Edit tour

Windows Analysis Report
Dr. Lindsay Chropractic Corporation Spine Fit Rehab & Wellness (24-10-2024 - Submission).pdf

Overview

General Information

Sample name:	Dr. Lindsay Chropractic Corporation Spine Fit Rehab & Wellness (24-10-2024 - Submission).pdf
Analysis ID:	1542219
MD5:	3eeac61ae9da7c2d2084d0faba3be42e
SHA1:	e44d7bc5cb1440d56a55d34336b951ac0043d52d
SHA256:	ba8a07ae916344599fda196821b2521ac936e3e7ff3195061bbfb5706c25b2a7
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Potential document exploit detected (performs DNS queries)

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 2108 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Dr. Lindsay Chropractic Corporation Spine Fit Rehab & Wellness (24-10-2024 - Submission).pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 3288 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6788 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1648,i,14260087224443745936,13656865562564589586,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic	DNS query: name: x1.i.lencr.org
Source: global traffic	DNS query: name: x1.i.lencr.org
Source: global traffic	DNS query: name: x1.i.lencr.org

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: Dr. Lindsay Chropractic Corporation Spine Fit Rehab & Wellness (24-10-2024 - Submission).pdf	String found in binary or memory: http://ns.policyworks.com/SmartDocuments/2.0/
Source: Dr. Lindsay Chropractic Corporation Spine Fit Rehab & Wellness (24-10-2024 - Submission).pdf	String found in binary or memory: http://www.pdf-tools.com
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.dr	String found in binary or memory: http://x1.i.lencr.org/

Source: classification engine

Classification label: clean0.winPDF@14/43@3/0

Source: Dr. Lindsay Chropractic Corporation Spine Fit Rehab & Wellness (24-10-2024 - Submission).pdf

Initial sample: http://www.pdf-tools.com\

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-25 11-03-20-192.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Dr. Lindsay Chropractic Corporation Spine Fit Rehab & Wellness (24-10-2024 - Submission).pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1648,i,14260087224443745936,13656865562564589586,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1648,i,14260087224443745936,13656865562564589586,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Dr. Lindsay Chropractic Corporation Spine Fit Rehab & Wellness (24-10-2024 - Submission).pdf	Initial sample: PDF keyword /JS count = 0
Source: Dr. Lindsay Chropractic Corporation Spine Fit Rehab & Wellness (24-10-2024 - Submission).pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Dr. Lindsay Chropractic Corporation Spine Fit Rehab & Wellness (24-10-2024 - Submission).pdf

Initial sample: PDF keyword /Page count = 16

Source: Dr. Lindsay Chropractic Corporation Spine Fit Rehab & Wellness (24-10-2024 - Submission).pdf

Initial sample: PDF keyword stream count = 61

Source: Dr. Lindsay Chropractic Corporation Spine Fit Rehab & Wellness (24-10-2024 - Submission).pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Dr. Lindsay Chropractic Corporation Spine Fit Rehab & Wellness (24-10-2024 - Submission).pdf

Initial sample: PDF keyword obj count = 123

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	1 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://x1.i.lencr.org/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
x1.i.lencr.org	unknown	unknown	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.1.dr	false	URL Reputation: safe	unknown
http://ns.policyworks.com/SmartDocuments/2.0/	Dr. Lindsay Chropractic Corporation Spine Fit Rehab & Wellness (24-10-2024 - Submission).pdf	false		unknown
http://www.pdf-tools.com	Dr. Lindsay Chropractic Corporation Spine Fit Rehab & Wellness (24-10-2024 - Submission).pdf	false		unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1542219
Start date and time:	2024-10-25 17:02:12 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Dr. Lindsay Chropractic Corporation Spine Fit Rehab & Wellness (24-10-2024 - Submission).pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/43@3/0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.43.60.134, 2.19.126.143, 2.19.126.149, 34.193.227.236, 18.207.85.246, 107.22.247.231, 54.144.73.197, 162.159.61.3, 172.64.41.3, 2.23.197.184, 88.221.168.141, 2.22.242.123, 2.22.242.11
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: Dr. Lindsay Chropractic Corporation Spine Fit Rehab & Wellness (24-10-2024 - Submission).pdf

Simulations

Behavior and APIs

Time	Type	Description
11:03:31	API Interceptor	1x Sleep call for process: AcroCEF.exe modified

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.199773928373682
Encrypted:	false
SSDEEP:	6:rnAmq2Pwkn2nKuAl9OmbnIFUt8GpsZmw+GpMkwOwkn2nKuAl9OmbjLJ:lvYfHAahFUt8es/+eM5JfHAaSJ
MD5:	5C9D5C4052760A951960D34240370E6C
SHA1:	D3C39CD77D8C57798221E4B42881F99C982A75DE
SHA-256:	E258BA28040D5EA9B4DF5E04D2DA7B161BA6609524CDA2B77C0B8B6C50FA36E7
SHA-512:	72D43A708A318EF1A407AB7F38CC7A863A5C80AF07B9E28E000EBAEAD4420F91E8DE0D03ECC85EDAE63076A4B90E39C1A75B2D3685E66CB81B73316064C6E071
Malicious:	false
Reputation:	low
Preview:	2024/10/25-11:03:17.967 e00 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/25-11:03:17.969 e00 Recovering log #3.2024/10/25-11:03:17.969 e00 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.199773928373682
Encrypted:	false
SSDEEP:	6:rnAmq2Pwkn2nKuAl9OmbnIFUt8GpsZmw+GpMkwOwkn2nKuAl9OmbjLJ:lvYfHAahFUt8es/+eM5JfHAaSJ
MD5:	5C9D5C4052760A951960D34240370E6C
SHA1:	D3C39CD77D8C57798221E4B42881F99C982A75DE
SHA-256:	E258BA28040D5EA9B4DF5E04D2DA7B161BA6609524CDA2B77C0B8B6C50FA36E7
SHA-512:	72D43A708A318EF1A407AB7F38CC7A863A5C80AF07B9E28E000EBAEAD4420F91E8DE0D03ECC85EDAE63076A4B90E39C1A75B2D3685E66CB81B73316064C6E071
Malicious:	false
Reputation:	low
Preview:	2024/10/25-11:03:17.967 e00 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/25-11:03:17.969 e00 Recovering log #3.2024/10/25-11:03:17.969 e00 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.101926414620962
Encrypted:	false
SSDEEP:	6:RtDM+q2Pwkn2nKuAl9Ombzo2jMGIFUt8kCgZmw+lSDMVkwOwkn2nKuAl9Ombzo23:s+vYfHAa8uFUt8g/+l3V5JfHAa8RJ
MD5:	8E349486F934DA2FA0E609016E0B3EF4
SHA1:	3D7FBB6C32DB0D918785F7EC325DCA4A174F1B86
SHA-256:	DA6C72BEE8C4FE90C220EB604ACD460752E117284358FB2F305D38635E55D09B
SHA-512:	5A0D02B9E1E47E02B8499B0A3070EC0F0E1F9A0B1A0145FA35E1B387E5FE193824E322ED839393F8C7B7D42323E6BB103B14FED7769D551C65B240E013F88FB8
Malicious:	false
Reputation:	low
Preview:	2024/10/25-11:03:18.020 1c1c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/25-11:03:18.021 1c1c Recovering log #3.2024/10/25-11:03:18.022 1c1c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.101926414620962
Encrypted:	false
SSDEEP:	6:RtDM+q2Pwkn2nKuAl9Ombzo2jMGIFUt8kCgZmw+lSDMVkwOwkn2nKuAl9Ombzo23:s+vYfHAa8uFUt8g/+l3V5JfHAa8RJ
MD5:	8E349486F934DA2FA0E609016E0B3EF4
SHA1:	3D7FBB6C32DB0D918785F7EC325DCA4A174F1B86
SHA-256:	DA6C72BEE8C4FE90C220EB604ACD460752E117284358FB2F305D38635E55D09B
SHA-512:	5A0D02B9E1E47E02B8499B0A3070EC0F0E1F9A0B1A0145FA35E1B387E5FE193824E322ED839393F8C7B7D42323E6BB103B14FED7769D551C65B240E013F88FB8
Malicious:	false
Reputation:	low
Preview:	2024/10/25-11:03:18.020 1c1c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/25-11:03:18.021 1c1c Recovering log #3.2024/10/25-11:03:18.022 1c1c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\8c98ff50-e130-474d-bea7-ca56fea0e52e.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.971316048517525
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqAOxsBdOg2H8gcaq3QYiubInP7E4T3y:Y2sRds/bdMH8L3QYhbG7nby
MD5:	24AB171235194FB7386480CEF1E2977E
SHA1:	0F671571733CBD55F66D1D422BAC7190B84DAB46
SHA-256:	D9B456F058F5627BC7A5B61FF905898A8F79C34F80BDB6A53D9C83DA61C8B497
SHA-512:	BDBF1ABA02E54FE12C0184C6C90C206967276543FDC98AB2483A611C7B8AD3B5706DAD697E63A09125A2FB69F56BB3ED38A3F1CD33F7E04A4E73197DC8E8505E
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374428604181272","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":256057},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.971316048517525
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqAOxsBdOg2H8gcaq3QYiubInP7E4T3y:Y2sRds/bdMH8L3QYhbG7nby
MD5:	24AB171235194FB7386480CEF1E2977E
SHA1:	0F671571733CBD55F66D1D422BAC7190B84DAB46
SHA-256:	D9B456F058F5627BC7A5B61FF905898A8F79C34F80BDB6A53D9C83DA61C8B497
SHA-512:	BDBF1ABA02E54FE12C0184C6C90C206967276543FDC98AB2483A611C7B8AD3B5706DAD697E63A09125A2FB69F56BB3ED38A3F1CD33F7E04A4E73197DC8E8505E
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374428604181272","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":256057},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.2495865691478265
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo72q6fP3F6Z:etJCV4FiN/jTN/2r8Mta02fEhgO73go9
MD5:	0D2563BBE6D26A686F3B085F449DF24C
SHA1:	B1871B40A31276595A89675CAC8082E1557951CA
SHA-256:	2C464B8B0FCD966B3698AE2C6A34F3D162DA980BC062A6296692D4CB0B62A11A
SHA-512:	FFB7CB33EE48BEC04726E5258C185D4980C55274CADA6522D06FFA511F810E8C0DEBD16094B917DF54A49CEFDB67F4B00C012018E398C1FBBC1EE1E69591CE17
Malicious:	false
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.113460948199404
Encrypted:	false
SSDEEP:	6:lxXSDM+q2Pwkn2nKuAl9OmbzNMxIFUt8IS6gZmw+IstDMVkwOwkn2nKuAl9OmbzE:lxX3+vYfHAa8jFUt8IS//+I/V5JfHAab
MD5:	9D54593A6F5730116C74E85752326EDA
SHA1:	9D695AE0D7D3ECCCE026BE23734B07FA8156CEDB
SHA-256:	5C8E8C7CF0F2F8CF19CE1EEF01AE406B0CFA0A018D34C6F3638C470ECD482581
SHA-512:	B3B5AE38A9C332617C3E6CC54695B42C43996A89209736915FDEEB86C57E5170B05E90FADDC6F27BDD11B50537E6BD68DEE9D0AEEC83331A22FC7C22F98BC8C4
Malicious:	false
Preview:	2024/10/25-11:03:19.002 1c1c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/25-11:03:19.029 1c1c Recovering log #3.2024/10/25-11:03:19.040 1c1c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.113460948199404
Encrypted:	false
SSDEEP:	6:lxXSDM+q2Pwkn2nKuAl9OmbzNMxIFUt8IS6gZmw+IstDMVkwOwkn2nKuAl9OmbzE:lxX3+vYfHAa8jFUt8IS//+I/V5JfHAab
MD5:	9D54593A6F5730116C74E85752326EDA
SHA1:	9D695AE0D7D3ECCCE026BE23734B07FA8156CEDB
SHA-256:	5C8E8C7CF0F2F8CF19CE1EEF01AE406B0CFA0A018D34C6F3638C470ECD482581
SHA-512:	B3B5AE38A9C332617C3E6CC54695B42C43996A89209736915FDEEB86C57E5170B05E90FADDC6F27BDD11B50537E6BD68DEE9D0AEEC83331A22FC7C22F98BC8C4
Malicious:	false
Preview:	2024/10/25-11:03:19.002 1c1c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/25-11:03:19.029 1c1c Recovering log #3.2024/10/25-11:03:19.040 1c1c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241025150322Z-171.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.025755477162734
Encrypted:	false
SSDEEP:	96:vkkCyz6jMnpnv6YNwMMPMMMMSUnMM9vEB5xxFsp3EHmflAMMUMMMyMMEUM4MEMM9:vrPE8HKge
MD5:	EE4187A8B79383624360F42AD45559BC
SHA1:	6761DF105612BC66A05DD941E034BB0F654984DD
SHA-256:	EB8443C289D299FF764B3A29F538C696686DB62E331F5B6B7A36E52D0FEC83ED
SHA-512:	C7028829C83D4C1D4FCA9D3A845E3DA66CE5D17AE5BC69CB009E35DBAB6E28961375DB7E0ED93D5478BB17CE9A1A0B01CCC124A3AC819E6167B16C3E9D9A4B95
Malicious:	false
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.444921300683469
Encrypted:	false
SSDEEP:	384:yezci5tkiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rTs3OazzU89UTTgUL
MD5:	EB60BECA4639BA27A08E6E80A6C3FBA5
SHA1:	23053F1F0DE699F7C1DD0FE72F931CDA3E167A04
SHA-256:	ED160B7309036A4555B4DEB6ED3B95A3884E7E631E8DCBB7BED7F4138C77F016
SHA-512:	050B948A5671846CC9E1CC595294F0CED76AEC955AA461799792D9C4B370C66F668721EF3081719315F3A1C44B8B926FE58BB24584170EB1460F84AC8F61BE54
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.772109723282363
Encrypted:	false
SSDEEP:	48:7MDp/E2ioyVaioy9oWoy1Cwoy1OKOioy1noy1AYoy1Wioy1hioybioywoy1noy1c:70pjuaF1XKQNRb9IVXEBodRBke
MD5:	754073D00B94C907A8D5CB92D33ADA4F
SHA1:	F215924B7F944E04882FEB72F154F6D55BBB38E9
SHA-256:	ED526B5054CF078204DC19604152BA9BA6D2A1FE2DB6FA76294CA49B8DE27556
SHA-512:	41B546FD18C1F17858559FD2C839BD8BF494E5FDB8D599ADCFE95585D4B8BD77D89D4225014438DAB2CF9F79E34EB4188F87BB3EB7E8B7567C5B8D57BD71EA7D
Malicious:	false
Preview:	.... .c...... ]d...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.779094196322516
Encrypted:	false
SSDEEP:	3:kkFklMMkNttfllXlE/HT8kkXzXNNX8RolJuRdxLlGB9lQRYwpDdt:kKVMEteT8ZzdNMa8RdWBwRd
MD5:	E69D5BD918BE9665278B99FD07431F99
SHA1:	904D8E6E05EA01CC75DE63BC1F4039CFEE741556
SHA-256:	6FB32FB14A1508A6C3391DD5E77FC85C95A71D8055603879805EEEA5E8207341
SHA-512:	FD31120AE6590E18940A84DC65904A858F515CDFC8DD3E43AF81CC8C7B840FB928A6257BE7101B6BEAC96DBE1FDE266CCEC95FCF42A6C1704AD445F094A023B4
Malicious:	false
Preview:	p...... .............&..(....................................................... ..........W....AA..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	243196
Entropy (8bit):	3.3450692389394283
Encrypted:	false
SSDEEP:	1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
MD5:	F5567C4FF4AB049B696D3BE0DD72A793
SHA1:	EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
SHA-256:	D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
SHA-512:	E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.351131161776853
Encrypted:	false
SSDEEP:	6:YEQXJ2HXo3rGPHJ9VoZcg1vRcR0YmoAvJM3g98kUwPeUkwRe9:YvXKXobEHJEZc0vmGMbLUkee9
MD5:	84A078F5353A48539AA0EA0C08699D03
SHA1:	F2F8DD2963647A4225A8FABFA867A544A0CE30F8
SHA-256:	FB7907C9E4D818D4677A30EF55A337DC5A28668F5FC2EFBDB3F517023F0AE9BA
SHA-512:	E4B00DA2D5FA97E2E22ABD11F35500A1D4789D3D6B9A19BBF0842209D99A5399C50E6F02934B2B726F5946A13C9AC3914662839C1AB47C8CCA80547B848F932D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"df5b80fe-ccca-4249-8eb9-1d3057740990","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730044210254,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.299650279380933
Encrypted:	false
SSDEEP:	6:YEQXJ2HXo3rGPHJ9VoZcg1vRcR0YmoAvJfBoTfXpnrPeUkwRe9:YvXKXobEHJEZc0vmGWTfXcUkee9
MD5:	B06653893102187B84792CE2DDF131B5
SHA1:	D4A543AA4F39C2F0E79AB8321A31AAED4D60F1ED
SHA-256:	2FFD7E11561949D0AF1B1AFDCF7AFC46852879657513623EFA3EDF0874A41F4C
SHA-512:	977FC11E2FFFA8AD5A6F4B6D0333A71A509939B134A7787899146640727A6B2FFF63099BACC8C9DFB566C2F6AE2882628F5E4F1B51124DB7E778A4110C2BE036
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"df5b80fe-ccca-4249-8eb9-1d3057740990","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730044210254,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.277789194126201
Encrypted:	false
SSDEEP:	6:YEQXJ2HXo3rGPHJ9VoZcg1vRcR0YmoAvJfBD2G6UpnrPeUkwRe9:YvXKXobEHJEZc0vmGR22cUkee9
MD5:	9695C41C92D91F755F42E35DBB859162
SHA1:	B3A87DBE2DD2348FA058085979E65491157D8FC2
SHA-256:	C4CD3B4F22A95220970AC5F2586F736752B8B31A78C22A63D5BEDF3E88782BBF
SHA-512:	C6A124CA0D22C22F1F8A0C1848CDEA02689FB3220721A8A97396B66F68B12C6E5EE9A6397FEBA2106EAED526FF59C57F12C11F3C931AECECBCE66D8BFCBEEB87
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"df5b80fe-ccca-4249-8eb9-1d3057740990","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730044210254,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.337712467110947
Encrypted:	false
SSDEEP:	6:YEQXJ2HXo3rGPHJ9VoZcg1vRcR0YmoAvJfPmwrPeUkwRe9:YvXKXobEHJEZc0vmGH56Ukee9
MD5:	3001BE137858FC693D1D70A8F2474E4B
SHA1:	8D7F79210412E75E8838A3687BE7341723DF1868
SHA-256:	4CF06146E7048B7DD9730729624F116EC6737CF3C29F57E11985BE96B2ABBB37
SHA-512:	928C4627BB95F4B7B20F5A03F4E39B6F790D9AB0DAC5B2AEB9A2716CCB2959B8D2879DBBE8163FE4726A7678FCBBC073014B8DCDE268C4C68305931BD437DF37
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"df5b80fe-ccca-4249-8eb9-1d3057740990","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730044210254,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1055
Entropy (8bit):	5.6599410185233525
Encrypted:	false
SSDEEP:	24:Yv6Xob02zvzpLgEscLf7nnl0RCmK8czOCCSBaY:Yv5b0ubhgGzaAh8cv/h
MD5:	F1D325F078E2530A95C89DCDD4CC2BF8
SHA1:	97A224AECB9DB66CD1E49ED48BD7FB60799C2A5F
SHA-256:	23EB4590EE118946BD81162DE055FB7A9116D05FE1B05695242FC595970E4D82
SHA-512:	E65E5E8C0C9878DA80DBC50025E1F22AF7D39B991846AA52E0E365F0350E67EA840CBFB97E027D825E67D7495D02D744AA964C26EF4B1AD07EC4BB67A2222ACB
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"df5b80fe-ccca-4249-8eb9-1d3057740990","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730044210254,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_1","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"eb1a4bce-8215-46f1-b44c-154b21a85d60","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingScheme":tr

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.6510371818167195
Encrypted:	false
SSDEEP:	24:Yv6Xob02zvvVLgEF0c7sbnl0RCmK8czOCYHflEpwiVIaY:Yv5b0uXFg6sGAh8cvYHWpwh
MD5:	C29552D441EE8260448E16A125C99E8E
SHA1:	4EADD8EEDB435D1F6D33598932D08FF918EB1825
SHA-256:	18C1925DCA5B55708FF812D2152555274F63FEB7DB0502269EE4909A61A3431F
SHA-512:	E183F8CAAC55AB62527EE92753D1D34E2E45BB39C111721EE27CAC54EC719140DB7F55734A9F777CB3E3CFA038D5D2957114AB95E263B321DAE0C5B8E02B4F9B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"df5b80fe-ccca-4249-8eb9-1d3057740990","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730044210254,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.287583702236033
Encrypted:	false
SSDEEP:	6:YEQXJ2HXo3rGPHJ9VoZcg1vRcR0YmoAvJfQ1rPeUkwRe9:YvXKXobEHJEZc0vmGY16Ukee9
MD5:	D938EFE1D6012DEFF28F9995B032D017
SHA1:	726BC6A2942C7B8AC8F3B49226A3B3682989D3A2
SHA-256:	286FFD71D7E35E4FCF7C981148403B2D09F107ABB169D4F47D99A834D7D86010
SHA-512:	FA25F95A490305CD098AE0083CA5A7E5B50259AA54C5EDF1C8E24516690BBA131AB838947BBCFF9EEAD2938F7BC44E9D0CFD763F57B49FE4A4A34B2575AA3089
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"df5b80fe-ccca-4249-8eb9-1d3057740990","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730044210254,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1038
Entropy (8bit):	5.644359601671782
Encrypted:	false
SSDEEP:	24:Yv6Xob02zv+2LgEF7cciAXs0nl0RCmK8czOCAPtciBIaY:Yv5b0uGogc8hAh8cvAy
MD5:	4D350DFF04EE98B4FCADFDBAD6CC3183
SHA1:	8A9C21FD310960D78B509AA2BF181DD5966A8054
SHA-256:	B8C72FC986E860E55776C96296D48D31D075489B790A678434A4738D6C8F6DF6
SHA-512:	BA51CC1232BBB138D18782FA4B04CE70F2325019B69A22AA41D05D21A1F0725392BF7FCBE8DB86C924B78773F6920FE8C115D6EB3B903E8B44645D537AA34C38
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"df5b80fe-ccca-4249-8eb9-1d3057740990","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730044210254,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.699049584728699
Encrypted:	false
SSDEEP:	24:Yv6Xob02zvyKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5IaY:Yv5b0uqEgqprtrS5OZjSlwTmAfSKO
MD5:	ADAB80C76A5A12E3E380974F31FD64A7
SHA1:	A2C52C1FB030F085EF546D3E1F53B7224CA3E0A2
SHA-256:	938CFCD9FB6058F4B7F523B6FDDA7FB9BE9532E5971F909D7E58EA512A4BAC8F
SHA-512:	A2E89F81487C0B4C7D90B91BCC9195FC1E1197AD4E638BB2D101418CF115B1E25C0EADE1AA50729A3FEF53A04D62F7CC475ECDE0C465E89CB55FFC476C6041FB
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"df5b80fe-ccca-4249-8eb9-1d3057740990","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730044210254,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.2905710200901535
Encrypted:	false
SSDEEP:	6:YEQXJ2HXo3rGPHJ9VoZcg1vRcR0YmoAvJfYdPeUkwRe9:YvXKXobEHJEZc0vmGg8Ukee9
MD5:	2FBCE431A3AED56EF24B46E9DEC3F95A
SHA1:	5012BB380B159C5191BA08C837F1D4E77D0C7132
SHA-256:	90FD0FF0E8E084C824AE07AFFB501890F0829A4A561508C3E5D80BBCFF310762
SHA-512:	EEAA46950D1509BD1816C28AE165301FE08007E9E13C568CE003A212E54EE9BE91DF50A47280EBAFEADAAE01BC6608615C05899BAEC08502A93CC601AC9096C2
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"df5b80fe-ccca-4249-8eb9-1d3057740990","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730044210254,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.775427116945337
Encrypted:	false
SSDEEP:	24:Yv6Xob02zvxrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNgaY:Yv5b0uZHgDv3W2aYQfgB5OUupHrQ9FJO
MD5:	37C27D1FB13F89C9BA979A75BAB6EBAA
SHA1:	BBD31EBF59C869BD04E62CFD14BA9697E7A78011
SHA-256:	EF72CB2375D9411ABD174EA764DA8F08D8F50DB8F0E6F1FBF0293133A5D2BEE7
SHA-512:	9BD8B543943E1DCD2309A2BDAE7DD9DFE3397A1AF56E863241966BF9ADFC739EA467D7704A90748C96DB2D72D5248BC04C75506B893E65D5025538CCD6800185
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"df5b80fe-ccca-4249-8eb9-1d3057740990","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730044210254,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.274182921749652
Encrypted:	false
SSDEEP:	6:YEQXJ2HXo3rGPHJ9VoZcg1vRcR0YmoAvJfbPtdPeUkwRe9:YvXKXobEHJEZc0vmGDV8Ukee9
MD5:	3A61F291393DCEA84C5313824A4A8901
SHA1:	A0007A670C6F8A2D4BC7D8DE284DC230E3C0683F
SHA-256:	A142D830908594D4FBEEA895A23ACBE881DEF03263FC55F265B1B47BE1ECA8C3
SHA-512:	D1F7F02435B9A31F39BC903E9D3FAD02CB6D33CB9ECBCC6617EE12A5AE2EBAC3053B6D496FE3D98DB7BAD5A9BD5AD87B1D65CBEE0B59E8C5E04F65AB6E65DC44
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"df5b80fe-ccca-4249-8eb9-1d3057740990","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730044210254,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.278389482612077
Encrypted:	false
SSDEEP:	6:YEQXJ2HXo3rGPHJ9VoZcg1vRcR0YmoAvJf21rPeUkwRe9:YvXKXobEHJEZc0vmG+16Ukee9
MD5:	8ACD7DEDDB1DA7C1E396EAE8A34D0951
SHA1:	E20D5E46D807489E7398323CD77B34883B896B96
SHA-256:	8FFE59B1CE79DDCFBB48160317752A7B49E4C7856FF3134A3A5C8BBF29B61FAB
SHA-512:	2991F26C9CBAFA5F4B311C9A36DE34CC381A9AE21605D32BFBF0EF7DE77F4EBBD661E8486334C7A3114E74D10213836101CB1817CD8F3E4E5C1CCA9D6F914570
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"df5b80fe-ccca-4249-8eb9-1d3057740990","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730044210254,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	5.630197490687464
Encrypted:	false
SSDEEP:	24:Yv6Xob02zvDamXayLgE7cMCBNaqnl0RCmK8czOC/BSBaY:Yv5b0urBgACBOAh8cvMh
MD5:	188A80ECCF9B60B7A843EA970BC26EF0
SHA1:	1F0BE27AAC1AB0B8F2C132E9E50E52634A0DB436
SHA-256:	A702671B6963A58BC4758A728748800DF74B64685A7B3CE746F910C06859A064
SHA-512:	833A59CB01483C4EAD4708CC49F8758DC0C7E75797F1CCAF29986137628A2207A6FE488AE084ADA17CAF2157473C8C7F5519004FD36D9D2241DCF4C545EE8AFE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"df5b80fe-ccca-4249-8eb9-1d3057740990","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730044210254,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_0","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"6291f52b-6cb0-4d31-bc46-37ce85e9eb25","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1751323379000,"s

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.254312010997097
Encrypted:	false
SSDEEP:	6:YEQXJ2HXo3rGPHJ9VoZcg1vRcR0YmoAvJfshHHrPeUkwRe9:YvXKXobEHJEZc0vmGUUUkee9
MD5:	9B0D035A04629A9847C0C62160FEC7AA
SHA1:	51967C83EC10526E744BBC982B0A96DD0C6E3440
SHA-256:	B3993C7A7F025F7D88E0C652233BDA38ABCECC955F3209E5F5DD6ACA795E761A
SHA-512:	C7510A6152470D86791D5E3300149B7440C6D0B2E8BDE01A55ACE94F4FA36E651E042A5B574465D19AAA511AD1F8FF825949F07FA280CFD73FDE345785C9DADB
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"df5b80fe-ccca-4249-8eb9-1d3057740990","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730044210254,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.365030889014941
Encrypted:	false
SSDEEP:	12:YvXKXobEHJEZc0vmGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWkQJY:Yv6Xob02zvA168CgEXX5kcIfANhBaY
MD5:	6C1C28C06EB909CBC063D1D63B34F971
SHA1:	57C108FA520083F887B7C8215A5C698606F4D922
SHA-256:	A792820A0A24D52642D9360CEA6F6EA644AFB23D4645FEFCCA06140EA3A93AA4
SHA-512:	869BA8D9EC15BF90217C6D5CFEE905EC6FC6F1061F8B95F3CC0B2BCE9B6EE757909553C7FA772F6B5F72AD9553E7F0E7F640F663988EFE819A6AFCC9382A2660
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"df5b80fe-ccca-4249-8eb9-1d3057740990","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730044210254,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1729868605285}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.136195882869241
Encrypted:	false
SSDEEP:	24:YvxsaUjq6a2mKqayfoShbNkINC94DTw91rab0kv72B9izj5IdHWvj0SYDL//e2W2:YvOJVU/qSe1r9k685v7PWR6gRg9wPi8
MD5:	A2F655BA3FD646D7D9819ADDAAD2220C
SHA1:	D3FA4F476E0C2935019527A0556CA892D3B71825
SHA-256:	3C050FA6AB12F5A00A611D32FDD469DBB5838B288A581A520EAA813A85B17714
SHA-512:	CE926370766A9981E7B3EE26A9C53DE1944EBEE043D3273DB65607C1FB72F04F73B613AF6206DAD9E8CDB8F37A866D18CBF256D25E7545A39DBE3CB1D6A0F01B
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"af337fa884e911439591fb223c1a8c36","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1729868604000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"d6cc0d43f74775bb77e0343197087c19","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1729868604000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"ff6dd6d53146e91477ee8617ce6575c2","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1026,"ts":1729868604000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"a8dfcc8ff8d4675cc9a69483be6923d4","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1055,"ts":1729868604000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"e0d1ed5ae2968635e8726ebe72440ab0","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1729868604000},{"id":"Edit_InApp_Aug2020","info":{"dg":"f35b2eb9ea01048b9b52d59acbcc803f","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1887957016612944
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUUsjSvR9H9vxFGiDIAEkGVvpI7:lNVmswUUUUUUUUsj+FGSIts7
MD5:	27E88F037228345D47A80E4CFFDE1F84
SHA1:	EE552FAB21E80A53582876D28B14877DE6B24149
SHA-256:	044D53EC99E7155A3B677814A4A11222AA77B8B8018B22FC569E4197D188787C
SHA-512:	4A08AEB43DE3EE9E0C51757E8BCC53239E5059AC52ABFAA189152873A26EA8F37B46F89CF453D24A9AB2838DEF5FFCF0202BA21D012F1182E955BC554AACB6C1
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.6048009149843492
Encrypted:	false
SSDEEP:	48:7MQKUUUUUUUUUUsHvR9H9vxFGiDIAEkGVvcqFl2GL7ms5:7wUUUUUUUUUUs/FGSItmKVms5
MD5:	C15F3420EEA50D9F0A7665AFBD1A8734
SHA1:	AE33B9C854A12753BEFD6F2BE75A5CB930D9D342
SHA-256:	C861435701883D599FCA409F7134B58B8FD487FA58F4D7B120AB1DFA6F3488B0
SHA-512:	B4C40AEBD5042C3448765B8229C1EFAAE4A87F9FE7331D36A18FE679A191126D19B3B8177908C530DD62AAB04A1ECCA935D58E8F76C7DBD4655FCA154E9ADF83
Malicious:	false
Preview:	.... .c.....%s4.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIb2947.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5097251598291805
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8jqHl2:Qw946cPbiOxDlbYnuRKt2
MD5:	B3CF025B7520DE3BBCE43561F9C3B406
SHA1:	FC33C8771172CE4170B330B9310A560DA9A87D2A
SHA-256:	ECC68E77E4A0EFDB8EE20CFCA1F1BBD0FF8DDDD5293C6DD7B94329D14B30FF5A
SHA-512:	7D82973F4658FBF315A921A3B9C76576AC7D3DE266901B280CB27040B3C3AEDF006847470F5FF1AF59E7D24050672F6653EBD007243966FC6F16139D1CF6A346
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.5./.1.0./.2.0.2.4. . .1.1.:.0.3.:.2.5. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-25 11-03-20-192.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.328003842783904
Encrypted:	false
SSDEEP:	384:euHzGzjyAYhYkhG8L2kfIIuwMM3UY2EsunQLXRZJnOm/NjUfycJ0GclcxoN7Wk5+:wLs
MD5:	2C44B87894D137DB5C68FEF10ED3052E
SHA1:	0693EDA52371EE2E6265D56F81291384DA69E700
SHA-256:	AE3FAB0A4F78CC7BE531611D37F8ECF32A54F888E79D79A7DFB067D8DDC389E2
SHA-512:	3A5543CDBFBA89BAC46676B7FC0F9B9D93706A633E17AEE0D9FD5B7C55F47A9F07789F891F5E1DE026CF1931E1037E3633D8370338EA04A38DBBDE7BF2AAAC5F
Malicious:	false
Preview:	SessionID=88640263-ad7f-418a-8c02-fa2e23bdb8d9.1729868600218 Timestamp=2024-10-25T11:03:20:218-0400 ThreadID=5440 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=88640263-ad7f-418a-8c02-fa2e23bdb8d9.1729868600218 Timestamp=2024-10-25T11:03:20:221-0400 ThreadID=5440 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=88640263-ad7f-418a-8c02-fa2e23bdb8d9.1729868600218 Timestamp=2024-10-25T11:03:20:221-0400 ThreadID=5440 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=88640263-ad7f-418a-8c02-fa2e23bdb8d9.1729868600218 Timestamp=2024-10-25T11:03:20:221-0400 ThreadID=5440 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=88640263-ad7f-418a-8c02-fa2e23bdb8d9.1729868600218 Timestamp=2024-10-25T11:03:20:221-0400 ThreadID=5440 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.381650761495515
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rQ:U
MD5:	5A7653393923657B59EA59BFE87371BB
SHA1:	B9933773184A692D5800B85F80362EA1F93FEDC7
SHA-256:	03BAACD61B8E742CD81012CB21A38F362D8F879F2A70816E1E29C8C992DD39E6
SHA-512:	06634605FC6297CC5C1AE06E2F4A76E794D72928F1A0A1D96B68150F7DF07551D0BEE7CAD2D147B833724F0D45936FCFCD6E4E41BEF590FBE95883B2B373C529
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\7ff66f03-6423-4899-a762-61c50eeed922.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\ac494246-235e-42b1-92e9-b43c342e82b6.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje
MD5:	716C2C392DCD15C95BBD760EEBABFCD0
SHA1:	4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
SHA-256:	DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
SHA-512:	E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\f0afb215-7c77-4451-b5ba-70d335518a9c.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/nZwYIGNPgeWL07oYGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:fZwZG/WLxYGZN3mlind9i4ufFXpAXkru
MD5:	1F3D69524A9D7E17BD2363C81D130F1A
SHA1:	C2A4A08839CBA47BEE2B601975F7C4F0CC191091
SHA-256:	D0FFBEC8502A0BE88A99F6708987658FEBE4CF3B6B79AF219C53EFF6458F9D9D
SHA-512:	A4CBE7073A7CB4C5E33E1CD903CCD7F24B78A04C037BFA1D90D9A5BBD12AF60E3DFFD6546277D1B765CA1DAC1CDA28D24D3454C81952B72D97CAF84DF395E99A
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\f0b29596-fd3b-47d6-91d3-dbb841e88651.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

Static File Info

General

File type:	PDF document, version 1.4, 10 pages
Entropy (8bit):	7.21105379295891
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Dr. Lindsay Chropractic Corporation Spine Fit Rehab & Wellness (24-10-2024 - Submission).pdf
File size:	889'637 bytes
MD5:	3eeac61ae9da7c2d2084d0faba3be42e
SHA1:	e44d7bc5cb1440d56a55d34336b951ac0043d52d
SHA256:	ba8a07ae916344599fda196821b2521ac936e3e7ff3195061bbfb5706c25b2a7
SHA512:	23b14dc91fd58f0340d7362df8c2131b2858dbd065272faf2420b5b0ac999f63d70bf524dd7a235cb45bf91f2e76b2c4d910267bde98d61d8161f6ca713c898d
SSDEEP:	24576:Jly0O1702RfPTTy0QLJKrc3f30F5HsfrGehZHP54Ao76s9Tl:JEhNXTu4P
TLSH:	1315010B956A0FDDDB7397B2191A4AC89BADB380D4F6A55CF01C4C43EF94B3D84C6826
File Content Preview:	%PDF-1.4..%......1 0 obj..<</Type /Font /Subtype /Type1../Encoding /WinAnsiEncoding /BaseFont /Helvetica >>..endobj..2 0 obj..<< /Filter /FlateDecode /Length 49 >>..stream..x.s.....0...r..5...Q.P.I.2P.)V..E ".D.s..p.. `.....endstream..endobj..3 0 obj..<<

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.211054
Total Bytes:	889637
Stream Entropy:	7.215120
Stream Bytes:	868963
Entropy outside Streams:	5.140080
Bytes outside Streams:	20674
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	123
endobj	123
stream	61
endstream	61
xref	1
trailer	1
startxref	1
/Page	16
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
44	00044d0c5b552480	68eb01dac4e91d95a35c7052a6eb8ac8

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 17:03:31.231611967 CEST	64799	53	192.168.2.4	1.1.1.1
Oct 25, 2024 17:03:43.625544071 CEST	61659	53	192.168.2.4	1.1.1.1
Oct 25, 2024 17:03:59.469923973 CEST	63851	53	192.168.2.4	1.1.1.1

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 25, 2024 17:03:31.231611967 CEST	192.168.2.4	1.1.1.1	0x3fe9	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false
Oct 25, 2024 17:03:43.625544071 CEST	192.168.2.4	1.1.1.1	0x918c	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false
Oct 25, 2024 17:03:59.469923973 CEST	192.168.2.4	1.1.1.1	0xfbd8	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Type	Class	DNS over HTTPS
Oct 25, 2024 17:03:31.239871025 CEST	1.1.1.1	192.168.2.4	0x3fe9	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net	CNAME (Canonical name)	IN (0x0001)	false
Oct 25, 2024 17:03:43.632983923 CEST	1.1.1.1	192.168.2.4	0x918c	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net	CNAME (Canonical name)	IN (0x0001)	false
Oct 25, 2024 17:03:59.477533102 CEST	1.1.1.1	192.168.2.4	0xfbd8	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net	CNAME (Canonical name)	IN (0x0001)	false

Target ID:	0
Start time:	11:03:16
Start date:	25/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Dr. Lindsay Chropractic Corporation Spine Fit Rehab & Wellness (24-10-2024 - Submission).pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	11:03:17
Start date:	25/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	11:03:18
Start date:	25/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1648,i,14260087224443745936,13656865562564589586,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Dr. Lindsay Chropractic Corporation Spine Fit Rehab & Wellness (24-10-2024 - Submission).pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\8c98ff50-e130-474d-bea7-ca56fea0e52e.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241025150322Z-171.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Windows Analysis Report
Dr. Lindsay Chropractic Corporation Spine Fit Rehab & Wellness (24-10-2024 - Submission).pdf