.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A93sodhp_12n0xq0_4xo.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0
Source: A91xsjxkz_12n0xq1_4xo.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A91xsjxkz_12n0xq1_4xo.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: W9.pdf

Initial sample: PDF keyword stream count = 100

Source: A913uypll_12n0xpy_4xo.tmp.0.dr

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: W9.pdf

Initial sample: PDF keyword /ObjStm count = 16

Source: W9.pdf

Initial sample: PDF keyword endstream count = 100

Source: W9.pdf

Initial sample: PDF keyword obj count = 184

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://x1.i.lencr.org/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://pki-crl.symauth.com/ca_7a5c3a0c73117406add19312bc1bc23f/LatestCRL.crl07	W9.pdf	false		unknown
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.2.dr	false	URL Reputation: safe	unknown
http://pki-ocsp.symauth.com0	W9.pdf	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.195.76.153	unknown	United States		2914	NTT-COMMUNICATIONS-2914US	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1531115
Start date and time:	2024-10-10 21:29:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	W9.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/51@0/1
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 95.100.50.221, 18.207.85.246, 107.22.247.231, 54.144.73.197, 34.193.227.236, 172.64.41.3, 162.159.61.3, 104.76.201.34, 2.19.126.143, 2.19.126.149, 192.168.2.5, 23.44.133.32
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtCreateFile calls found.
VT rate limit hit for: W9.pdf

Simulations

Behavior and APIs

Time	Type	Description
15:30:19	API Interceptor	1x Sleep call for process: AcroCEF.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
23.195.76.153	Atlanta Office Interiors #024-010.pdf	Get hash	malicious	Unknown	Browse
	Contract_Agreement_Monday October 2024.pdf	Get hash	malicious	Unknown	Browse
	Open 99 Restaurants Benefits Enrollment.pdf	Get hash	malicious	HTMLPhisher	Browse
	DOC-72212087.pdf	Get hash	malicious	HTMLPhisher	Browse
	[EXTERNAL] Complete with AdobeSignPDF_ Approve and Sign TRCOT.eml	Get hash	malicious	Unknown	Browse
	Secured Doc-[uiC-22723].pdf	Get hash	malicious	HTMLPhisher	Browse
	Secured Doc-[qnz-33059].pdf	Get hash	malicious	HTMLPhisher	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
NTT-COMMUNICATIONS-2914US	AGjaVihni8.elf	Get hash	malicious	Mirai, Gafgyt	Browse	129.251.78.42
	79VAlgfTk8.elf	Get hash	malicious	Mirai	Browse	204.142.72.3
	na.elf	Get hash	malicious	Unknown	Browse	209.39.2.117
	pqb9xEwv5y.elf	Get hash	malicious	Unknown	Browse	209.189.55.222
	na.elf	Get hash	malicious	Unknown	Browse	202.47.26.208
	na.elf	Get hash	malicious	Mirai	Browse	206.58.73.195
	X309qRfJAl.elf	Get hash	malicious	Mirai	Browse	205.26.156.117
	gkjeNrdkot.elf	Get hash	malicious	Mirai	Browse	207.241.110.197
	BpcC8hBhCN.elf	Get hash	malicious	Mirai	Browse	205.45.106.64
	f8fKadLyb4.elf	Get hash	malicious	Mirai	Browse	209.107.24.167

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.174065326024868
Encrypted:	false
SSDEEP:	6:JWAAq2P92nKuAl9OmbnIFUt8WYwXZmw+WmFkwO92nKuAl9OmbjLJ:JWAAv4HAahFUt8W//+W65LHAaSJ
MD5:	80EA228BAD796D822174D04879EFEA1A
SHA1:	2BE4BBA6242950A41EE3DB3B85199B920E5D729B
SHA-256:	BB754C6CCF303C798F5BC99982566AE5D8B550B79D3B49F61B3DD4094ABC2713
SHA-512:	3D592BABD47096FBBD3FA9A85D90BBF0E117C7A073792F84C8D623C6F4F8A588C7A5EA79587FE3DBA88E6D63710DC3D8D07654E1B031BBE6E3E78573A2BEC50A
Malicious:	false
Reputation:	low
Preview:	2024/10/10-15:30:06.496 c40 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/10-15:30:06.498 c40 Recovering log #3.2024/10/10-15:30:06.499 c40 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.174065326024868
Encrypted:	false
SSDEEP:	6:JWAAq2P92nKuAl9OmbnIFUt8WYwXZmw+WmFkwO92nKuAl9OmbjLJ:JWAAv4HAahFUt8W//+W65LHAaSJ
MD5:	80EA228BAD796D822174D04879EFEA1A
SHA1:	2BE4BBA6242950A41EE3DB3B85199B920E5D729B
SHA-256:	BB754C6CCF303C798F5BC99982566AE5D8B550B79D3B49F61B3DD4094ABC2713
SHA-512:	3D592BABD47096FBBD3FA9A85D90BBF0E117C7A073792F84C8D623C6F4F8A588C7A5EA79587FE3DBA88E6D63710DC3D8D07654E1B031BBE6E3E78573A2BEC50A
Malicious:	false
Reputation:	low
Preview:	2024/10/10-15:30:06.496 c40 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/10-15:30:06.498 c40 Recovering log #3.2024/10/10-15:30:06.499 c40 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.1592828110408515
Encrypted:	false
SSDEEP:	6:JhgcM+q2P92nKuAl9Ombzo2jMGIFUt8W+UENJZmw+W+WdEcMVkwO92nKuAl9OmbX:JfM+v4HAa8uFUt8W+lX/+W+WdpMV5LHA
MD5:	42A134161034EE41E5180CCCDC8EC89E
SHA1:	76D5A81B562327B6332C6DEA50AFDA31AE2EB3E7
SHA-256:	D90217401C3899E823E993527D8D90551C2C561FBEAE9351DBB097109ADEEBA0
SHA-512:	8C0EE355C1DD4B7C290A1F766180505CED9742A46B711661610DFC1BF6933F00EA4704E36DB7577AE0A0906EC7597EBD395308FFB48CE2845126960210353B2B
Malicious:	false
Reputation:	low
Preview:	2024/10/10-15:30:06.578 1c6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/10-15:30:06.581 1c6c Recovering log #3.2024/10/10-15:30:06.583 1c6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.1592828110408515
Encrypted:	false
SSDEEP:	6:JhgcM+q2P92nKuAl9Ombzo2jMGIFUt8W+UENJZmw+W+WdEcMVkwO92nKuAl9OmbX:JfM+v4HAa8uFUt8W+lX/+W+WdpMV5LHA
MD5:	42A134161034EE41E5180CCCDC8EC89E
SHA1:	76D5A81B562327B6332C6DEA50AFDA31AE2EB3E7
SHA-256:	D90217401C3899E823E993527D8D90551C2C561FBEAE9351DBB097109ADEEBA0
SHA-512:	8C0EE355C1DD4B7C290A1F766180505CED9742A46B711661610DFC1BF6933F00EA4704E36DB7577AE0A0906EC7597EBD395308FFB48CE2845126960210353B2B
Malicious:	false
Reputation:	low
Preview:	2024/10/10-15:30:06.578 1c6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/10-15:30:06.581 1c6c Recovering log #3.2024/10/10-15:30:06.583 1c6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9d79854b-682e-4cce-a037-ae7e4104cbac.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	508
Entropy (8bit):	5.052567248163298
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqyOEsBdOg2HKgcaq3QYiubxnP7E4T3OF+:Y2sRdswpdMHC3QYhbxP7nbI+
MD5:	206DE56D2CEB4FEFFEE812E74F8B9EB6
SHA1:	BC39B7BCA906003ECC56D57AFF21702A09C4A94A
SHA-256:	E3F194C0661F722262916C49C45B1DA93490D097FF822E6EBB8933B8EDA6332A
SHA-512:	58FC84859A7A77A3DFD0A1D43FB9722A884276CEABC8AB9197B5506684C46E1FA5528F6C1D12B44109E959403C39BD85C6C3E1AF2068828F2FDC42A64FF86429
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13373148619161583","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":370346},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.052567248163298
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqyOEsBdOg2HKgcaq3QYiubxnP7E4T3OF+:Y2sRdswpdMHC3QYhbxP7nbI+
MD5:	206DE56D2CEB4FEFFEE812E74F8B9EB6
SHA1:	BC39B7BCA906003ECC56D57AFF21702A09C4A94A
SHA-256:	E3F194C0661F722262916C49C45B1DA93490D097FF822E6EBB8933B8EDA6332A
SHA-512:	58FC84859A7A77A3DFD0A1D43FB9722A884276CEABC8AB9197B5506684C46E1FA5528F6C1D12B44109E959403C39BD85C6C3E1AF2068828F2FDC42A64FF86429
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13373148619161583","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":370346},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4509
Entropy (8bit):	5.24274960891647
Encrypted:	false
SSDEEP:	96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUkbgVGZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLF
MD5:	F024D0E0D5BBA7D1104F3B7C04955840
SHA1:	BB704556955F344A8438A24AABE01834B5B11895
SHA-256:	721696CD9A5A8EEF3B9B663485CFB57536194380A27B730097C183B64BFABE2F
SHA-512:	13DA908201E17F81EE2B38D9D36AA55D6594D89C5BF48DD7932CD747C9B0A363714F465ABAC1BCB90EC0DB6D9051897AF18285BB02BEF071136FA31DC8A97F39
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.\|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.153182416177477
Encrypted:	false
SSDEEP:	6:JSrcM+q2P92nKuAl9OmbzNMxIFUt8WSCJZmw+WSCcMVkwO92nKuAl9OmbzNMFLJ:JSYM+v4HAa8jFUt8WSc/+WSXMV5LHAab
MD5:	7FF1A7FF8620166E3093E45376033D23
SHA1:	82FB52B505D89152AEB76C75F3D01A6A57357A84
SHA-256:	AD31A52B0DC276539441AF77578C394EE0E2EC933420FB2816BC45F118805220
SHA-512:	D74D4026018E30E7FBAEBCA798AA972AE5100F2C4D69D15203FCDF210C0C210EE20D81E10C05178B594DEBB63A1FCB0C81E7A7C5BBB6F33FD327AE58BBEFC9AD
Malicious:	false
Reputation:	low
Preview:	2024/10/10-15:30:06.725 1c6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/10-15:30:06.726 1c6c Recovering log #3.2024/10/10-15:30:06.726 1c6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.153182416177477
Encrypted:	false
SSDEEP:	6:JSrcM+q2P92nKuAl9OmbzNMxIFUt8WSCJZmw+WSCcMVkwO92nKuAl9OmbzNMFLJ:JSYM+v4HAa8jFUt8WSc/+WSXMV5LHAab
MD5:	7FF1A7FF8620166E3093E45376033D23
SHA1:	82FB52B505D89152AEB76C75F3D01A6A57357A84
SHA-256:	AD31A52B0DC276539441AF77578C394EE0E2EC933420FB2816BC45F118805220
SHA-512:	D74D4026018E30E7FBAEBCA798AA972AE5100F2C4D69D15203FCDF210C0C210EE20D81E10C05178B594DEBB63A1FCB0C81E7A7C5BBB6F33FD327AE58BBEFC9AD
Malicious:	false
Preview:	2024/10/10-15:30:06.725 1c6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/10-15:30:06.726 1c6c Recovering log #3.2024/10/10-15:30:06.726 1c6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241010193010Z-234.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.6695507626220603
Encrypted:	false
SSDEEP:	96:w1oZMqX8efH1MyTDMT3M4M3qAM4MtehMM47zFiM6MMrMMx6XgMMMMM4YfI4MM1MR:3j8oA9iqzFgT
MD5:	2A5FB82DC4D84091D5A54BD84F2BDD95
SHA1:	177FC52732540D07A53A16803482D828F7010504
SHA-256:	D771D7665B99334820D8878ECE4264100548ABFE314CD5DADBCD5266DA0B4B88
SHA-512:	42D9085DED64F7F85F235C3866B9977F7185487F485C84A71CA87E385E90241CD94B48C16834A6835BDC0B4D7C3B239549A5C26DEFD7C41B182989E533C0467C
Malicious:	false
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 4, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	3.293514653167849
Encrypted:	false
SSDEEP:	192:PedRBHVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:PeNci5H5FY+EUUUTTcHqFzqFP
MD5:	DDF0FB46B0B9DF57FE54D1065AAC394B
SHA1:	F518AD33F28A2C6C953BE25D1723CE63011A8251
SHA-256:	30F14CCBEB350BB3CC4DFE02D7399C4E2E3DB99CC2C846BECA16AC79194E5926
SHA-512:	0CA7509AE4E2CC4DD7FEA18C6B83AD493805737092C8FFE3769504932EBF5A54D033E55A0D0EEF2FE340C16B2A8DE7267A38438522BC570EF87FC4C5FF945253
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	2.212980696272765
Encrypted:	false
SSDEEP:	24:7+tqywKXWqLKzkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9MzU:7M5XWqOmFTIF3XmHjBoGGR+jMz+Lh1
MD5:	201F14C4E586D52902E4C1FC94E085A9
SHA1:	40D694E9DBBC24163EF2EAB55CF9B92E04832C6B
SHA-256:	C351847962E1968DFAEF50B876AD2B31A02A4A99C2768E9C3A260462CD5D8AC6
SHA-512:	222ED40B16D476AD3847854EA3990112B8A769678CF37656CF0F3E0CBCD4F8DF03AF78E0CE564449E508D633840674DE228FC3DA1631E009703B4E2C2FB60CA6
Malicious:	false
Preview:	.... .c.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.7673182398396405
Encrypted:	false
SSDEEP:	3:kkFklgI+bNllltfllXlE/HT8kFlZNNX8RolJuRdxLlGB9lQRYwpDdt:kK5I+l/eT8ul3NMa8RdWBwRd
MD5:	0A779A9FDC6536261D43FFB2E3594830
SHA1:	F72FDC62962D2E2DFD4707671363A817387201F5
SHA-256:	8FD05A64FACE4E64A04E3A62B60201AEF5648D38F381D983937E13B076FD01FC
SHA-512:	20DB9538848D3B18D6DA07617F737D61A64DE5B9F707BB5755A5B42D7E53451B393850A8C0BA8C1B5CB637895EBEC5D37379E3C5C8474FAB1E0AB12501992647
Malicious:	false
Preview:	p...... .........j.J...(....................................................... ..........W....u...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.370945956790068
Encrypted:	false
SSDEEP:	6:YEQXJ2HXKfcIDqHx+FIbRI6XVW7+0YGdVJqoAvJM3g98kUwPeUkwRe9:YvXKXKUkYUYpW7pJZGMbLUkee9
MD5:	6321CE2C13AE2F2EFFDA12DDA198CB94
SHA1:	899D6F0894C306B7144D9A9450CEFD2434A5E598
SHA-256:	44CDF5A85B2B1ADA7A8576FB08BFB4493CF1078E7EB823A80F35104E2BE81B56
SHA-512:	DA3A70B99AE51FC6031BEEF2036B515BE5C35B3B7C2D230CD2BF763552D933B06589F2F3E588CB3F6C26EC5462F5B5181A3939A1E82BF9C3C6E988752CC6B9B6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f5d70839-ef73-4b1f-9884-f2de5853458d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728763993050,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.308878318572079
Encrypted:	false
SSDEEP:	6:YEQXJ2HXKfcIDqHx+FIbRI6XVW7+0YGdVJqoAvJfBoTfXpnrPeUkwRe9:YvXKXKUkYUYpW7pJZGWTfXcUkee9
MD5:	F044E92F0850C9F1E4F011D79CF0D771
SHA1:	57D917D7A5BDF48C5B920CADAA5F985DD8BF47DC
SHA-256:	F81CC6266B97398600645E5C817E4AA288785066F0FA33A770B57540DE9DC4F7
SHA-512:	1E85E5B4062D399A7923CD61FAC57B5B88A2EBEAE9ACF7338E5169869AA679BD933D90F56F5C06F326A3CA645AEF2D92B5C4115C1605371B19F58D869CAAF04B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f5d70839-ef73-4b1f-9884-f2de5853458d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728763993050,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.2883648877094815
Encrypted:	false
SSDEEP:	6:YEQXJ2HXKfcIDqHx+FIbRI6XVW7+0YGdVJqoAvJfBD2G6UpnrPeUkwRe9:YvXKXKUkYUYpW7pJZGR22cUkee9
MD5:	033A290A8F8B0EB04A5EE534CD757AC1
SHA1:	92221C47C129320CAECD940864D1E3057A84275C
SHA-256:	FC836A672F07F4E5D351FD697D6C8CEEB4D85730DE368B2AAB5BD479F66F4C3D
SHA-512:	D628A1F428005C09203717C6B0BF5CBD41D2D381652EEACEB221A87B52D73E9591F99B6BB5FF92BC843FDA183922FF20A573F5A51252CC01FAEFFC9C7FCAE334
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f5d70839-ef73-4b1f-9884-f2de5853458d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728763993050,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.350104889548316
Encrypted:	false
SSDEEP:	6:YEQXJ2HXKfcIDqHx+FIbRI6XVW7+0YGdVJqoAvJfPmwrPeUkwRe9:YvXKXKUkYUYpW7pJZGH56Ukee9
MD5:	041EFFD4D9232B5B4FA9BA89817C8621
SHA1:	E7985689271978C33DC4DA9A11870E036058C01D
SHA-256:	9E734B43C03570CA0EC78D77B9276795033D01D58338E251A226C7C268FC6D8D
SHA-512:	DCE5DA749E33785E9BD0FAEEC662DC695C8D110A69F499119A2B85F07028E4727BF0C8FD6A20D4482B0FBF21CAAED39282391BE0C5778148ACB68CFB5214706C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f5d70839-ef73-4b1f-9884-f2de5853458d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728763993050,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1083
Entropy (8bit):	5.681222241062549
Encrypted:	false
SSDEEP:	24:Yv6XRipspLgE6c3UDx7nnl0RCmK8czOCY4wgSg:Yvf+hg1JaAh8cvYvFg
MD5:	5F47B5268AD0FD0984BC07D4FD688537
SHA1:	AE1DE40DAFF6A83A5942A198AC8E6B4850F0C613
SHA-256:	5A436B84E69F8E8FD7381DAD5B42A893907EF4D7C62655276E6EA5734FFF160A
SHA-512:	2BB43660271D480F9921B755540323A244376EE790491BF552CD1A80F4619EA05A254060E8A49A4D150421C408BA586F0D9662A2EFF8C178EDCAC554334E846E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f5d70839-ef73-4b1f-9884-f2de5853458d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728763993050,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_2","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"22b145c0-22bc-4bba-811f-7234f288595b","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjoiUkdTMDM1MS1FTlUtQ29udHJvbCJ9","dataType":"applicatio

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.654294683037266
Encrypted:	false
SSDEEP:	24:Yv6XRipGVLgEF0c7sbnl0RCmK8czOCYHflEpwiV5:YvfoFg6sGAh8cvYHWpwg
MD5:	3C1670D7C714048472EAED662AF52EC3
SHA1:	86CE41AAC2E3EAE3EBAC60D36C7C7DD41B8E093B
SHA-256:	EF1A28FC0E7E6595335886E8F613F03FDF04054E59D982DBCB69A1FBEA61E85C
SHA-512:	C19EF11D4310AF1B6A3C4FF9B2AE82688921F0726FEB11E6F0322E4FD0930A613AA97ACD5CA366AC5AB2B0E0E1BF8E3A4B5A201014CDD191DAEA4F27E7E379BA
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f5d70839-ef73-4b1f-9884-f2de5853458d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728763993050,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.295751439126137
Encrypted:	false
SSDEEP:	6:YEQXJ2HXKfcIDqHx+FIbRI6XVW7+0YGdVJqoAvJfQ1rPeUkwRe9:YvXKXKUkYUYpW7pJZGY16Ukee9
MD5:	5C6F70ADB8CA597626D3810E6D271B8B
SHA1:	D55B0AC69DE01A08E0B6D7D71076281B0B871015
SHA-256:	6B2E10D052D3CE4EEAB5B59F17A6E590361CEF225AA1312B8A2A9955879B5FEF
SHA-512:	3D603594818A363DB32DA439259D28FBB7F9A1A6236CCF28C485EEB99DE6034BA8F1FE355004BE3DD0536BAEDBC166EE8A48B3E99830BFF6406420A9DAE3896C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f5d70839-ef73-4b1f-9884-f2de5853458d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728763993050,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1062
Entropy (8bit):	5.6906592935580225
Encrypted:	false
SSDEEP:	24:Yv6XRipz2LgE4cq/S70nl0RCmK8czOCAPtciGSg:Yvftog9ohAh8cvA3g
MD5:	B20C7118FFA2756A32EF5011C5E98522
SHA1:	61624BB403693B605C4FB753637BE59A05E4AAD8
SHA-256:	7AACE0B6EC460635049FB77F07A8E3D468742C22AC00F20E3CE2A22972B24636
SHA-512:	B710A2F98E94B8FC73A3C5BC4FD4D411C8033E6FEF7801936C679BB7BFA6A20F5005A7DA86447814725A74A50F0999D8752C8261EB8CBD1003832BAF849EB70A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f5d70839-ef73-4b1f-9884-f2de5853458d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728763993050,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_0","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"58886bd3-acd7-4f84-ae2e-6684bc127c41","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNvbnRyb2wifQ==","dataType":"application\/json","encodingSch

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.704458819870214
Encrypted:	false
SSDEEP:	24:Yv6XRip/KLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK55:YvfFEgqprtrS5OZjSlwTmAfSKP
MD5:	77AA407A0A5780E65AA3477B750A1766
SHA1:	4195A4B1047861D446A22981857E0F4FB479AFA5
SHA-256:	905ADEB1A41AABCC10BB0CCD8BABE82AEFBF3389FC39BE6120B86B27AFEF667F
SHA-512:	5AFDA2A123D9883B672F2BCF3D8DDD1E74C4E801C36AFAAB175EAAA41AF0DECE67B3ACF13F0F9E56C1AA5E8BD7EB16A68B21E387A12A8D5198FC8CB39BC90C2A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f5d70839-ef73-4b1f-9884-f2de5853458d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728763993050,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.302285405227218
Encrypted:	false
SSDEEP:	6:YEQXJ2HXKfcIDqHx+FIbRI6XVW7+0YGdVJqoAvJfYdPeUkwRe9:YvXKXKUkYUYpW7pJZGg8Ukee9
MD5:	0C3D96949EC5A965DDD7910AA476A166
SHA1:	D66C92039F10EAE0708F5C2B4ABD8837E18F9AE9
SHA-256:	B7BD66D0CBF9BE5E9C4910A23752B27AE678139C2558CF0F01C9B5A330888100
SHA-512:	F87B5B7A7C9096820F013C0D5F1B7AE88F1C89D85888E37CF8DD45992F05DA03F4692493930247D65D8C97A9293BEE8EBBD29A5FB34CE81E8556AC8FC0F79267
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f5d70839-ef73-4b1f-9884-f2de5853458d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728763993050,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.779267806143197
Encrypted:	false
SSDEEP:	24:Yv6XRipCrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNB:Yvf4HgDv3W2aYQfgB5OUupHrQ9FJP
MD5:	260880A66A0F31A418E72A919EBE0A06
SHA1:	69968F8640953DEE71E71C4C3CFC0C77CBC89DA6
SHA-256:	A94E278B39E0197D2C5A507D65F784C8DF7962A0EA3EEE9FBED34F53951C695A
SHA-512:	27F7E2ACEED04BB0E1BCA3415B5D4E14DE633E9BA6213D35F5058715BE3BC3D29DB9560791032D2FF674CDE98FFFD1EADF994DD1ED9A9100B96E799F1E4A5860
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f5d70839-ef73-4b1f-9884-f2de5853458d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728763993050,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.285816795648661
Encrypted:	false
SSDEEP:	6:YEQXJ2HXKfcIDqHx+FIbRI6XVW7+0YGdVJqoAvJfbPtdPeUkwRe9:YvXKXKUkYUYpW7pJZGDV8Ukee9
MD5:	C26DE12A99D90E35BA4B2F1E36F894D0
SHA1:	401BD62F93AA9EDA8E22D09D2D7BEEC280FE4BE9
SHA-256:	4309780F6C3FE324806B390808AEB840BF54867828F8C815CD0036F22C14525E
SHA-512:	F478A721D285030923057623553822A4C7DFA85069FAC6152E89E82A0F60078BDF2AC8D5958A53E1F805D0A7CAC2F625607020D06D5AD46552FEE92DCE3356EF
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f5d70839-ef73-4b1f-9884-f2de5853458d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728763993050,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.2868718982629055
Encrypted:	false
SSDEEP:	6:YEQXJ2HXKfcIDqHx+FIbRI6XVW7+0YGdVJqoAvJf21rPeUkwRe9:YvXKXKUkYUYpW7pJZG+16Ukee9
MD5:	FBBE75747F76901B02F1823B3CCDB307
SHA1:	B882946A79A3F06BC8BC5246D4786EC8E42673E2
SHA-256:	BC44AC7FC45733DAE29DE3310EBBBF0231A7B30B24596F370CB048D3DB3C0460
SHA-512:	5C0B7BC7D64C20D2DA777A7A19B6845F709DE5531027A906EC48509426ACB890C395C0C0F31662029ACE32E9F96EF53653460D43D139EE41AFFBD73A6BBD32B7
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f5d70839-ef73-4b1f-9884-f2de5853458d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728763993050,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1082
Entropy (8bit):	5.687126299250898
Encrypted:	false
SSDEEP:	24:Yv6XRipYamXayLgE7c9O47Naqnl0RCmK8czOC+w2E+tg8GSg:Yvf8BgZNOAh8cv+NKMg
MD5:	AECDA41EB120429E3540CFB23BA18315
SHA1:	56C4440FB7EA35CCBCF8A357442A77F2F607CBDC
SHA-256:	F6A8854DFF09A16D03E0543900F125A791C32DCA7682BA82FC1EF3BE60C54CBC
SHA-512:	F64790F2AD89D22534DA1C507B73AA75B6D3EBF20B43685FD6A13E63AD53FE0B57A395702B7F3A4FA0036B45F39B523EEC23F2F7775F93F8B7360DBA89567B8A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f5d70839-ef73-4b1f-9884-f2de5853458d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728763993050,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_1","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"a8b11c37-7d39-4b12-9d33-a040ee4d296b","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNvbnRyb2wifQ==","dataType":"application

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.261300246510031
Encrypted:	false
SSDEEP:	6:YEQXJ2HXKfcIDqHx+FIbRI6XVW7+0YGdVJqoAvJfshHHrPeUkwRe9:YvXKXKUkYUYpW7pJZGUUUkee9
MD5:	400AA84DC9260E514D20ECDEFFE46F75
SHA1:	112B71DCF55B731A941841E243D2E360AF582E0C
SHA-256:	0AD24DDCC8740E1E9797DF06A0E76BBA03651A4570A8CB8412C86CECEC4319B7
SHA-512:	87A07A4C32C2F2922CB337A5866B1CA522991F0CF08352A32B0349F416CD160FE62E87F990F09DD10D5161637E0CA53D07332A48A58EC7FB27D71CE4F0ACEA4F
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f5d70839-ef73-4b1f-9884-f2de5853458d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728763993050,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.371625648294804
Encrypted:	false
SSDEEP:	12:YvXKXKUkYUYpW7pJZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWAkr:Yv6XRipn168CgEXX5kcIfANhg
MD5:	C8E42C816EB53C5B810BEB1F2DA960D5
SHA1:	3F6B7F7BA22DAF0EEEFD7741499F452EC37EB5CF
SHA-256:	4A314B39D9E29AD7516FA24BF729CE46ADB7B4C928E9F42B77482CF53EB05D8F
SHA-512:	687BE6BC0EA3B69A919DA0AAFB0BAAEB32AA189D0099D9BB46D966F6E2E648E4E1DE0A93723F63E43C00FBA13DA4BE36B4F7317A503312B772B5B07D4A7DF0BC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f5d70839-ef73-4b1f-9884-f2de5853458d","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728763993050,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1728588613108}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.122023843096026
Encrypted:	false
SSDEEP:	24:Yi2nd2lCsa6aymUBPWECHGUICwDWCVr5KOVurWvS5AC93Xuj2q12LSx7mpQe/jxq:YEnosVW8KIAP9HM9v+QeLxr+b
MD5:	91216150794E3CC852C18CC4422AD0E7
SHA1:	4A898A90F767D3311EA026B52EBFA5C4019CD3BB
SHA-256:	B118DD65C30BD6E223EAF19A2290D02AAF5BCF35913076BF751F03C10FA12ABE
SHA-512:	DDA445B3AAA5F4D14A02B367DFAEF2BDB4FB8F2D7A2704C21A20EB4EF48B1D60EFF9D9C19622664815938550F3B090247872311B278F4435477FBB98390E4AA8
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"0635662d0c8da970b32940fab939ff9d","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1728588612000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"e7f2d5041afa9a1ef222a2aa01d39507","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1728588612000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"16f9a0186bcebd44cb95706b260163a0","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1082,"ts":1728588612000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"4e37c006eaa1c8d4ed7ce3e54b1c0276","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1083,"ts":1728588612000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"68ccc704088d90898c0a087ff4671e23","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1062,"ts":1728588612000},{"id":"Edit_InApp_Aug2020","info":{"dg":"2f924d773aa18925f88757126c340d12","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9990849935223676
Encrypted:	false
SSDEEP:	24:TLKufx/XYKQvGJF7urs1//1RZKCs/Dt9Ej9N6j9sGj9Naj9sMj9Qoj9Qbj9dj9sZ:TGufl2GL7msHtOANWRN2sgdEHS
MD5:	F01A0318A23FD63E8F470CE122B9DC35
SHA1:	AE674AF05D5DBE331AEE8F4A24A8FBEA1E4B4D81
SHA-256:	EECBBAB6BF99E6B4B08DE0209A14973DB97144E792CF2AD8F920049F7D836132
SHA-512:	1616220675595E24EC2B1800B99F7E1950C04F79C60821E63754037806D9132E17E1AC7375FA6AA849BC1A298D7DCC5539C8C708AA8A7D5CA3FDA86D78E0973B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.360620564552382
Encrypted:	false
SSDEEP:	24:7+tg1RZKCs/Ds/SRj9sGj9Naj9sMj9Qoj9Qbj9dj9scqLhx/XYKQvGJF7ursB:7MYtOVrRN2sgdEHJqFl2GL7msB
MD5:	99B5AB9E0B9E58D37EDF76F9A911ADFE
SHA1:	3AD488DEE14F2C6D4DBA50A4C40BBA38C5CB592E
SHA-256:	E2F82CED1BEC567A0507913D99194BA760981928B953FBEF289DE15D088A84D2
SHA-512:	CC79237933EB46DEC94413B5CCC7EE0704A94FA4422FE21FE85FA32BFC44EFAA3A2BBE3D0FE5FE4BD5D266BA663963603ADCEEC2550905C7A4CF48357ED7E6EA
Malicious:	false
Preview:	.... .c........?......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j............<.....r...7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIf07d1.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5085442896850614
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8ErOqTdb:Qw946cPbiOxDlbYnuRKL
MD5:	BF506D7C61B1AEDAE89BB9C8B7027DF4
SHA1:	06A0D608D5DADA1FA087650786180980DA494147
SHA-256:	E4A635C1237AE07A3558BEFE61A670D2011BFF0B5EDF1D37F1FA3E8CA99C0D87
SHA-512:	BB392569546D40F4780417FDDAE9383DA2822DC5E7AAF030254B5234F02025DDC035E2D49B306BFBDD6B8E2AB195FD5BC6768173B044CD733FDD3CC28A627A2B
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.0./.1.0./.2.0.2.4. . .1.5.:.3.0.:.1.5. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A913uypll_12n0xpy_4xo.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.003138901393333
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROODpmdUpm9LCSyAAO:IngVMre9T0HQIDmy9g06JXlpOLlX
MD5:	A53174CB91464AD3BDBEA88D491559E6
SHA1:	98BB26A565CE1FAA26A6DDC38EA7F5019B9913A1
SHA-256:	0A4A80AF46376B4BE05F329128699E5090C73FEA8FA6191348C9195DD55352CA
SHA-512:	5C52FB20CD27F4B38114F90578647E1181E662D89BCB5C0834ACE16C7E355BE3983E2CBA0790D86F756928C3113EADC4F1823BC2B09A54130832DBCAB80D1B40
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<B26788134FBA1040999BB9C09BC0D0E1><B26788134FBA1040999BB9C09BC0D0E1>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91xsjxkz_12n0xq1_4xo.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.079257591508179
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOetXrdtXrgyLCSyAAO:IngVMre9T0HQIDmy9g06JXutXrdtXrJR
MD5:	A681F66632CF4BB7B45FE3439C75F875
SHA1:	6C4262DF19C02E765DF18B0087508328CBBC118A
SHA-256:	AB521BE3E67CCA539E4D6D0789EEB23777B77C95F92D5465B60C28DDDCF5BEF5
SHA-512:	CE5E108F9A4AD39DD4E3A4902941D2D24FB91B77DF6B9048FE042BEAD3D6BAFCF326F377F7887D18A712F6EACBCC67348DC3A7F2951DC7F5C91B0F536D9B6121
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<B8B5E25CAB373C45864A5E4C7636E2C8><B8B5E25CAB373C45864A5E4C7636E2C8>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A93sodhp_12n0xq0_4xo.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.034363725413332
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOUP2TU7vRv/P2TU70bCCSyAAO:IngVMre9T0HQIDmy9g06JXEuTU7vR3uQ
MD5:	C534DB04AF2E087C36A1CB4520558F39
SHA1:	7ADFD8FCCD9292F26B6475621866D5630F677147
SHA-256:	1AE17AA6D44A97B5CB93C89E8FEC71442B37AE1EA99774F99E0BD844832858A0
SHA-512:	3B3C88A316FFD3F12E4758C86F05F1E59F232EE9E48795D9EB23C521AA3FF29C361EEC8E848EFEDAD4481AEFD346ED1DF0B5A2D5A772FFCD713093F5B956F096
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<337997D0EE0D1149ADB3F461868740C6><337997D0EE0D1149ADB3F461868740C6>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A97fekgi_12n0xq8_4xo.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	144514
Entropy (8bit):	7.992637131260696
Encrypted:	true
SSDEEP:	3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
MD5:	BA1716D4FB435DA6C47CE77E3667E6A8
SHA1:	AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
SHA-256:	AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
SHA-512:	65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
Malicious:	false
Preview:	PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..\|....,.A.....Z..a<.C._..../G\|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.\|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r\|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?\|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9isia16_12n0xq9_4xo.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	144514
Entropy (8bit):	7.992637131260696
Encrypted:	true
SSDEEP:	3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
MD5:	BA1716D4FB435DA6C47CE77E3667E6A8
SHA1:	AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
SHA-256:	AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
SHA-512:	65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
Malicious:	false
Preview:	PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..\|....,.A.....Z..a<.C._..../G\|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.\|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r\|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?\|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-10 15-30-09-160.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.376360055978702
Encrypted:	false
SSDEEP:	384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
MD5:	1336667A75083BF81E2632FABAA88B67
SHA1:	46E40800B27D95DAED0DBB830E0D0BA85C031D40
SHA-256:	F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
SHA-512:	D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
Malicious:	false
Preview:	SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.334712821535474
Encrypted:	false
SSDEEP:	384:NGaXyur6LvsE5qUT7ualejyaNmq03W2HDsPlLTVb1Tnl3MBguXSGGbGrOImkbsUv:OtD
MD5:	E647E9FF76CABE7B389A275952795F88
SHA1:	8A1D60143CC5B088982924B5FF6796173150F18A
SHA-256:	98FAF10EDC1EDF6443963917205CF121629C53361CC0721B577082F5287A969A
SHA-512:	FD113529DBABB1686028A35B4C1EC8C6B17BFE5C35E981689CD6C62E6CF479F0F89A8F82D9C14D3316FA4845DE01DDB3FBFD2940B658AA86D1E146F9CCC5999A
Malicious:	false
Preview:	SessionID=3e8b9272-9e46-4e46-88c2-301204ccf6ec.1728588609173 Timestamp=2024-10-10T15:30:09:173-0400 ThreadID=2300 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=3e8b9272-9e46-4e46-88c2-301204ccf6ec.1728588609173 Timestamp=2024-10-10T15:30:09:174-0400 ThreadID=2300 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=3e8b9272-9e46-4e46-88c2-301204ccf6ec.1728588609173 Timestamp=2024-10-10T15:30:09:174-0400 ThreadID=2300 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=3e8b9272-9e46-4e46-88c2-301204ccf6ec.1728588609173 Timestamp=2024-10-10T15:30:09:174-0400 ThreadID=2300 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=3e8b9272-9e46-4e46-88c2-301204ccf6ec.1728588609173 Timestamp=2024-10-10T15:30:09:174-0400 ThreadID=2300 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.393256087004157
Encrypted:	false
SSDEEP:	768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbg:vc
MD5:	210F19A6543982A0B8BC64F348A8F310
SHA1:	9F1F5A9FFDDACFE62B913D5D094EE427143ADA88
SHA-256:	3506E7B7AA33F75558280C946FE9D60108C6718A3A8ABD4D996F282A95D01237
SHA-512:	5A958CADCCE7DB9D0D808112818136183566DC2434C3FB31968F90ED622583C0413CF220F192E5D44BEC24ED9491CDF05906B78D0502EBD0445B40E6E068271D
Malicious:	false
Preview:	04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : *************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***********************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\52e23829-f8a8-4242-84fb-b37acd173191.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\95194c2a-c433-4c99-98e5-bfdb6571f43c.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/M7oMOWLaGZ4ZwYIGNP8dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RVWLaGZ4ZwZGm3mlind9i4ufFXpAXkru
MD5:	E787F9888A1628BE8234F19E8EE26D68
SHA1:	44D5180C06ADBBDAADDBCE350CE4DEC997CD83E5
SHA-256:	3A09F3799148DA49F039A35AEDD22F368FB35B8D6022C4691C10606F704DAF80
SHA-512:	EE9B602898706CC0F33AA570E29A79A58ED748E1B738D74DF0C8C8DF193E23421B47AC8C862623ED774289D94FA90662A4CC436B80479D6420433D81752E9CA9
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\aa28ba6c-76c5-46fa-8334-9588d68563af.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\e30f7f0e-b0f1-42c3-ae13-3d9629233a19.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.66829583405449
Encrypted:	false
SSDEEP:	3:So6FwHn:So6FwHn
MD5:	DD4A3BD8B9FF61628346391EA9987E1D
SHA1:	474076C122CACAAF112469FC62976BB69187AA2B
SHA-256:	7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
SHA-512:	FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
Malicious:	false
Preview:	<</Settings [/c <<>>].>>

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	98682
Entropy (8bit):	6.445287254681573
Encrypted:	false
SSDEEP:	1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L
MD5:	7113425405A05E110DC458BBF93F608A
SHA1:	88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF
SHA-256:	7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46
SHA-512:	6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D
Malicious:	false
Preview:	0...u0...\...0....H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240807121815Z..240814121815Z0..~.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!... .}...\|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	737
Entropy (8bit):	7.501268097735403
Encrypted:	false
SSDEEP:	12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa
MD5:	5274D23C3AB7C3D5A4F3F86D4249A545
SHA1:	8A3778F5083169B281B610F2036E79AEA3020192
SHA-256:	8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97
SHA-512:	FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574
Malicious:	false
Preview:	0...0.....0....H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..240806194648Z..240827194648Z.00.0...U.#..0.......q]dL..g?....O0...U........0....H.............vz..@.Nm...6d...t;.Jx?....6...p...#.[.......o.q...;.........?......o...^p0R.......~....)....i.n;A.n.z..O~..%=..s..W.4.+........G...*..=....xen$_i"s..\...L..4../<.4...G.....L...c..k@.J.rC.4h.c.ck./.Q-r53..a#.8#......0.n......a.-'..S. .>..xAKo.k.....;.D>....sb '<..-o.KE...X!i.].c.....o~.q........D...`....N... W:{.3......a@....i....#./..eQ...e.......W.s..V:.38..U.H{.>.....#....?{.....bYAk'b0on..Gb..-..).."q2GO<S.C...FsY!D....x..]4.....X....Y...Rj.....I.96$.4ZQ&..$,hC..H.%..hE....

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ISO-8859 text, with very long lines (3486), with CRLF, CR line terminators
Category:	dropped
Size (bytes):	14456
Entropy (8bit):	4.2098179599164975
Encrypted:	false
SSDEEP:	192:gcPqYV/saFlwwR+kMqe8TlZMX1sgUVa3ddMVsuNeMcGdSD9obOUAVlcMudM/Y14e:g7Q/X4kMb0lZ6mgtdHOelGdWaolvsTZ
MD5:	32FCA302C8B872738373D7CCB1E75FD4
SHA1:	DA85FAF24ED0ECFD5D69CCFD6286D8B77D7EB4F1
SHA-256:	CD0DD26304B88C20801FE80B33C49C009E2E5D4411B5D7F83252E1D90CD461C6
SHA-512:	57F8CC85FAFB15455074431216E47433E50DF5DE74ED74C395B7FF2C433DB7CE06F0A1C1FE1EFDC17229DBC33325D559789F43901556DD1A12963B94F01D5A1F
Malicious:	false
Preview:	%PPKLITE-2.1.%......1 0 obj.<</PPK<</AddressBook<</Entries[2 0 R 3 0 R 4 0 R 5 0 R 6 0 R]/NextID 1006/Type/AddressBook>>/Type/PPK/User<</Type/User>>/V 65537>>/Type/Catalog>>.endobj.2 0 obj.<</ABEType 1/Cert<308204A130820389A00302010202043E1CBD28300D06092A864886F70D01010505003069310B300906035504061302555331233021060355040A131A41646F62652053797374656D7320496E636F72706F7261746564311D301B060355040B131441646F6265205472757374205365727669636573311630140603550403130D41646F626520526F6F74204341301E170D3033303130383233333732335A170D3233303130393030303732335A3069310B300906035504061302555331233021060355040A131A41646F62652053797374656D7320496E636F72706F7261746564311D301B060355040B131441646F6265205472757374205365727669636573311630140603550403130D41646F626520526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100CC4F5484F7A7A2E733537F3F9C12886B2C9947677E0F1EB9AD1488F9C310D81DF0F0D59F690A2F5935B0CC6CA94C9C15A09FCE20BFA0CF54E2E02066453F3986387E9CC48E0722C624F60112B035DF55EA6990B

Static File Info

General

File type:	PDF document, version 1.7, 1 pages
Entropy (8bit):	7.894578259073223
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	W9.pdf
File size:	219'004 bytes
MD5:	585bda4766885da586b18675b74c1eef
SHA1:	38eaef40ad8ff7788cc6aabd5f1ae55806e2b622
SHA256:	3068b530b08cc4a0607eecc7f2d1e027c9a4097bdc09fc2a2d4f70c0f7b031cf
SHA512:	4da110d2d6016a3ea53f9ad8bcb03fcbc050c9a8dfabef67a342b10fc985fbeb450bb9e3afc539f7c9c5250e1e7ae786feaa08f800ffab622fbcf9a583d1e9e8
SSDEEP:	3072:tTFlQDm7JoYSXqON+OGRyyswW610hUascmQh2h7nU/SQqwCfhfzB5OqcS5qcc:tT8Dm72tXHN4a66i93Qh6HQMhrdRsB
TLSH:	8324E068A61A9C4DDC96C1B2E00CE5D78F9CC1B7361C74811C2C8A5B198AE41F6BB7DF
File Content Preview:	%PDF-1.7.%......1 0 obj.<</AcroForm 2 0 R /Extensions <</ADBE <</BaseVersion /1.7 /ExtensionLevel 11 >> >> /Lang 3 0 R /MarkInfo <</Marked true >> /Metadata 4 0 R /Names 5 0 R /Pages 6 0 R /Perms 7 0 R /StructTreeRoot 8 0 R /Type /Catalog /ViewerPreferenc

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.894578
Total Bytes:	219004
Stream Entropy:	7.996203
Stream Bytes:	181737
Entropy outside Streams:	5.929623
Bytes outside Streams:	37267
Number of EOF found:	3
Bytes after EOF:

Keywords Statistics

Name	Count
obj	184
endobj	184
stream	100
endstream	100
xref	0
trailer	0
startxref	3
/Page	1
/Encrypt	0
/ObjStm	16
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	1
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	7

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 2556, Parent PID: 1028

General

Target ID:	0
Start time:	15:30:02
Start date:	10/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\W9.pdf"
Imagebase:	0x7ff686a00000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 1440, Parent PID: 2556

General

Target ID:	2
Start time:	15:30:06
Start date:	10/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7236, Parent PID: 1440

General

Target ID:	4
Start time:	15:30:06
Start date:	10/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1656,i,7361816341777172123,18159337111518636409,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report W9.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9d79854b-682e-4cce-a037-ae7e4104cbac.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241010193010Z-234.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Windows Analysis Report
W9.pdf