Edit tour

Windows Analysis Report
Coca cola Cooler Confirmation Needed.pdf

Overview

General Information

Sample name:	Coca cola Cooler Confirmation Needed.pdf
Analysis ID:	1531356
MD5:	8b940dcbc76ff901f2fde271632918d2
SHA1:	2b8918245e7f4d02b73ccb36386765b2346d28e4
SHA256:	dd9ed9f0630fa091598320e760ef759b5605761703e7a4131e9351fa09633ba0

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Classification

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 6368 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Coca cola Cooler Confirmation Needed.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 5316 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6648 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2136 --field-trial-handle=1556,i,17739092807775853688,7781390873827754800,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic

DNS query: name: chrome.cloudflare-dns.com

Source: global traffic	TCP traffic: 192.168.2.16:49713 -> 172.64.41.3:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 172.64.41.3:443
Source: global traffic	TCP traffic: 192.168.2.16:49713 -> 172.64.41.3:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 172.64.41.3:443
Source: global traffic	TCP traffic: 192.168.2.16:49713 -> 172.64.41.3:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 172.64.41.3:443
Source: global traffic	TCP traffic: 192.168.2.16:49713 -> 172.64.41.3:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 172.64.41.3:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 172.64.41.3:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 172.64.41.3:443
Source: global traffic	TCP traffic: 192.168.2.16:49713 -> 172.64.41.3:443

Source: global traffic	TCP traffic: 192.168.2.16:49713 -> 172.64.41.3:443
Source: global traffic	TCP traffic: 172.64.41.3:443 -> 192.168.2.16:49713
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 172.64.41.3:443
Source: global traffic	TCP traffic: 172.64.41.3:443 -> 192.168.2.16:49714
Source: global traffic	TCP traffic: 192.168.2.16:49713 -> 172.64.41.3:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 172.64.41.3:443
Source: global traffic	TCP traffic: 192.168.2.16:49713 -> 172.64.41.3:443
Source: global traffic	TCP traffic: 172.64.41.3:443 -> 192.168.2.16:49713
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 172.64.41.3:443
Source: global traffic	TCP traffic: 172.64.41.3:443 -> 192.168.2.16:49714
Source: global traffic	TCP traffic: 192.168.2.16:49713 -> 172.64.41.3:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 172.64.41.3:443
Source: global traffic	TCP traffic: 172.64.41.3:443 -> 192.168.2.16:49713
Source: global traffic	TCP traffic: 172.64.41.3:443 -> 192.168.2.16:49714
Source: global traffic	TCP traffic: 172.64.41.3:443 -> 192.168.2.16:49714
Source: global traffic	TCP traffic: 172.64.41.3:443 -> 192.168.2.16:49714
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 172.64.41.3:443
Source: global traffic	TCP traffic: 192.168.2.16:49714 -> 172.64.41.3:443
Source: global traffic	TCP traffic: 172.64.41.3:443 -> 192.168.2.16:49713
Source: global traffic	TCP traffic: 192.168.2.16:49713 -> 172.64.41.3:443

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713

Source: classification engine

Classification label: clean1.winPDF@17/32@1/10

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6940

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-10 23-26-28-559.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Coca cola Cooler Confirmation Needed.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2136 --field-trial-handle=1556,i,17739092807775853688,7781390873827754800,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding B4426BCB0A38A478D0244B4B4270D38D
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2136 --field-trial-handle=1556,i,17739092807775853688,7781390873827754800,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown

Source: Coca cola Cooler Confirmation Needed.pdf	Initial sample: PDF keyword /JS count = 0
Source: Coca cola Cooler Confirmation Needed.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Coca cola Cooler Confirmation Needed.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	3 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Coca cola Cooler Confirmation Needed.pdf	3%	ReversingLabs
Coca cola Cooler Confirmation Needed.pdf	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
chrome.cloudflare-dns.com	0%	Virustotal		Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
chrome.cloudflare-dns.com	172.64.41.3	true	false	0%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.215.23.211	unknown	United States	20940	AKAMAI-ASN1EU	false
52.5.13.197	unknown	United States	14618	AMAZON-AESUS	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1531356
Start date and time:	2024-10-11 05:25:51 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	Coca cola Cooler Confirmation Needed.pdf
Detection:	CLEAN
Classification:	clean1.winPDF@17/32@1/10
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.215.23.211, 52.5.13.197, 23.22.254.206, 52.202.204.11, 54.227.187.23, 13.95.31.18
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, fe3.delivery.mp.microsoft.com, fs.microsoft.com, slscr.update.microsoft.com, ssl-delivery.adobe.com.edgekey.net, glb.cws.prod.dcat.dsp.trafficmanager.net, p13n.adobe.io, geo2.adobe.com, fe3cr.delivery.mp.microsoft.com

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.21313171893495
Encrypted:	false
SSDEEP:
MD5:	BD7B0809FC9602C3097BEA5B24E6CAAF
SHA1:	EBBD5F5F0F4847AA5350B02E209CFD2409B47E7C
SHA-256:	F758738E88F7B6A3FD0AF3F1BA3D09091C372B4BE6CB3400C09ED6AAD0007CEA
SHA-512:	428DEA3378FC53D9AC194D76533E81E16EB767F77480271EB71164FA1E39237EF46B22EE4228533992017731A84B8A3CE83DAAE923DBA3D6A76ED58941BCBA5E
Malicious:	false
Reputation:	unknown
Preview:	2024/10/10-23:26:29.344 18e8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/10-23:26:29.347 18e8 Recovering log #3.2024/10/10-23:26:29.347 18e8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	BD7B0809FC9602C3097BEA5B24E6CAAF
SHA1:	EBBD5F5F0F4847AA5350B02E209CFD2409B47E7C
SHA-256:	F758738E88F7B6A3FD0AF3F1BA3D09091C372B4BE6CB3400C09ED6AAD0007CEA
SHA-512:	428DEA3378FC53D9AC194D76533E81E16EB767F77480271EB71164FA1E39237EF46B22EE4228533992017731A84B8A3CE83DAAE923DBA3D6A76ED58941BCBA5E
Malicious:	false
Reputation:	unknown
Preview:	2024/10/10-23:26:29.344 18e8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/10-23:26:29.347 18e8 Recovering log #3.2024/10/10-23:26:29.347 18e8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.102069970593169
Encrypted:	false
SSDEEP:
MD5:	3338C2EF6530AEAA5A916CB03376EE83
SHA1:	972021186A4F4FDE406F9BB84C26D05E6E7C1495
SHA-256:	D633BEB7B0C9CA38D204DF5E43CD47F978B2C4F6EB62D93141591592A98AB27F
SHA-512:	67A8C6870A38561F8761BCC1462AE5FA6D2219489738ED34049323AA8696952E1BD67FE3B3050872A2E53CF83A7F71599A2AEE9E6248D0C67C980C384AD0EF63
Malicious:	false
Reputation:	unknown
Preview:	2024/10/10-23:26:29.232 1a10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/10-23:26:29.236 1a10 Recovering log #3.2024/10/10-23:26:29.236 1a10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	3338C2EF6530AEAA5A916CB03376EE83
SHA1:	972021186A4F4FDE406F9BB84C26D05E6E7C1495
SHA-256:	D633BEB7B0C9CA38D204DF5E43CD47F978B2C4F6EB62D93141591592A98AB27F
SHA-512:	67A8C6870A38561F8761BCC1462AE5FA6D2219489738ED34049323AA8696952E1BD67FE3B3050872A2E53CF83A7F71599A2AEE9E6248D0C67C980C384AD0EF63
Malicious:	false
Reputation:	unknown
Preview:	2024/10/10-23:26:29.232 1a10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/10-23:26:29.236 1a10 Recovering log #3.2024/10/10-23:26:29.236 1a10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	F7734C5562A331E7E5AD650E528B9CCE
SHA1:	1F2AC5AC6B7E30E317FD8F653B1C78339248DB12
SHA-256:	C55A12976D4F8EC2298956E7A1024E79A8A0E8E2FB0A7F574E8CD01533B9B6C0
SHA-512:	C985E18F984F1D8C5F0B5749E849E76FF4686415A33749977E10C28DC1D7B201B9F7E7C0F6556A35CB333A5CD7526F7D1A6D652BBCDDB50FB144869C74B70CFD
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d4a49df4-bb75-4fae-967f-9e3a602ba56f.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	253
Entropy (8bit):	4.931682077316122
Encrypted:	false
SSDEEP:
MD5:	F7734C5562A331E7E5AD650E528B9CCE
SHA1:	1F2AC5AC6B7E30E317FD8F653B1C78339248DB12
SHA-256:	C55A12976D4F8EC2298956E7A1024E79A8A0E8E2FB0A7F574E8CD01533B9B6C0
SHA-512:	C985E18F984F1D8C5F0B5749E849E76FF4686415A33749977E10C28DC1D7B201B9F7E7C0F6556A35CB333A5CD7526F7D1A6D652BBCDDB50FB144869C74B70CFD
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4509
Entropy (8bit):	5.229763534595281
Encrypted:	false
SSDEEP:
MD5:	93AA4911C31E2F06671743A29A27C0D5
SHA1:	9066EE7392E2D00669CB2DD434BBF5A16E0B092A
SHA-256:	24701CA67DAB349B2FF75B04EE398CACF66665DD6C5B0453F56D5D7104AAD17F
SHA-512:	BD8BEC8FF721D03D6DB3C966FCFC8CA29E92E4DEA99498278A1390EC4AD087A64D95C8E0CE248880F91DAF812F8FDD886813A14D7E1ABDAE1B891AF8A7E37431
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.15711218220889
Encrypted:	false
SSDEEP:
MD5:	A99650A85EDC3DB52B69E11E359B3C0C
SHA1:	BB21A3B1B6ACA60715B242F1EEE2CD20D11E46A2
SHA-256:	1E752E6A59DABAAFB87B476BF47752EBCC67D9AF238CADD94F1EE868C6E674F1
SHA-512:	CDAB1B827C128E4268BEC3D14DD76E4C435DCAF96C39D9F1D681BCEEBC30F2094F4E34B5FCE85BB1320A6BBA11C7759AF57CDFB87B0C6BE55296699BED4A1A0B
Malicious:	false
Reputation:	unknown
Preview:	2024/10/10-23:26:29.382 1a10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/10-23:26:29.383 1a10 Recovering log #3.2024/10/10-23:26:29.385 1a10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	A99650A85EDC3DB52B69E11E359B3C0C
SHA1:	BB21A3B1B6ACA60715B242F1EEE2CD20D11E46A2
SHA-256:	1E752E6A59DABAAFB87B476BF47752EBCC67D9AF238CADD94F1EE868C6E674F1
SHA-512:	CDAB1B827C128E4268BEC3D14DD76E4C435DCAF96C39D9F1D681BCEEBC30F2094F4E34B5FCE85BB1320A6BBA11C7759AF57CDFB87B0C6BE55296699BED4A1A0B
Malicious:	false
Reputation:	unknown
Preview:	2024/10/10-23:26:29.382 1a10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/10-23:26:29.383 1a10 Recovering log #3.2024/10/10-23:26:29.385 1a10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6940

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	227002
Entropy (8bit):	3.392780893644728
Encrypted:	false
SSDEEP:
MD5:	265E3E1166312A864FB63291EA661C6A
SHA1:	80DFF3187FF929596EB22E1DB9021BAD6F97178C
SHA-256:	C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728
SHA-512:	48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA
Malicious:	false
Reputation:	unknown
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.370667615165181
Encrypted:	false
SSDEEP:
MD5:	431788D48887FD96F7A58F71D35A249A
SHA1:	6A9E186A3C59D5FC9BE10D16C730DB9567A8CFEB
SHA-256:	E3BAB26F46DB8CBBC28BF359864E3A1524852A4DF19042DDCA85DF756B50EF62
SHA-512:	6F642BCC2DFBD810735A435EE7D509A8226785C9CD333E5C9109402757EA391CCD2B4EDBF77055C5532A0EFADB29B8794AE2440F48041559AE26EB97998C4B79
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"585a415c-70b4-4636-b98c-efb14ed0a56a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728792799414,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.3188138062516215
Encrypted:	false
SSDEEP:
MD5:	01DF2FC1D70D0A9A789A43A300944883
SHA1:	50BA034EAD5A2CA2224B001471C42624F0C27BCD
SHA-256:	C03675F61EC44E06EC51454A38A5011708494C5BBBEAB9DA16DC765BDF1376BA
SHA-512:	3064B9A843EFD578CA4881674B2263A5121C37EC08550BDE30EA26B2709F722D639F2735F10473319CB71DEAF7EA5CC48CEDC8E4FB75047AFE063C01827CEA46
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"585a415c-70b4-4636-b98c-efb14ed0a56a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728792799414,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.297362122777626
Encrypted:	false
SSDEEP:
MD5:	8735B2FB7D50873FE879A0ECBF0E7F95
SHA1:	51D2579D285069AD8937370DB1C7839A4EC5F5DA
SHA-256:	A9D202DB48B017640AF01C3C2F16B22352C08637A8FAEE4D8A20D6FE2B04B492
SHA-512:	F6075855BA1170051BC6C7EC453B6E70B8D5A1610799394A737A5077C1213A8A5F2BE5D4CC8ACA646A907B86BEBC094C96F876F76655E738999901F33E7117E7
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"585a415c-70b4-4636-b98c-efb14ed0a56a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728792799414,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.359304092637685
Encrypted:	false
SSDEEP:
MD5:	1C6AACEA66227DDA5186FB86D66BA026
SHA1:	24A82C74F7003A308CB68324EC64E9099575A2E3
SHA-256:	CDCB240535E5873D76F5788913D16CC8D05A8945EB524B7FB54AB5CB21786C5C
SHA-512:	746161569DAE32A2506757BB3C5A0D8A0C092B51C6EEA1EAB866D7718458C4FF73DB3B6C76F72F5ED2AB66414B2854AE485E34F8070D4AF76F766A510E5D67E7
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"585a415c-70b4-4636-b98c-efb14ed0a56a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728792799414,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1083
Entropy (8bit):	5.684516372205422
Encrypted:	false
SSDEEP:
MD5:	E8E2F7B292B2201EC2919F3988BAF7FD
SHA1:	20A0ACDBD32FEB67174152FF70FE75B2FD24D6D2
SHA-256:	812D4C0424D943C972583ABE8BAC738549F4921F612389E2B44B0347CD785F53
SHA-512:	011DE6D5EFC84C6DFF1D7AF489FD5B59F68CE8BE3987DE7D8290600E20A7AFD1A13BE03692E32BA1C4CA54F583C27E5F725DFFD8C4486B82F977292A19543BF4
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"585a415c-70b4-4636-b98c-efb14ed0a56a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728792799414,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_2","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"22b145c0-22bc-4bba-811f-7234f288595b","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjoiUkdTMDM1MS1FTlUtQ29udHJvbCJ9","dataType":"applicatio

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.65339997016325
Encrypted:	false
SSDEEP:
MD5:	307CF501CB83BE6223246D45658B9777
SHA1:	1A035788018A6E838B20785CA114D28FDA5E7B31
SHA-256:	A4BDB385DC4EDA56EF288779A89007D083E0E3F6AB921B046D48F89C28BA3D36
SHA-512:	232EE94236D4708B42A03C4E5409042D638A4A78B429548FAB5661B2587127686667E8D4CC18C0BB2D1FD44DDFBBB8C9BF10886C6A364002FCBD6D3608AD4E47
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"585a415c-70b4-4636-b98c-efb14ed0a56a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728792799414,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.30971725813772
Encrypted:	false
SSDEEP:
MD5:	8563C5E90B6C86AFD7971D616625D095
SHA1:	096F08E5BA25A06CDC95534DE594294F97231EA4
SHA-256:	B73D3368FA749FC6B470C5ECE9ADC95E65BD3E77DD0F66B8894B1CC23C461667
SHA-512:	B97535ADB1AD5866A3576D4C72AAB7DC8C38B0771A2C41D42EE60DCDB05B86C842B00F182D3994F2FDE925A76451CD6127A1418364A2ACB9C8E7A8FF924F7DDF
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"585a415c-70b4-4636-b98c-efb14ed0a56a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728792799414,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1062
Entropy (8bit):	5.690661044171209
Encrypted:	false
SSDEEP:
MD5:	2904D80B26BD1DC9F3800FD4E84CE435
SHA1:	60379C551848D7D63C8F42E7C47BC872E4F6A63A
SHA-256:	9D4C8EB820FCD924FD2638547C6068116D5F37D1E97BC999893B7991375271E8
SHA-512:	3CC50134B53E331C8C4493711321646F93012C08B8C204FBA227E617B21256342E049DB76F577F443286E85529D16D91B647B5E253AA06545315AFFF2664567E
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"585a415c-70b4-4636-b98c-efb14ed0a56a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728792799414,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_0","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"58886bd3-acd7-4f84-ae2e-6684bc127c41","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNvbnRyb2wifQ==","dataType":"application\/json","encodingSch

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.698163443903301
Encrypted:	false
SSDEEP:
MD5:	00C3A4F7FD4418C44311D240ABA0249E
SHA1:	BDEC0E40906E55DFE2617659CA3F41B552F2E8F7
SHA-256:	62F99C5D179D1618C6909B76A97ACB3F7ACC80CAC1A9715AD6F6427BD7908392
SHA-512:	298D6581BC0C106346731B73A97F3524651C0F477CA7740E0F8147A66FE72CE5A6179EB819AFE4A7CAA531B3622288649D8055BDDB3D3709F3B87E2A7520CF0F
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"585a415c-70b4-4636-b98c-efb14ed0a56a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728792799414,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.313135207957119
Encrypted:	false
SSDEEP:
MD5:	D4F37A121DA896BA541021193CF55665
SHA1:	10CEF4401C47A7098C730098B31805C2CCBF78ED
SHA-256:	20A8599B2C4EE929B504D023BC84FA4CF13AE20DB06FD188997CF55A959E071F
SHA-512:	E3F0B0EC8C420097A52A559FDF232C8E5BEBC011B4FFE4F9FCB5140014A035AC824A7AFBB8882432F49CFF9AC542FB02DAC4157EA1EA7886D505B4D95A6C2084
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"585a415c-70b4-4636-b98c-efb14ed0a56a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728792799414,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.777316705982583
Encrypted:	false
SSDEEP:
MD5:	D6517AAE13E74E794546AAC3B8841A0F
SHA1:	B6FB8A998D8D9A0EF1FFB7B99B9A84210D823922
SHA-256:	C657E6D4AF4C11B4F4E5EB180B4D2C429F3108296498F5C82133BF2FD05B0ACE
SHA-512:	061215D6D0C1C180BF9B187F7D954E375E03A886BAC6D8419AAB3C7A1A81D81330AFAF6EEA005B50BEEC295E96FCE5DA05E3AAF01B4D9D6C60284FE449E33331
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"585a415c-70b4-4636-b98c-efb14ed0a56a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728792799414,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.296592029287634
Encrypted:	false
SSDEEP:
MD5:	D51CCDA2F1BF9FA9B948B31D2FD580C3
SHA1:	7958BB5C3B8F83395DCAC31DC2E23DD2E0DAF4F8
SHA-256:	0B8D046699427E69E0BAF241860F301220AD29EDBE2AE2F953A0B6D41D79EEAB
SHA-512:	80C57071C48B450A2E50395E70EAE96E83937875899B02E332DA05CBC49AD7800799BB6C3F01F8A27FBBA467FA17B708FEEB4D200A0A0DA3CC0489D725FC262F
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"585a415c-70b4-4636-b98c-efb14ed0a56a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728792799414,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.300451026081714
Encrypted:	false
SSDEEP:
MD5:	32B04002DF1869F82CFA95319298448C
SHA1:	748DF260E63E4208799FEF9682D6BE397BFECA86
SHA-256:	E2167CE7FAA4A9608AD1F4A1100F003F87921110FA415A3273A6C813671CFBE6
SHA-512:	98CB35AF32B79215AAA750BF6EC7F2C39FD442C49F9BC0763678F70E4ED565B0DE132ED6C0C4D9F0F2122CCF121BDAB56D10CB98E2745A8021535C6A0E6BC864
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"585a415c-70b4-4636-b98c-efb14ed0a56a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728792799414,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1082
Entropy (8bit):	5.687982640518521
Encrypted:	false
SSDEEP:
MD5:	DA3786C3F2ADFB1C149E6366AB1A2219
SHA1:	0E16D7F853820E3D7B800B4F450FDB4970C69BA7
SHA-256:	B453CD10445B7EF66443ADC07CC675600EE38BE7062472D09D98DD14086027C2
SHA-512:	8B7AD81E20FB7D895E8B6BD09795F9F5FFFCC1669E43A98851528567D9793D9A31ACDDBBF3C393A823D5BCC54421DBFF604048EDDB78F7697E206F63581A9EE3
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"585a415c-70b4-4636-b98c-efb14ed0a56a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728792799414,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_1","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"a8b11c37-7d39-4b12-9d33-a040ee4d296b","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNvbnRyb2wifQ==","dataType":"application

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.276854026285229
Encrypted:	false
SSDEEP:
MD5:	059BEC4E5A2FA1A564903057ED522C84
SHA1:	1806DE8755320279AF3DDA688B83BAD868BB9021
SHA-256:	A5905A635815AB3FFAC5009A46D13BAEAF4FE45B4402A71C4E89CD310F974A27
SHA-512:	B559B22EE7805DBB07FFF279217C61C8ABCB9902C3BADA5149D32F0F327D6D487259B3B0A4F1491C9C80E667CC542D3C8145817E48380C13F2C75E0A894C65B9
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"585a415c-70b4-4636-b98c-efb14ed0a56a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728792799414,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.371911739130779
Encrypted:	false
SSDEEP:
MD5:	2B1F9F43943B75B9EED60C213928F3F7
SHA1:	4124AD8C1CC4A6E451B880681D965A14C9E3A698
SHA-256:	AD71F39DF8357884CD8E9DF643D764AD0B4872AF86CB2E9A199D1356C0D980E5
SHA-512:	538E5FC80B369CCD15E202E3D3C2A1D3BEF6BD9FD51BD2557DAB72A130626B5A6EC16F776053FE915A1DAC23075DAD276CD9E0590DBCD8F2616803D21FA6EBB8
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"585a415c-70b4-4636-b98c-efb14ed0a56a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728792799414,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1728617194457}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.129548302105868
Encrypted:	false
SSDEEP:
MD5:	81146A65F8F03C0BEFAB10BB38A31C13
SHA1:	D7EA6F23199423B4BA998367918E4B0673D7EF69
SHA-256:	422A18983DB60F278A68F99FD13127C748E08154646F83BB543B5AD404F4E69F
SHA-512:	0186A5621C5F1071116AFA8A44EE8631C099E56994B148AF4940F5AEB5F9AF1EE9504EE3BFCB5C381503FBCD03302E9A60235A096EE4C878C313FF751DB2A10D
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"323060b120c032280b2075e181aa09df","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1728617193000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"91e9c9235c61ddaee3db7bc3b328a95f","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1082,"ts":1728617193000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"4caa2e0537193ed79da814ff9aa5a590","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1083,"ts":1728617193000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"59df1bd93aa8c401566ab02bba95dcb3","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1062,"ts":1728617193000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"fb18198bb720fd215da5c49475904fc9","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1728617193000},{"id":"Edit_InApp_Aug2020","info":{"dg":"915b9332319b179f8c3235dd87e8ea94","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9875339592095237
Encrypted:	false
SSDEEP:
MD5:	EF4B6E97445C9AA4EEC4149D40AFC814
SHA1:	9B056728A5435D3741432292ED837A2F33972660
SHA-256:	1FD131620DEE964B18915A83A2C0A1FBBFAB91CB4FBE44869A97F6937EC323FE
SHA-512:	A5ACC81C8AC098767C2BF185A2D909317A0276523590B8E1B39C2C53CEEC9CB2A313975185B3A2E355FE48A09A893005E41B4BFF0205C24435A33DA0609079A0
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3412781738588533
Encrypted:	false
SSDEEP:
MD5:	69EEF632ECFB0232B712653365D8D638
SHA1:	A2AD5AD643A4E0A2A0A2F65BB354E98F8D3DF2E6
SHA-256:	60244F018043CDBC3BA5A58419A3BA3DE8F78A82E9C4CFB13BD3A572EE0ABEF0
SHA-512:	FD50340F8F360EB5E033AE935851C84C4182CD0CBA41CF6EAF3D26C6DBC61467A9E90A1A4BCF2A2532B15BA7881BBE5FF2E1352FF5CA9D21D5E62870579009D1
Malicious:	false
Reputation:	unknown
Preview:	.... .c.......n.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIf6e.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.513199765407527
Encrypted:	false
SSDEEP:
MD5:	FEE282801805F4D734E451E08D1517C7
SHA1:	23F30AF7FC28DAFF3F137C82E79398D0B92A36AB
SHA-256:	B3115E512D877410DBBAE83AA037C9C5B761E1C8A5094826F758AA847F7FA633
SHA-512:	AC5409C513E3CB7271F5BDEFD73C1A38534F811DA8BC043B94C7CA8AB529821C643C8A65996B498F87BE60826C07358A5B872DFB66EE53A8E9AF3DC11EECD090
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.0./.1.0./.2.0.2.4. . .2.3.:.2.6.:.3.3. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-10 23-26-28-559.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.353642815103214
Encrypted:	false
SSDEEP:
MD5:	91F06491552FC977E9E8AF47786EE7C1
SHA1:	8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
SHA-256:	06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
SHA-512:	A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
Malicious:	false
Reputation:	unknown
Preview:	SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.3784381172283595
Encrypted:	false
SSDEEP:
MD5:	F5DF98FFCE8FBD19BEE28ED44D43A70B
SHA1:	C621A0BC5CDC8A1932FF3F5583CD15726E3DD55A
SHA-256:	955D45715F6E2129816F159BC7F48F2E78427938BC818AE1177FFE4F5C7FE92D
SHA-512:	3C3A43E7A106FC7D4449807C90D213C0D0E042AF7F088CCE1EC66B0FECBD3BA5D5F358BA26FD94876979546D80748484A0C2501DA1912F8EE46BEB7B909A5068
Malicious:	false
Reputation:	unknown
Preview:	SessionID=9796b3ab-cf51-437e-8db1-ca1434e79bfb.1728617188573 Timestamp=2024-10-10T23:26:28:573-0400 ThreadID=6268 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=9796b3ab-cf51-437e-8db1-ca1434e79bfb.1728617188573 Timestamp=2024-10-10T23:26:28:575-0400 ThreadID=6268 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=9796b3ab-cf51-437e-8db1-ca1434e79bfb.1728617188573 Timestamp=2024-10-10T23:26:28:575-0400 ThreadID=6268 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=9796b3ab-cf51-437e-8db1-ca1434e79bfb.1728617188573 Timestamp=2024-10-10T23:26:28:575-0400 ThreadID=6268 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=9796b3ab-cf51-437e-8db1-ca1434e79bfb.1728617188573 Timestamp=2024-10-10T23:26:28:575-0400 ThreadID=6268 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.414770509648415
Encrypted:	false
SSDEEP:
MD5:	3283F03EA01D4D513D98EBD20DBC5985
SHA1:	8ABE23E4284F7760E3F96B86C639C6284A50D4DB
SHA-256:	DE8E3149F2A6467579665DDFFAAA30313E7BFED9E5CDC1F9547DFB53C56C8378
SHA-512:	62ABF548E37740EBCF282FE9A86871E41999E6FC6B5C60584FA6E9FFE73FA75F102CE59529ABC9FD9F0E48D91342A6AF1F08319057FBA478542FCA3C4109B74B
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

Static File Info

General

File type:	PDF document, version 1.7 (zip deflate encoded)
Entropy (8bit):	7.990783262127647
TrID:	Adobe Portable Document Format (5005/1) 99.96% Bio-Rad Image(s) file (2/1) 0.04%
File name:	Coca cola Cooler Confirmation Needed.pdf
File size:	35'796 bytes
MD5:	8b940dcbc76ff901f2fde271632918d2
SHA1:	2b8918245e7f4d02b73ccb36386765b2346d28e4
SHA256:	dd9ed9f0630fa091598320e760ef759b5605761703e7a4131e9351fa09633ba0
SHA512:	cbf856a9769fdd8288ea1272efc36b23598f60f2a40d54593024587b5e7149ce5f2000f14dac541c07c1f12fef0d0ffa5571a2328903ac38f95693bd982883c4
SSDEEP:	768:kzxt536htgG+upO4gLTEC7YqoLvZnzjsJ5ORESCn782FA:kzTYSmU4gLTF0qoLvZzjw9nlA
TLSH:	88F2F166B5FC093241E45132E9241F3961A28F02F86F1E72728FC27B9569EA6DC0D00B
File Content Preview:	%PDF-1.7.%......360 0 obj.<</Filter/FlateDecode/First 902/Length 43577/N 91/Type/ObjStm>>stream..h..{...G......YW...4.H...N.nXr{..b@UQ..T........G..}'"..d.$..n.."..q=q;..lZ...y..<..BL..."z.w~a.....[..D.DA"...q.....p..u]......Z....wF..[..../\|.R........U.w>

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.990783
Total Bytes:	35796
Stream Entropy:	7.990692
Stream Bytes:	35701
Entropy outside Streams:	5.270467
Bytes outside Streams:	95
Number of EOF found:	0
Bytes after EOF:

Keywords Statistics

Name	Count
obj	1
endobj	0
stream	1
endstream	0
xref	0
trailer	0
startxref	0
/Page	0
/Encrypt	0
/ObjStm	1
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Coca cola Cooler Confirmation Needed.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d4a49df4-bb75-4fae-967f-9e3a602ba56f.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6940

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSIf6e.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-10 23-26-28-559.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Static File Info

General

File Icon

Static PDF Info

General

Keywords Statistics

Windows Analysis Report
Coca cola Cooler Confirmation Needed.pdf