Edit tour

Windows Analysis Report
2103.03530.pdf

Overview

General Information

Sample name:	2103.03530.pdf
Analysis ID:	1532105
MD5:	3da6fc38f72ce9f6596fce1c967d0460
SHA1:	7a4ef43e8deb10b958b922c403cf7bd4d73ddaba
SHA256:	c47a2e761bd82ed897165081ba24b752d87ca640c51a133cbb27981d0ee63902
Tags:	pdfuser-xayeshasulx
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

IP address seen in connection with other malware

PDF has an OpenAction (likely to launch a dropper script)

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 2784 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\2103.03530.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 1852 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7188 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1736,i,11847260277344383352,9453903226599460595,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Joe Sandbox View

IP Address: 23.46.224.162 23.46.224.162

Source: 2103.03530.pdf	String found in binary or memory: http://www.openioc.org/resources/An_Introduction_to_OpenIOC.pdf)
Source: 2D85F72862B55C4EADD9E66E06947F3D0.3.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: 2103.03530.pdf	String found in binary or memory: https://attack.mitre.org/)
Source: 2103.03530.pdf	String found in binary or memory: https://capec.mitre.org/)
Source: 2103.03530.pdf	String found in binary or memory: https://cpe.mitre.org/specification/)
Source: 2103.03530.pdf	String found in binary or memory: https://cve.mitre.org)
Source: 2103.03530.pdf	String found in binary or memory: https://cwe.mitre.org)
Source: 2103.03530.pdf	String found in binary or memory: https://cwe.mitre.org/cwss/cwss_v1.0.1.html)
Source: 2103.03530.pdf	String found in binary or memory: https://github.com/ucoProject/uco)
Source: 2103.03530.pdf	String found in binary or memory: https://maec.mitre.org)
Source: 2103.03530.pdf	String found in binary or memory: https://nvd.nist.gov/)
Source: 2103.03530.pdf	String found in binary or memory: https://nvd.nist.gov/vuln-metrics/cvss)
Source: 2103.03530.pdf	String found in binary or memory: https://oasis-open.github.io/cti-documentation/)
Source: 2103.03530.pdf	String found in binary or memory: https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion)
Source: 2103.03530.pdf	String found in binary or memory: https://www.pwc.com/gx/en/services/advisory/forensics/economic-crime-survey/cybercrime.html)

Source: classification engine

Classification label: clean1.winPDF@14/53@0/1

Source: 2103.03530.pdf	Initial sample: https://cve.mitre.org
Source: 2103.03530.pdf	Initial sample: https://oasis-open.github.io/cti-documentation/
Source: 2103.03530.pdf	Initial sample: https://github.com/ucoproject/uco
Source: 2103.03530.pdf	Initial sample: https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion
Source: 2103.03530.pdf	Initial sample: https://cpe.mitre.org/specification/
Source: 2103.03530.pdf	Initial sample: https://nvd.nist.gov/vuln-metrics/cvss
Source: 2103.03530.pdf	Initial sample: https://capec.mitre.org/
Source: 2103.03530.pdf	Initial sample: http://www.openioc.org/resources/an_introduction_to_openioc.pdf
Source: 2103.03530.pdf	Initial sample: https://attack.mitre.org/
Source: 2103.03530.pdf	Initial sample: https://maec.mitre.org
Source: 2103.03530.pdf	Initial sample: https://cwe.mitre.org
Source: 2103.03530.pdf	Initial sample: https://www.pwc.com/gx/en/services/advisory/forensics/economic-crime-survey/cybercrime.html
Source: 2103.03530.pdf	Initial sample: https://cwe.mitre.org/cwss/cwss_v1.0.1.html
Source: 2103.03530.pdf	Initial sample: https://github.com/ucoProject/uco
Source: 2103.03530.pdf	Initial sample: http://www.openioc.org/resources/An_Introduction_to_OpenIOC.pdf
Source: 2103.03530.pdf	Initial sample: https://nvd.nist.gov/

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4544

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-12 05-17-25-863.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\2103.03530.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1736,i,11847260277344383352,9453903226599460595,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1736,i,11847260277344383352,9453903226599460595,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: 2103.03530.pdf	Initial sample: PDF keyword /JS count = 0
Source: 2103.03530.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A916wfshm_zp8a5f_3i8.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A916wfshm_zp8a5f_3i8.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: 2103.03530.pdf

Initial sample: PDF keyword stream count = 23

Source: 2103.03530.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: 2103.03530.pdf

Initial sample: PDF keyword endobj count = 298

Source: 2103.03530.pdf

Initial sample: PDF keyword obj count = 298

Source: 2103.03530.pdf

Initial sample: PDF keyword /OpenAction

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
2103.03530.pdf	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://x1.i.lencr.org/	0%	URL Reputation	safe
https://nvd.nist.gov/vuln-metrics/cvss)	0%	Virustotal		Browse
https://nvd.nist.gov/)	0%	Virustotal		Browse
https://attack.mitre.org/)	0%	Virustotal		Browse
https://capec.mitre.org/)	0%	Virustotal		Browse
https://oasis-open.github.io/cti-documentation/)	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://nvd.nist.gov/vuln-metrics/cvss)	2103.03530.pdf	false	0%, Virustotal, Browse	unknown
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.3.dr	false	URL Reputation: safe	unknown
https://nvd.nist.gov/)	2103.03530.pdf	false	0%, Virustotal, Browse	unknown
https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion)	2103.03530.pdf	false		unknown
http://www.openioc.org/resources/An_Introduction_to_OpenIOC.pdf)	2103.03530.pdf	false		unknown
https://maec.mitre.org)	2103.03530.pdf	false		unknown
https://attack.mitre.org/)	2103.03530.pdf	false	0%, Virustotal, Browse	unknown
https://capec.mitre.org/)	2103.03530.pdf	false	0%, Virustotal, Browse	unknown
https://cwe.mitre.org/cwss/cwss_v1.0.1.html)	2103.03530.pdf	false		unknown
https://cve.mitre.org)	2103.03530.pdf	false		unknown
https://www.pwc.com/gx/en/services/advisory/forensics/economic-crime-survey/cybercrime.html)	2103.03530.pdf	false		unknown
https://cwe.mitre.org)	2103.03530.pdf	false		unknown
https://oasis-open.github.io/cti-documentation/)	2103.03530.pdf	false	0%, Virustotal, Browse	unknown
https://cpe.mitre.org/specification/)	2103.03530.pdf	false		unknown
https://github.com/ucoProject/uco)	2103.03530.pdf	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.46.224.162	unknown	United States		16625	AKAMAI-ASUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1532105
Start date and time:	2024-10-12 11:16:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 40s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	2103.03530.pdf
Detection:	CLEAN
Classification:	clean1.winPDF@14/53@0/1
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 2.19.126.143, 2.19.126.149, 172.64.41.3, 162.159.61.3, 52.5.13.197, 23.22.254.206, 54.227.187.23, 52.202.204.11, 2.23.197.184, 192.168.2.4, 23.219.161.132
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

Time	Type	Description
05:17:31	API Interceptor	1x Sleep call for process: AcroCEF.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
23.46.224.162	Rechnung0192839182.pdf	Get hash	malicious	Unknown	Browse
	PO 56789324.eml	Get hash	malicious	Unknown	Browse
	044f.pdf.scr	Get hash	malicious	RMSRemoteAdmin	Browse
	LETTER OF DEMAND.pdf	Get hash	malicious	HTMLPhisher	Browse
	SFP-TCC-5000-00-IN-RQ01-0014 REQUISITION FOR CRITICAL ON-OFF VALVES.pdf	Get hash	malicious	Unknown	Browse
	Artec-Order specifications (1).pdf	Get hash	malicious	Unknown	Browse
	1.jar	Get hash	malicious	Unknown	Browse
	1.jar	Get hash	malicious	Unknown	Browse
	Fatura.pdf	Get hash	malicious	Unknown	Browse
	Remittance_ITWWX 5824.pdf	Get hash	malicious	HTMLPhisher	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	mWcDQrv9bb.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	oUbgeGwOL8.exe	Get hash	malicious	LummaC, Amadey, Stealc	Browse	104.102.49.254
	UuQADITfTr.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	NDJBSLalTk.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	tlFLXwAslF.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	oOJUkmV24a.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	0GgpkVvhhI.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.199304417646268
Encrypted:	false
SSDEEP:	6:/fQyq2Pwkn2nKuAl9OmbnIFUt84vYG1Zmw+4vYQRkwOwkn2nKuAl9OmbjLJ:/fVvYfHAahFUt84AG1/+4AI5JfHAaSJ
MD5:	0D706B85190B1AF6119242BBD5FE6DA7
SHA1:	C4F974B2A2EEEBD20CE1EE3F6C1459314ED97BB9
SHA-256:	74361EF55CBA790F824DCDF02698ACDAA26C46D509FB5029F203541D6E035F8B
SHA-512:	450B861DA5A5702E276EC620370C33415C9145C8A02AC7209904572D5B147810EEA408D08C61D3C044E696921FD8FDC9B794BCCF9CD4B3DBA61E66F3630027EA
Malicious:	false
Reputation:	low
Preview:	2024/10/12-05:17:23.497 1630 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/12-05:17:23.502 1630 Recovering log #3.2024/10/12-05:17:23.502 1630 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.199304417646268
Encrypted:	false
SSDEEP:	6:/fQyq2Pwkn2nKuAl9OmbnIFUt84vYG1Zmw+4vYQRkwOwkn2nKuAl9OmbjLJ:/fVvYfHAahFUt84AG1/+4AI5JfHAaSJ
MD5:	0D706B85190B1AF6119242BBD5FE6DA7
SHA1:	C4F974B2A2EEEBD20CE1EE3F6C1459314ED97BB9
SHA-256:	74361EF55CBA790F824DCDF02698ACDAA26C46D509FB5029F203541D6E035F8B
SHA-512:	450B861DA5A5702E276EC620370C33415C9145C8A02AC7209904572D5B147810EEA408D08C61D3C044E696921FD8FDC9B794BCCF9CD4B3DBA61E66F3630027EA
Malicious:	false
Reputation:	low
Preview:	2024/10/12-05:17:23.497 1630 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/12-05:17:23.502 1630 Recovering log #3.2024/10/12-05:17:23.502 1630 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.18583225596884
Encrypted:	false
SSDEEP:	6://34q2Pwkn2nKuAl9Ombzo2jMGIFUt84vNJZmw+4vNDkwOwkn2nKuAl9Ombzo2jz://IvYfHAa8uFUt84v/+495JfHAa8RJ
MD5:	D77113F335DE951A9D9A899542FFCE8C
SHA1:	C0DA58D535F0B2DDFF8D2C66A491876C9FC7AE79
SHA-256:	29D58B24F30F8DD8EB788E3D0C2136871E2B6C87417B4694D97F6183C5944ED3
SHA-512:	FC777596FAD9DC255B173E1CEAB5A9AB99B2574F47E255B2916B026A5ED4D404A7CB3EC03575C21B10CE1EE62F55FD965E494A0B737042661009BEF21D1AB916
Malicious:	false
Reputation:	low
Preview:	2024/10/12-05:17:23.612 1c80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/12-05:17:23.614 1c80 Recovering log #3.2024/10/12-05:17:23.614 1c80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.18583225596884
Encrypted:	false
SSDEEP:	6://34q2Pwkn2nKuAl9Ombzo2jMGIFUt84vNJZmw+4vNDkwOwkn2nKuAl9Ombzo2jz://IvYfHAa8uFUt84v/+495JfHAa8RJ
MD5:	D77113F335DE951A9D9A899542FFCE8C
SHA1:	C0DA58D535F0B2DDFF8D2C66A491876C9FC7AE79
SHA-256:	29D58B24F30F8DD8EB788E3D0C2136871E2B6C87417B4694D97F6183C5944ED3
SHA-512:	FC777596FAD9DC255B173E1CEAB5A9AB99B2574F47E255B2916B026A5ED4D404A7CB3EC03575C21B10CE1EE62F55FD965E494A0B737042661009BEF21D1AB916
Malicious:	false
Reputation:	low
Preview:	2024/10/12-05:17:23.612 1c80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/12-05:17:23.614 1c80 Recovering log #3.2024/10/12-05:17:23.614 1c80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\5d838aff-128c-45b1-972e-daf8cd72a177.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.965604377944479
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqyEhsBdOg2Hicaq3QYiubInP7E4TX:Y2sRdsqydMHt3QYhbG7n7
MD5:	737EC563571240B875BF3685C79A060A
SHA1:	FE4CE0E498A1393706674F101457EFE15C81A3A6
SHA-256:	4FFCF5023CFF87057BDB41838B99D68658C55943D641CBB89FEC3B88F362BE58
SHA-512:	9D4AF92891D8865E3C81F00CDBEE8A9710F72766DEEBDF2EC69A95DD552AA44379A62F7F9ABA1A826A333BC900AEDE8C4D418033EFC3A12D4591CE3CDC522D60
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13373284654797226","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":147516},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.967403857886107
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
MD5:	B7761633048D74E3C02F61AD04E00147
SHA1:	72A2D446DF757BAEA2C7A58C050925976E4C9372
SHA-256:	1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
SHA-512:	397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF406ceb.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.967403857886107
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
MD5:	B7761633048D74E3C02F61AD04E00147
SHA1:	72A2D446DF757BAEA2C7A58C050925976E4C9372
SHA-256:	1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
SHA-512:	397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c0425415-f542-41df-9e45-ac6b4375a010.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.967403857886107
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
MD5:	B7761633048D74E3C02F61AD04E00147
SHA1:	72A2D446DF757BAEA2C7A58C050925976E4C9372
SHA-256:	1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
SHA-512:	397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.25782395340861
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7j/xlD/flZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goX
MD5:	E5E3B498D05C1653CD8B19FBFA0E63FA
SHA1:	240BAD0339320C2445489C93A620D69F9E0445BB
SHA-256:	F52E431357B5C1B4AB415DED82C3E447E1E733B99B6E1A6773D44F4D3C4BE9E2
SHA-512:	8669393F0EE846C1BA01D526730DABB7EB190ED1C51BCFBFAFFC18D5169B0779F38EA11F779FF167FCF190C55B2B5CE4FC80F903F9AE6564820693CDDE19E278
Malicious:	false
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.154344175998484
Encrypted:	false
SSDEEP:	6:/ZeuM4q2Pwkn2nKuAl9OmbzNMxIFUt84ZYTv3JZmw+4ZVNDkwOwkn2nKuAl9Ombg:/ZeUvYfHAa8jFUt84Zgh/+4Z75JfHAab
MD5:	3682AE64A4B070D6AFBC1F5167DA84FD
SHA1:	F8EB19922538595EF2F5E4B17156D36464CEAA6D
SHA-256:	924DA463E83ADB6FFA792B1F6A75649BA7A162B5D48F358A60DFA8EA35328E11
SHA-512:	4397BA561C856296CB391C6644F8860C5BD62E1BDA076E8607135D5C539C146F57EA419817D9FB4CC47ABA211E69DE0D8E34A114CECABFB09D0DF1CAB01C6F7F
Malicious:	false
Preview:	2024/10/12-05:17:24.003 1c80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/12-05:17:24.005 1c80 Recovering log #3.2024/10/12-05:17:24.006 1c80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.154344175998484
Encrypted:	false
SSDEEP:	6:/ZeuM4q2Pwkn2nKuAl9OmbzNMxIFUt84ZYTv3JZmw+4ZVNDkwOwkn2nKuAl9Ombg:/ZeUvYfHAa8jFUt84Zgh/+4Z75JfHAab
MD5:	3682AE64A4B070D6AFBC1F5167DA84FD
SHA1:	F8EB19922538595EF2F5E4B17156D36464CEAA6D
SHA-256:	924DA463E83ADB6FFA792B1F6A75649BA7A162B5D48F358A60DFA8EA35328E11
SHA-512:	4397BA561C856296CB391C6644F8860C5BD62E1BDA076E8607135D5C539C146F57EA419817D9FB4CC47ABA211E69DE0D8E34A114CECABFB09D0DF1CAB01C6F7F
Malicious:	false
Preview:	2024/10/12-05:17:24.003 1c80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/12-05:17:24.005 1c80 Recovering log #3.2024/10/12-05:17:24.006 1c80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241012091728Z-216.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	2.0667758766710858
Encrypted:	false
SSDEEP:	192:kq5bgs9U0tm2ZAJhnu3R1mqQD33snm9ot0sjjrnjHKaDr5:kq58N0tm2ynrrWr7KaX5
MD5:	16627DF3438C1366C5EF7C43B9B787E4
SHA1:	002E1A6F47B684E88C834E7AB0F793AA36E745E5
SHA-256:	B864EDB11F34B033CB461CD5EB1B09603AA17FA6515A98AF2E7D751ED951965C
SHA-512:	F127DC2AC624BAED11118DF29AA65417CF7863D76370B809BCF3D144CF593EBE019EDCB348581B275C91269CFAFD1B8CDD3B0CB52979E2B7A88B106E7BE38E61
Malicious:	false
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 17, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 17
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.445071490727954
Encrypted:	false
SSDEEP:	384:SeVci5tUiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:BDs3OazzU89UTTgUL
MD5:	A532F00D664CF337338E9A19E6E42306
SHA1:	A06F80E92FAAB1375C79229059FFF42CD9303F30
SHA-256:	260C1ED0F6AE7085259A9D7889FE94058D75646A9720AAB019719309FF27E37B
SHA-512:	FC911C0392824CBDB1751C315F22F10D7222EB5766479401D967C74379D90CBA44BE830E5BF44C37A9FB377A45759F49B0F0E80A1FB38E8082AC35E1B8C1197D
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	2.2132138817701335
Encrypted:	false
SSDEEP:	48:7Md9nCZRqvmFTIF3XmHjBoGGR+jMz+LhV:7EnW79IVXEBodRBkv
MD5:	BFA1467E748EEBEAD613ADC83FE9BE5D
SHA1:	D95221C93FC3E241590A70268DF03883335D522E
SHA-256:	9EB3E28274E382F078D64186221DAEE2B6E6F24D739FEEA2B4821F1AC5E6343A
SHA-512:	A532C2908A862F4D472F7F910C1F2F51E7634D8AF2DF0F3CE38810089F89FC386654D53949A77ADDA25FD55A78E9510E2751CEFE81189E876C8789CC44AD720A
Malicious:	false
Preview:	.... .c.....M...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.7673182398396405
Encrypted:	false
SSDEEP:	3:kkFkl3P35bVltfllXlE/HT8k63llXNNX8RolJuRdxLlGB9lQRYwpDdt:kK6TleT8Dl7NMa8RdWBwRd
MD5:	EBED4953F9D338C2E115E3A4FD492F46
SHA1:	C8BAAF44339AD18465C3BDFCD3604C7F1E3B036D
SHA-256:	09EA0C508EDB0D768E6B9760F41FCB78DD37A006E7FC64ECAC9C2C2BB0CCD77C
SHA-512:	5798D89053AB5019D659E0DF726F0074E7050F334BE032AB2EB138E78F705387DDACFDA5D366CFAD112B470CBD4E1214D2EA851FCD192EF718442DA851342B88
Malicious:	false
Preview:	p...... ........Dj....(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4544

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	247234
Entropy (8bit):	3.3245480448633247
Encrypted:	false
SSDEEP:	1536:mKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqUrRo+RQn:TPClJ/3AYvYwglFo+RQn
MD5:	F7B75939ED43CD13BC5FA5A7E72C9C16
SHA1:	2FB9185CFEB8001598A301C83ECA9948420007ED
SHA-256:	2D50A4E5C21D7154373C0DF9DAF523FF54E48551510828BDD08D0E3B24125055
SHA-512:	E7AB73FFC3402C06D67410C52140A801A7FCBA9B8D248F6C6A069A31FB14437B347BB2973DE361B395E49E50A0A11E515F3E9EC1A73B568421B64E059B883758
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.3477241539798195
Encrypted:	false
SSDEEP:	6:YEQXJ2HXxYhAcTx0dJ9VoZcg1vRcR0YGdWoAvJM3g98kUwPeUkwRe9:YvXKXxYhAakJEZc0v3GMbLUkee9
MD5:	3C2F03DE158623CDA57BDD546A4D5E1D
SHA1:	41E0BA144703E82E64AE09D98FA4977FC7DBDC5A
SHA-256:	1D5734AC266F64D03E7B81DD71846AED811CCA71B6D429AA80AFE3A22C03DCDF
SHA-512:	BA615DE82955C6597513314FDFB7708FF9D5C01D48F7BF6F39EE6E901E2F77390CD29B4056EE89D6EB88227D3B22CF5F2A8C441F41E82525283C7915DA655147
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b8c43be8-6444-4ebe-9bd8-6d9d42afc38b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728897887599,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.296470617471716
Encrypted:	false
SSDEEP:	6:YEQXJ2HXxYhAcTx0dJ9VoZcg1vRcR0YGdWoAvJfBoTfXpnrPeUkwRe9:YvXKXxYhAakJEZc0v3GWTfXcUkee9
MD5:	C9DD7B8B51755E78D265B34D9D4BEE0B
SHA1:	7ED25932F3500C89D78A4D3F26F381688EF58E46
SHA-256:	36A35840A6516165795B432F01E4F2D95AD7FB1C24BD633097FF3CD0536035C0
SHA-512:	9804C758202337F23E23A29D0129832095293DB108B2176B3308A998AC30612E505015437FEA89B9EBDB34D7AB6422B3BCE67F2E8E9E9B4BBF92E8E3479EC60D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b8c43be8-6444-4ebe-9bd8-6d9d42afc38b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728897887599,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.275291692517314
Encrypted:	false
SSDEEP:	6:YEQXJ2HXxYhAcTx0dJ9VoZcg1vRcR0YGdWoAvJfBD2G6UpnrPeUkwRe9:YvXKXxYhAakJEZc0v3GR22cUkee9
MD5:	CFC4D7AFE1CE88A6399A4AABC83B9932
SHA1:	1FB048A781CAFDEB328AB7A18BDDFC1642D8F824
SHA-256:	FA87102F6532DA3CA5B45206B783E9A061F35E22BD599394D8D972FFA4B7FEA9
SHA-512:	54F16D42C0B994EF2A76BECF85751DE538C4DB581B0D72C3234C37F46583417FFF88C69298E42FF7B448593A2A91A6E4B7FD46C23E966FD5AED85D5F64F9FA2E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b8c43be8-6444-4ebe-9bd8-6d9d42afc38b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728897887599,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.334185915180685
Encrypted:	false
SSDEEP:	6:YEQXJ2HXxYhAcTx0dJ9VoZcg1vRcR0YGdWoAvJfPmwrPeUkwRe9:YvXKXxYhAakJEZc0v3GH56Ukee9
MD5:	ADDDBE17049DF1D1D453BDB80291FAA8
SHA1:	E548FF7539A58CDE0C6EF6EB9CC582934D93EB4C
SHA-256:	AA8D94BAFEB6C68B49AE1034199B1525460406B96A911830DC13DABA0BB138EE
SHA-512:	F106F10E6E6A92622AE01B39C55A0B7C234B1E05CD22969E6D37CCB0F40D76AA7500578A677CBA60F687FB4BF1AEAEF76B1467899F1CBA6B7BA5F74ABA14F9FE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b8c43be8-6444-4ebe-9bd8-6d9d42afc38b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728897887599,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	5.687670085671387
Encrypted:	false
SSDEEP:	24:Yv6X6hpkJEzvcpLgE7cgD6SOGtnnl0RCmK8czOCYvS1:Yv93kJMUhgs6SraAh8cvYK1
MD5:	8FD1A38ED285726FCB20BA1945F1106D
SHA1:	0210C3220A6D2E8A5315DD7747B316D322D31950
SHA-256:	A70EC57D5E44F9E3797794E6D249BEDC750BDC06C0E9DA38DE316D9FF874453B
SHA-512:	9B52858611A3A24201FD40780DE7A3374514DD4D221DE765259B8F9EB55B5B78B020F8E466F62F7BF8D8A5E3F55B2A296C1BA13E85D0A9AC86A1F4EA45A2CA2B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b8c43be8-6444-4ebe-9bd8-6d9d42afc38b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728897887599,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_2","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"67a3a874-888f-4d96-9f3d-26e70c3e0be1","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgUERGIGZpbGVzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjoiUkdTMDM1MS1FTlUtQ2hhbGxlbmdlcjIifQ==","dataType":"ap

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.652436912558547
Encrypted:	false
SSDEEP:	24:Yv6X6hpkJEzvWVLgEF0c7sbnl0RCmK8czOCYHflEpwiVs:Yv93kJMOFg6sGAh8cvYHWpw1
MD5:	FEFBB7502AC5E4EFB5E4169BAD43CF79
SHA1:	8666EF8A7F89055B72B2A318CC20D4917BB6F608
SHA-256:	B06AFB1C904EEA3975161222C6C686C54BB5CBA4605051110A60192FF2BC32C7
SHA-512:	D5A2759F99113D0E0CF5EAAA242D52E17ADA35D5AFCA275627475B11B094ED67984B10B23AC8BCA684BE3D2E388480E3EE4B8F8DFF10A0C1803D29C145A461B9
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b8c43be8-6444-4ebe-9bd8-6d9d42afc38b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728897887599,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.282392576509263
Encrypted:	false
SSDEEP:	6:YEQXJ2HXxYhAcTx0dJ9VoZcg1vRcR0YGdWoAvJfQ1rPeUkwRe9:YvXKXxYhAakJEZc0v3GY16Ukee9
MD5:	E7679738DC691295A4A2B010D86BC70A
SHA1:	50929A4ABD77E01DA292BB9E34D5F5CCC4F0686D
SHA-256:	3FFB1B2C6985775379D0A70A85FEE1BF25406BCBC050ABE44D386D068792B727
SHA-512:	E3E7AEC0467100C83FA083ED66506850B4C4E434B5593874FEFEFCAD2EF0B306684111681256818F98B74483844267C73FDEFE3E98451FAEABC8D41FD2D621FD
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b8c43be8-6444-4ebe-9bd8-6d9d42afc38b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728897887599,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1098
Entropy (8bit):	5.6877257438000886
Encrypted:	false
SSDEEP:	24:Yv6X6hpkJEzvD2LgEFcs2SOGt0nl0RCmK8czOCUaBtCrfS1:Yv93kJMbogq2SrhAh8cvUgEm1
MD5:	E234FC22E001A4F542FDD3F8F57B6A1C
SHA1:	19AB09C0C1B40F0889EA8DBE04DF4C75B2BCCF44
SHA-256:	678C288D5C11215AAA954D82A8C96D6D6D85352987D1AEA7185D907A2616A03B
SHA-512:	3004D5D984211586C0909FDD8B4A58B3E14F7DDED1CDFF5247261494CFFA85A8A7E566A7D4D17CC1EB733C602896C0B0C16B7653044E83D6D2BBD5DEC5188663
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b8c43be8-6444-4ebe-9bd8-6d9d42afc38b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728897887599,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_0","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"abdf1d9d-2114-4953-95a6-4eed783b9872","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlR1cm4gc2Nhbm5lZCBwYXBlciBkb2N1bWVudHNcbmludG8gaW5zdGFudGx5IGVkaXRhYmxlIFBERnMuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNoYWxsZW5nZXIyIn0=","dataTy

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.700434061532095
Encrypted:	false
SSDEEP:	24:Yv6X6hpkJEzvPKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5s:Yv93kJMXEgqprtrS5OZjSlwTmAfSKS
MD5:	FBF9A20BF6E66C02CA027D94362862AD
SHA1:	01F914B36981A299408085479FF3ACD5DFD44018
SHA-256:	E4E344DCD3572F1BFDA323AA80AEE0E728497A9476EA0347CB68EEDEE6D1CBA8
SHA-512:	6D88BE902452BB2687B42268AFC53B038182E289250C9C25AAA70E1C883D570B066878CEC2F63C763578771F682B0263E4AE6A2823C4A2EDAA98FBA2954E8C43
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b8c43be8-6444-4ebe-9bd8-6d9d42afc38b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728897887599,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.284871559675886
Encrypted:	false
SSDEEP:	6:YEQXJ2HXxYhAcTx0dJ9VoZcg1vRcR0YGdWoAvJfYdPeUkwRe9:YvXKXxYhAakJEZc0v3Gg8Ukee9
MD5:	D90B45BA255BDF4F31DF07B2A18B6832
SHA1:	87E17E3FFC298913E480599466A131A5D46779AA
SHA-256:	C8D1E51F3D8A8F22A314029176E79F7E088427A604E767D501B4562A9ADDAF64
SHA-512:	CD91E6D762B25A33B0E2A9EB714A8E6A8057C68280A2B88F6266C8EE3AACB35CAD9C5F428ACB7EBECDA38E84C2DCEFD260E86DC6630B75210659B5CE2A0CB572
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b8c43be8-6444-4ebe-9bd8-6d9d42afc38b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728897887599,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.78039563926113
Encrypted:	false
SSDEEP:	24:Yv6X6hpkJEzvSrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNE:Yv93kJMqHgDv3W2aYQfgB5OUupHrQ9Fs
MD5:	F4EED74BEC06E134BB7A5213B8D4FAE7
SHA1:	B109F3B710E5BD9EED773EF54A63C779913B6B10
SHA-256:	4B7B9CB6BC2839A9EDCD1B965B5C2039B9546BEDDCB5982E60BD7BE9AFE8FD4C
SHA-512:	B7EE8C6AAE2D3EF5A87CF6E47CC2406BB382F5947B521FA183D25E3CEE6DD8A7CD0E5DCACA545DB1CFDAB1AA170E512A05A55DC4C098D9D89DD6867BDBBEA92D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b8c43be8-6444-4ebe-9bd8-6d9d42afc38b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728897887599,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.268522632884623
Encrypted:	false
SSDEEP:	6:YEQXJ2HXxYhAcTx0dJ9VoZcg1vRcR0YGdWoAvJfbPtdPeUkwRe9:YvXKXxYhAakJEZc0v3GDV8Ukee9
MD5:	A432D9DAA4F2FC5858F9A28808831036
SHA1:	59DFB825ABBB2D04B31810A10B2AEDB6A4C8D243
SHA-256:	0E5D35874FA0ACCFD03D88218334776CB19988DE1C17F6E0950DB17A10B02B8C
SHA-512:	2FF51DC44BC42D8312DF8C724ED9CA4CC696C8A33E7DF9A1B5F6CA96A57B8A681BA98359AE87F44C6ACCEDDD1653722F8BFBD0287E6063448AA2362EBBAF25A3
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b8c43be8-6444-4ebe-9bd8-6d9d42afc38b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728897887599,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.2726503047036335
Encrypted:	false
SSDEEP:	6:YEQXJ2HXxYhAcTx0dJ9VoZcg1vRcR0YGdWoAvJf21rPeUkwRe9:YvXKXxYhAakJEZc0v3G+16Ukee9
MD5:	709CC964B4FE2089A80743F1B5D5B499
SHA1:	BFB90CAFE5D01A0DE1129361BF92AB58E64A5D7D
SHA-256:	D1C60E4AAB3D0D87879872A661E3DF7DA391B98930A2B25492FA021B2B8C92C2
SHA-512:	D9C33F3E2A77BF1DC5E22C3E01E6D8426574639FE10DB4522A2430E0B86C6B59F764629BA32EEAE3B8DA0003B93EEFCACCC149B72051490D650E86FFB4304BF6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b8c43be8-6444-4ebe-9bd8-6d9d42afc38b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728897887599,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1054
Entropy (8bit):	5.666713024966966
Encrypted:	false
SSDEEP:	24:Yv6X6hpkJEzvoamXayLgE6cTg4QSOGtNaqnl0RCmK8czOC/CrfS1:Yv93kJMWBgSXQSrOAh8cv6m1
MD5:	030F7B9C9396F3D6C985DF332F2D2A6C
SHA1:	C1DE725B22D9157044DB444AACED57AE32452521
SHA-256:	9B27B36DDA8F96F0228B3060F2465BDF248C208967A1754488C3911FAFD8EC82
SHA-512:	0B5216B822326831370FBF72C2C0C1DB7C68610BB49F6E4310E6EA804A2A9016668608AA7FC29F3E1F1FD479F3E87328DFEF42B158F93EDB381566BE0D91081B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b8c43be8-6444-4ebe-9bd8-6d9d42afc38b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728897887599,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_1","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"7fe39695-394c-4706-9b50-651e7499d428","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNoYWxsZW5nZXIyIn0=","dataType":"application\/json","encodingScheme":tru

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.247988486608465
Encrypted:	false
SSDEEP:	6:YEQXJ2HXxYhAcTx0dJ9VoZcg1vRcR0YGdWoAvJfshHHrPeUkwRe9:YvXKXxYhAakJEZc0v3GUUUkee9
MD5:	EE47941D51D9F6E0436E969709B6752B
SHA1:	CA0DEE2A9971381F27DEBCCDDA5C01E9962562BA
SHA-256:	6164D3EEE18AE8B4DAB18B9005B28982D76869D5A3BFD92FD9188AA381535DF7
SHA-512:	42CDA3E5CEE69861490CDA45FE93E73049BCBB2FF01252C49DAA8A35F29EF1417154BBF36E420565957CC0ABEA03540E0334CF4762DFCB7693C2DC1DE9464E28
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b8c43be8-6444-4ebe-9bd8-6d9d42afc38b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728897887599,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.3744880801706625
Encrypted:	false
SSDEEP:	12:YvXKXxYhAakJEZc0v3GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWY:Yv6X6hpkJEzv3168CgEXX5kcIfANh1
MD5:	BD3D89CF82756C065F9DB0C4B230B585
SHA1:	2D20B77E01BBF8C271BBDF76F472C771B01B1F5A
SHA-256:	FDBB2EABE985EEDB20D04DF129EE23135C1119E9A0753F559D69F3F925B81061
SHA-512:	3028879C04770E6A82B4A44CA672A86793EEDF92078B027895D829682D11968FC029FC6B979F9DB34DB9848FD5C29FE52F3FCCB3B4D7B2739CDE9CD5556EE96B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"b8c43be8-6444-4ebe-9bd8-6d9d42afc38b","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1728897887599,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1728724652634}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.138023949470626
Encrypted:	false
SSDEEP:	48:Y2fZqJlPzk9IFBPQ6o/2KBikPLUEArU9DoN:bZwlbBFZQ6g2KrzUEsq8N
MD5:	0FFC5E8E52EB3D9EEA6A5FB58FAE8A91
SHA1:	F4439D094FBFB79E88D7B7F53B12267A7ECADB78
SHA-256:	17D8D0560418ACD6CF4E4C0FF897CF73DDEAB6CD789406CCBC9502D58FB25FC3
SHA-512:	1CBE30F00CD91869D0A3AD07723AAA8AEBE67EDC86F0150E9F44C18E77C10BBFCA22FFD471CFF3D96080BD4DC923B951DB2836758742E49BFBC0B535EFE03547
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"0791033783a2d0fcafece45a1057dbf7","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1728724652000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"c89b1b92786c6318dc6c151c261e162b","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1728724652000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"af4197babb20dac3cbe053e323da6bc8","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1054,"ts":1728724652000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"c63a35aaaf918d108efd8f6a64b2a828","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1091,"ts":1728724652000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"86743e1439fcda8d7cb5b8f6cbd8cf8e","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1098,"ts":1728724652000},{"id":"Edit_InApp_Aug2020","info":{"dg":"98678811efafec327d63ab1476294602","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1900022150616176
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUU+SvR9H9vxFGiDIAEkGVvpU:lNVmswUUUUUUUU++FGSItY
MD5:	4845399514B96473AC9147F24FF6409B
SHA1:	7F6E29209F26F273F0C0B1981050D3E5F308179E
SHA-256:	A40894910783A704ABA8CDA747EAA436A78C0AD3B87855B008E459A036D2F57E
SHA-512:	7F6CA0FF2CABA60CAB318894271DF23E35C79D41C0CE0C3BA88E9F73F3A421950895587C36BCE6DB1F2075271EEF4C9281E6FA321DA5A9E68E637FB42B81E28A
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.6076931718049476
Encrypted:	false
SSDEEP:	48:7MZKUUUUUUUUUUsvR9H9vxFGiDIAEkGVvJqFl2GL7ms7:77UUUUUUUUUUcFGSItLKVms7
MD5:	6BD1FFA4DD26E1A2791C88461AC4C1E4
SHA1:	7B1FB0530B2CAF20146F2CFA60CD68E3A9B24B66
SHA-256:	4235F822792D465965FB98BDD46F3BDA3D1205D5F0F286C620DEF292CDC4BFD3
SHA-512:	3D363B00FE3A606317246812E15DEE63B5A423E38E3D70A38C17E830A5969F8FB362E480DA797E48AD2AC560CF7DB4597733130321F0E2B3D88973C463DDCF5A
Malicious:	false
Preview:	.... .c.......y.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIfbdee.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.511206980872271
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8qKRWfUI6wlYH:Qw946cPbiOxDlbYnuRKtK+DjlYH
MD5:	1E9D7F9E8AE40CE2228B0DC0426F8D2E
SHA1:	A277A9EE069F9E08A81911ABF276DC005334E031
SHA-256:	F2055AD11C9B69E844462126034B6C7D6BF67355462A8AD4E1D3075D1AFA9E6A
SHA-512:	EAA3E94C2A3474E0F0E247BF7CF494E6BF84EDEDA35ECD435A78AD992ADB3BEA2F374D6083F9347687052EFF9806E10CE404687293CD60A8CC4764C223DD8C8B
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.2./.1.0./.2.0.2.4. . .0.5.:.1.7.:.3.0. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A915a5opu_zp8a5e_3i8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	144514
Entropy (8bit):	7.992637131260696
Encrypted:	true
SSDEEP:	3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
MD5:	BA1716D4FB435DA6C47CE77E3667E6A8
SHA1:	AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
SHA-256:	AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
SHA-512:	65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
Malicious:	false
Preview:	PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..\|....,.A.....Z..a<.C._..../G\|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.\|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r\|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?\|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A916wfshm_zp8a5f_3i8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.08402887492563
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOht0XNkLjXIt0XNkLjgqLCSyAAO:IngVMre9T0HQIDmy9g06JXxt8MYt8MtR
MD5:	32EB9555F2781E8FD08ED6616D55EE5B
SHA1:	2A12B16E0E934603FED03AE8BB6E4FB11C4EADD2
SHA-256:	16A9CB328444E2538E8950A8111C9BB47DE9B385A4C384D2724FFDE435A02626
SHA-512:	4CE9071AD0DC6350235AC6B73F4726AFBA26D9307ECE9F82ACC2A67AD44A98758D70D01E7DF6668DD15BB23F249170569F7F7CC5DE6BDB1FC16EC5FFCBDF0556
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<63909D80545A3D479C28A34BE2DBBFD8><63909D80545A3D479C28A34BE2DBBFD8>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91j6g7gy_zp8a5d_3i8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	144514
Entropy (8bit):	7.992637131260696
Encrypted:	true
SSDEEP:	3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
MD5:	BA1716D4FB435DA6C47CE77E3667E6A8
SHA1:	AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
SHA-256:	AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
SHA-512:	65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
Malicious:	false
Preview:	PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..\|....,.A.....Z..a<.C._..../G\|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.\|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r\|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?\|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-12 05-17-25-863.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.342836048745409
Encrypted:	false
SSDEEP:	384:sBdk1JXyfjc01+JhHuMyCs1dqpC4DdB0uV5FPOy9Nq17CR/ewFm0YJF8ti8TlgYD:+Mj
MD5:	5BB26AF9D9B95FE9C546B7C39E2FADEE
SHA1:	A6FBCCF884AE2071E9E86CDE7F621A3626C2AF7A
SHA-256:	AC97D92D97BCA8FA2E8B53A5EADA7D8DE2F1940D2E652263B5BF332BB1D341FA
SHA-512:	5F8ECDA89D90B57C5AE705DD39A1C20C4236990D77827FB9493F167D47F0536710C2391FD714BAF0A80B2B1A227EE265D7B640DB0BCD4C1EA8228320D016AB05
Malicious:	false
Preview:	SessionID=e55a85f0-9023-4fc0-9def-eb7875295474.1728724645999 Timestamp=2024-10-12T05:17:25:999-0400 ThreadID=5428 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=e55a85f0-9023-4fc0-9def-eb7875295474.1728724645999 Timestamp=2024-10-12T05:17:26:001-0400 ThreadID=5428 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=e55a85f0-9023-4fc0-9def-eb7875295474.1728724645999 Timestamp=2024-10-12T05:17:26:001-0400 ThreadID=5428 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=e55a85f0-9023-4fc0-9def-eb7875295474.1728724645999 Timestamp=2024-10-12T05:17:26:001-0400 ThreadID=5428 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=e55a85f0-9023-4fc0-9def-eb7875295474.1728724645999 Timestamp=2024-10-12T05:17:26:001-0400 ThreadID=5428 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.389258962979928
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rK:+
MD5:	78861E1600791362DCCCAB91D2B0C8F8
SHA1:	FDB643EB444F1E41EF3702F2640764857E73D740
SHA-256:	91B1B990B9A6A94B4A0CFAD8381E7AFDDD0BAB3CE7C9FAA8695182C6874D2228
SHA-512:	A6D47005280DB2EFB5B25734AE5C27A384FF22204F9781B99AB2D2955A25C4C9D0422DF2D7B8DFCDC0E1D431502B41E5B0D17CF85ABC1CD6AFABEAB6EB6F4969
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\272dfc83-0a3e-45d9-99d5-0addd9260837.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 647360
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/n5ZwYIGNPzWL07o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07tGZd:xZwZG5WLxB3mlind9i4ufFXpAXkrfUsb
MD5:	E78E4D1CA18BE28748F65C3A192DAFB2
SHA1:	78AD6025CB470EFB9ECA8FF1ED41F617372D1F9F
SHA-256:	F4B25F5C5BE48E151080D9CC24C8A4662CBB591A6B32037DB8D7ADE1828D8849
SHA-512:	E170C9BD3B6BB575244FCD380334D763C30352586F60824A67868EAE8E895BE0601D51670FCC304724BDF321CE8EF64881E606C9CF4C18C5817DFB5A679E44D6
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\ac0009b7-d177-4ca5-9578-ec738e4f90eb.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:6DaWL07oXGZGwYIGNPJNdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:caWLxXGZGwZGh3mlind9i4ufFXpAXkru
MD5:	7867DAFF192926A49EB7516D226D452F
SHA1:	BD0B185B12DB865CEA23060A9789C6B2D814B62E
SHA-256:	C7586BA81615BBAA63DA0D81CE18C0D087D1237500C99C35239A4D3CAEED2934
SHA-512:	B556042E82056983EA6A69AEE0DAB370641437EF6239FD04676FC26EC9472C6E5EF6194885C165E3987E8019321DCD9B4A574EA7A6253AC3C9468434AEAA0C21
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\c965067c-5943-4a4f-b740-b380fac04524.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\ce586308-1946-41e1-88b5-b7839c14503e.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 921996
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+fBYCERXTJJl:O3Pjegf121YS8lkipdjMMNB1DofjEGJH
MD5:	BAEB02CA18ECB74EF8E03548852D207E
SHA1:	938A6EC3EDE559AC243A95F30E8AB9FC7B0FCCFF
SHA-256:	6600D8F4A7E866FBB4A67A02983976662050AF139C88C978748CC221E899E92D
SHA-512:	1E7BE870ED21E20E9DA74C71B57C2BC6A41AB0039DD45DB76115157C1F97D6DE581DBBBA25B9FF3D55E3A164498A9E92A609B1F11586BEDFE9EF150BD607E8CC
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.66829583405449
Encrypted:	false
SSDEEP:	3:So6FwHn:So6FwHn
MD5:	DD4A3BD8B9FF61628346391EA9987E1D
SHA1:	474076C122CACAAF112469FC62976BB69187AA2B
SHA-256:	7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
SHA-512:	FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
Malicious:	false
Preview:	<</Settings [/c <<>>].>>

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	98682
Entropy (8bit):	6.445287254681573
Encrypted:	false
SSDEEP:	1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L
MD5:	7113425405A05E110DC458BBF93F608A
SHA1:	88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF
SHA-256:	7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46
SHA-512:	6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D
Malicious:	false
Preview:	0...u0...\...0....H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240807121815Z..240814121815Z0..~.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!... .}...\|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	737
Entropy (8bit):	7.501268097735403
Encrypted:	false
SSDEEP:	12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa
MD5:	5274D23C3AB7C3D5A4F3F86D4249A545
SHA1:	8A3778F5083169B281B610F2036E79AEA3020192
SHA-256:	8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97
SHA-512:	FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574
Malicious:	false
Preview:	0...0.....0....H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..240806194648Z..240827194648Z.00.0...U.#..0.......q]dL..g?....O0...U........0....H.............vz..@.Nm...6d...t;.Jx?....6...p...#.[.......o.q...;.........?......o...^p0R.......~....)....i.n;A.n.z..O~..%=..s..W.4.+........G...*..=....xen$_i"s..\...L..4../<.4...G.....L...c..k@.J.rC.4h.c.ck./.Q-r53..a#.8#......0.n......a.-'..S. .>..xAKo.k.....;.D>....sb '<..-o.KE...X!i.].c.....o~.q........D...`....N... W:{.3......a@....i....#./..eQ...e.......W.s..V:.38..U.H{.>.....#....?{.....bYAk'b0on..Gb..-..).."q2GO<S.C...FsY!D....x..]4.....X....Y...Rj.....I.96$.4ZQ&..$,hC..H.%..hE....

Static File Info

General

File type:	PDF document, version 1.5, 3 pages
Entropy (8bit):	7.859090789958675
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	2103.03530.pdf
File size:	531'192 bytes
MD5:	3da6fc38f72ce9f6596fce1c967d0460
SHA1:	7a4ef43e8deb10b958b922c403cf7bd4d73ddaba
SHA256:	c47a2e761bd82ed897165081ba24b752d87ca640c51a133cbb27981d0ee63902
SHA512:	f2631c45566fc08ca1fe89d442aa34120731ed49c9ef5f02c639202e807cd3e5b9291c8beb4d8816b3fa18fe70fa8c9824a51cbcdcb4bd3d97134f3541397d4f
SSDEEP:	12288:5zKuKIHM4Qi0JtbD9cvobpgZq+HEzjQtc:5zK1kGi0bX9cveIHm/
TLSH:	0DB4E194A45C4CCDFC87D7B6DD2B3B6C8B4D731346985889313CB916B7478A8AA839C3
File Content Preview:	%PDF-1.5.%..88 0 obj.<< /Filter /FlateDecode /Length 3587 >>.stream.x..Z.....}...[4....%~.m.M....`..}....c..Ijg._.:U......`.auuu.Y].S.z...O..0..7.........W....&..,.7...$..0.dQ................O.^...M..i.bH.{~RP.K7e......m..g..MS..k..=...7..1..W][...].]/..r

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.5
Total Entropy:	7.859091
Total Bytes:	531192
Stream Entropy:	7.907765
Stream Bytes:	481628
Entropy outside Streams:	5.015631
Bytes outside Streams:	49564
Number of EOF found:	2
Bytes after EOF:

Keywords Statistics

Name	Count
obj	298
endobj	298
stream	23
endstream	21
xref	2
trailer	2
startxref	2
/Page	8
/Encrypt	0
/ObjStm	3
/URI	44
/JS	0
/JavaScript	0
/AA	0
/OpenAction	2
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5
73	4747074606064607	a2a75969b372b8e61d8dffcb0745a103
93	0000000000000000	f9880daaf4431098407e2c765e70bec6
82	38716167676e6866	353fea9b19751a63ec3ed3810b8613b5
94	0000000000000000	fc4dbe97cf246daba548f60c1339900c

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 2784, Parent PID: 2580

General

Target ID:	0
Start time:	05:17:21
Start date:	12/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\2103.03530.pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 1852, Parent PID: 2784

General

Target ID:	3
Start time:	05:17:22
Start date:	12/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7188, Parent PID: 1852

General

Target ID:	6
Start time:	05:17:23
Start date:	12/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1736,i,11847260277344383352,9453903226599460595,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 2103.03530.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\5d838aff-128c-45b1-972e-daf8cd72a177.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF406ceb.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c0425415-f542-41df-9e45-ac6b4375a010.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241012091728Z-216.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4544

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Windows Analysis Report
2103.03530.pdf