Edit tour

Windows Analysis Report
Payment Advice.pdf

Overview

General Information

Sample name:	Payment Advice.pdf
Analysis ID:	1546389
MD5:	eff216e55b8a3c51f846949e180d4ea2
SHA1:	78037f2493c0d5add9e29a21fabd057a0ce93536
SHA256:	afa730da16e3e0fa0a2945810173e506c0f0e493dd470970dd0d2519d1ab4798
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

PDF is encrypted

Potential document exploit detected (performs DNS queries)

Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 6768 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Payment Advice.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 2196 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 5932 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1724,i,15721545753982683772,17854325307601287913,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-31T20:37:41.622022+0100	2022930	1	A Network Trojan was detected	172.202.163.200	443	192.168.2.4	49739	TCP
2024-10-31T20:38:22.074630+0100	2022930	1	A Network Trojan was detected	172.202.163.200	443	192.168.2.4	49748	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic

DNS query: name: x1.i.lencr.org

Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.4:49748
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.4:49739

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.dr

String found in binary or memory: http://x1.i.lencr.org/

Source: classification engine

Classification label: clean1.winPDF@14/44@1/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-31 15-37-31-751.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Payment Advice.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1724,i,15721545753982683772,17854325307601287913,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1724,i,15721545753982683772,17854325307601287913,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Payment Advice.pdf	Initial sample: PDF keyword /JS count = 0
Source: Payment Advice.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Payment Advice.pdf

Initial sample: PDF keyword /Encrypt count = 1

Source: Payment Advice.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Payment Advice.pdf

Initial sample: PDF keyword /Encrypt

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://x1.i.lencr.org/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
x1.i.lencr.org	unknown	unknown	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.1.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1546389
Start date and time:	2024-10-31 20:36:31 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Payment Advice.pdf
Detection:	CLEAN
Classification:	clean1.winPDF@14/44@1/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 2.19.126.149, 2.19.126.143, 184.28.88.176, 52.5.13.197, 54.227.187.23, 52.202.204.11, 23.22.254.206, 172.64.41.3, 162.159.61.3, 2.23.197.184, 23.32.184.135
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: Payment Advice.pdf

Simulations

Behavior and APIs

Time	Type	Description
15:37:42	API Interceptor	1x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.200940255760849
Encrypted:	false
SSDEEP:	6:Avlyq2Pwkn2nKuAl9OmbnIFUt8kA11Zmw+kAjRkwOwkn2nKuAl9OmbjLJ:hvYfHAahFUt8kK1/+ks5JfHAaSJ
MD5:	E294E5AE1F6C54CFEFEC4640182C4D21
SHA1:	A689146347CD1B98A4407094DB1577066AA0A3F4
SHA-256:	E6085EC6241E2DFD03CAA644A853F16CBD49A2CBD034A2CA559A3B79ED2D0134
SHA-512:	6EF60A2014B1DD88F91E19B05106ADC7FC614EFA6362C026DD80447FF5DF5EA8DD43DCE544E9F7C50C85560CF778014FFAAC4C13D32652D1E37AC6E920E31422
Malicious:	false
Reputation:	low
Preview:	2024/10/31-15:37:31.493 1150 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/31-15:37:31.497 1150 Recovering log #3.2024/10/31-15:37:31.497 1150 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.200940255760849
Encrypted:	false
SSDEEP:	6:Avlyq2Pwkn2nKuAl9OmbnIFUt8kA11Zmw+kAjRkwOwkn2nKuAl9OmbjLJ:hvYfHAahFUt8kK1/+ks5JfHAaSJ
MD5:	E294E5AE1F6C54CFEFEC4640182C4D21
SHA1:	A689146347CD1B98A4407094DB1577066AA0A3F4
SHA-256:	E6085EC6241E2DFD03CAA644A853F16CBD49A2CBD034A2CA559A3B79ED2D0134
SHA-512:	6EF60A2014B1DD88F91E19B05106ADC7FC614EFA6362C026DD80447FF5DF5EA8DD43DCE544E9F7C50C85560CF778014FFAAC4C13D32652D1E37AC6E920E31422
Malicious:	false
Reputation:	low
Preview:	2024/10/31-15:37:31.493 1150 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/31-15:37:31.497 1150 Recovering log #3.2024/10/31-15:37:31.497 1150 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.19009500350408
Encrypted:	false
SSDEEP:	6:YFFBIq2Pwkn2nKuAl9Ombzo2jMGIFUt8VsrZmw+VshkwOwkn2nKuAl9Ombzo2jM4:zvYfHAa8uFUt8ir/+ih5JfHAa8RJ
MD5:	0F15061EF9D3B041695B56CA9293382E
SHA1:	7AB82AA898A64F6ED4387A88D9687FA64D0262C8
SHA-256:	4C2EFCD4A5C5B2D671767AB424C8349D5160803E75D9AFC133A1673BF17DC956
SHA-512:	86A0F6AA4C3E158A41648F68053C4EBB636B5E6650C75E2ADB305644D9160EB097685DB162E273C08BA4DCA094590285E053163BDBFFEEF7DAAD972EC35F6D76
Malicious:	false
Reputation:	low
Preview:	2024/10/31-15:37:31.719 1780 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/31-15:37:31.721 1780 Recovering log #3.2024/10/31-15:37:31.721 1780 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.19009500350408
Encrypted:	false
SSDEEP:	6:YFFBIq2Pwkn2nKuAl9Ombzo2jMGIFUt8VsrZmw+VshkwOwkn2nKuAl9Ombzo2jM4:zvYfHAa8uFUt8ir/+ih5JfHAa8RJ
MD5:	0F15061EF9D3B041695B56CA9293382E
SHA1:	7AB82AA898A64F6ED4387A88D9687FA64D0262C8
SHA-256:	4C2EFCD4A5C5B2D671767AB424C8349D5160803E75D9AFC133A1673BF17DC956
SHA-512:	86A0F6AA4C3E158A41648F68053C4EBB636B5E6650C75E2ADB305644D9160EB097685DB162E273C08BA4DCA094590285E053163BDBFFEEF7DAAD972EC35F6D76
Malicious:	false
Reputation:	low
Preview:	2024/10/31-15:37:31.719 1780 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/31-15:37:31.721 1780 Recovering log #3.2024/10/31-15:37:31.721 1780 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.975736817928284
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqrsBdOg2HScaq3QYiubInP7E4T3y:Y2sRdsJdMH93QYhbG7nby
MD5:	551569AA672887A71AD2EFF422CF5AFB
SHA1:	9E459C9C270A9E510EDAD0F21587C45DC1646C4D
SHA-256:	B0EF889370BBF0A6DBE9F981F0E7E4CC759F147FEF3DADB2CE31E3324BF81A09
SHA-512:	021572859DC39ACE6DD508F0DD47FAEC1DB26AA21096CEBC9E6ACF9FEEAE547CAAFE32888BEE7B1C2226286B351568F06947BFCDC50F0520F0432172998A6506
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374963457705805","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":243610},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\fe770ce7-1f85-4bcd-b485-89e681b62655.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.975736817928284
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqrsBdOg2HScaq3QYiubInP7E4T3y:Y2sRdsJdMH93QYhbG7nby
MD5:	551569AA672887A71AD2EFF422CF5AFB
SHA1:	9E459C9C270A9E510EDAD0F21587C45DC1646C4D
SHA-256:	B0EF889370BBF0A6DBE9F981F0E7E4CC759F147FEF3DADB2CE31E3324BF81A09
SHA-512:	021572859DC39ACE6DD508F0DD47FAEC1DB26AA21096CEBC9E6ACF9FEEAE547CAAFE32888BEE7B1C2226286B351568F06947BFCDC50F0520F0432172998A6506
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374963457705805","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":243610},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.264304085893199
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7Dr+qZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goV
MD5:	F137ED55B2F1B20676020806A8782C47
SHA1:	302846A38633005E916AA7E337692AB059BD3283
SHA-256:	FB3C89E17D0BD5BDCA6224F89BF60F77C2BA9A5FFC50E5A69615ECF48A66AE24
SHA-512:	909E1E688E08C19A55C1F8C8AE222144EA6E3B68DB1116054180D606C56E62C81949F773A9F47FB965F3B7AA0C1A8ACBF7D76FCCFA702E48ECD460A7EB070CFA
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.19931451989248
Encrypted:	false
SSDEEP:	6:AhuOIq2Pwkn2nKuAl9OmbzNMxIFUt8fArZmw+fAhkwOwkn2nKuAl9OmbzNMFLJ:MuOIvYfHAa8jFUt8or/+oh5JfHAa84J
MD5:	266F59B35CA69767B9134C1B5B725745
SHA1:	5B935E317961ADC597D0F7E9EC0C54D7066D6192
SHA-256:	2949FDA35E0A91346F241ABC6FBC2F7855732D8254654463B6C49857D504DBFD
SHA-512:	99BDC88403140FD7023E90C74BF38342800667EFD5DA6B0DD84C88027788DA3E062A56609AD92F9352293DDCCAE19FFB9E74E2AEB3702427D4CA30761C3B3872
Malicious:	false
Reputation:	low
Preview:	2024/10/31-15:37:32.084 1780 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/31-15:37:32.085 1780 Recovering log #3.2024/10/31-15:37:32.085 1780 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.19931451989248
Encrypted:	false
SSDEEP:	6:AhuOIq2Pwkn2nKuAl9OmbzNMxIFUt8fArZmw+fAhkwOwkn2nKuAl9OmbzNMFLJ:MuOIvYfHAa8jFUt8or/+oh5JfHAa84J
MD5:	266F59B35CA69767B9134C1B5B725745
SHA1:	5B935E317961ADC597D0F7E9EC0C54D7066D6192
SHA-256:	2949FDA35E0A91346F241ABC6FBC2F7855732D8254654463B6C49857D504DBFD
SHA-512:	99BDC88403140FD7023E90C74BF38342800667EFD5DA6B0DD84C88027788DA3E062A56609AD92F9352293DDCCAE19FFB9E74E2AEB3702427D4CA30761C3B3872
Malicious:	false
Reputation:	low
Preview:	2024/10/31-15:37:32.084 1780 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/31-15:37:32.085 1780 Recovering log #3.2024/10/31-15:37:32.085 1780 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241031193734Z-245.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 164 x -126 x 32, cbSize 82710, bits offset 54
Category:	dropped
Size (bytes):	82710
Entropy (8bit):	0.8254581258942862
Encrypted:	false
SSDEEP:	96:0lvEvLMcMFMMNREvr+6xNFQ5MiM9LMxmMzKQ8r2jXiFMXqBZQ1afOVoIVTXE6d1P:0lvh23KmArmAgeBnRfP
MD5:	71A917249B61C32FAFC72FA578C54462
SHA1:	1BCD665568102CF4CA3E64E555C89E78E46CA426
SHA-256:	F783411E383F12F4462A84C06E5A4D6EA5B8F21C903494A66E2F4002426549B6
SHA-512:	1AF798748555732419B39113C38571589D9449B8D514E1D4E0D67A8088F90DBCCC32896162590F4A82C9E107D05699EBE5AE319A72709AC34581E75004BFF29C
Malicious:	false
Reputation:	low
Preview:	BM.C......6...(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.445117518658986
Encrypted:	false
SSDEEP:	384:yezci5tkiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rTs3OazzU89UTTgUL
MD5:	2FECB6E80AFD06BDAFFFEC27BCEE2700
SHA1:	034CDA6B6C13F01E151709AAABAECBAF5B854C97
SHA-256:	CAA897ECD26363A5E5A3FB476F41C330E8E330A843F7141E354A9458FAD920E5
SHA-512:	E135D00A5FF58BF5A203864FE7A8DBC32BAA8EDCB683B9A2957756EDBA86A2B26B9EB1772AC6F47823F6014921AC4A13F94D0ECAC8724ABEE24C77B2AB77AB61
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.7769643687669663
Encrypted:	false
SSDEEP:	48:7Mup/E2ioyVf2ioy9oWoy1Cwoy1MFKOioy1noy1AYoy1Wioy1hioybioyeXoy1no:7tpjuOFJXKQZcb9IVXEBodRBk3
MD5:	6F202E6E2A85139A6F1FE115C3A72297
SHA1:	1F31B5A94B9FE25075C75BBB825256F6B2917554
SHA-256:	F5B41C271971E58264C9004758F91A385F77A09679B24F8DE67026632D7316D0
SHA-512:	D08B4F198593A1255D93A36C5C81F4ACB74445A73BE28A56F8A0262A7F921014C8C7FDC2DEA996BD9C687DBDD2F49FED3DC48A10C1B5671A63C8A3A258D88642
Malicious:	false
Preview:	.... .c.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.7569015731729736
Encrypted:	false
SSDEEP:	3:kkFklz9i/IvfllXlE/HT8kjhlZNNX8RolJuRdxLlGB9lQRYwpDdt:kK1/JT8qhpNMa8RdWBwRd
MD5:	347294732F9CD219E1DC5AE1E8EB58B8
SHA1:	3050B4357D7B0270C3CFC2F4E854358B7AEAC761
SHA-256:	A7A1320C3285F9AC5D1AE715D742113EA8F2436DF0CC8C62269B9BDA9945C1F7
SHA-512:	13E9EB17DD2143DB6C012479A2E0F2D74015800372CDA81BE64998B7B2FC8019CB08436065221C0F8A84F8A12262B5A103597FC23D36FBDA9FC95B69D6B844D2
Malicious:	false
Preview:	p...... ........@.GZ.+..(....................................................... ..........W...................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	244540
Entropy (8bit):	3.3415042960460593
Encrypted:	false
SSDEEP:	1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwggErRo+RQn:yPClJ/3AYvYwgrFo+RQn
MD5:	758B42992DDFC41CB5E57069C621B54A
SHA1:	D0C28AF6CF1BD2208DA97DEDE57F6C78CEC98DCD
SHA-256:	55DF75758DD6CA825ED2DC9380EDC8469351191308C34CACFC44205197ABD25D
SHA-512:	437918372167A402005A728DCBBEF7B3A9580B794AD6A948A435C9D57C1672ACC1B7376E2A09113B66600EF5049D23625174256565BC639125A2F2BD07928926
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.369979469665321
Encrypted:	false
SSDEEP:	6:YEQXJ2HXsGfPQxIRdL1NFU5CkVoZcg1vRcR0Y/HoAvJM3g98kUwPeUkwRe9:YvXKXxnM0NZc0vDGMbLUkee9
MD5:	762AC1028CC61DAA09C3577EF595DE5C
SHA1:	03D219F34423BD1B08916E508F70229F55ED518E
SHA-256:	C21D44445A43070962B8FA0B2EA3BE41FC4430B4F62EFD4BD011B7B4C95CDADE
SHA-512:	6D4AD899B26A023E0AD26AE7B403C948C7419A36BB9F01704BFBBC8C439498F353B1EA437C165A572320F59FF65DE47A3CAD7D1B0E5E370499418DFE35C31B48
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bc3dffcd-5bcc-48f3-bdf4-1efe9e201068","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730580548834,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.3151681398186
Encrypted:	false
SSDEEP:	6:YEQXJ2HXsGfPQxIRdL1NFU5CkVoZcg1vRcR0Y/HoAvJfBoTfXpnrPeUkwRe9:YvXKXxnM0NZc0vDGWTfXcUkee9
MD5:	77EB907F7070D192E04F8A6546FA2046
SHA1:	F4D6B37DF7F7BC78D5F11C326F725E318F8F51A2
SHA-256:	4B0A81A2E42D320D78822EA1CF0089CE0ACB536E431A5D3248DC11C610D41DD9
SHA-512:	FB6A3F4F9167E8B3E2BF2F1020A30559D631338256A43B0534625CE43AC8B8C1CD1BE81C47294696CC1AB0F90E8CBBF7C53E1CB982A0B6FE5AA14200A9E30F38
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bc3dffcd-5bcc-48f3-bdf4-1efe9e201068","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730580548834,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.29320196871002
Encrypted:	false
SSDEEP:	6:YEQXJ2HXsGfPQxIRdL1NFU5CkVoZcg1vRcR0Y/HoAvJfBD2G6UpnrPeUkwRe9:YvXKXxnM0NZc0vDGR22cUkee9
MD5:	AF86ACB016882A810DC7E8B99D52CC77
SHA1:	8E782DDBD3BE68BE00338E78E7B0121EE04B07A7
SHA-256:	344B1ADEC779D738FB4FAF7583BEF4568532156A57CA48A8D523FBA28427281C
SHA-512:	B25B6D4249C0F05CB3B3D7CA92C16F868B4CC1B32069D7AE14B4A2F9313BB52BF711605158BFAAA6089C2A3AC9C52A837FB196F16A993E95FD0D172D7323CA0F
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bc3dffcd-5bcc-48f3-bdf4-1efe9e201068","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730580548834,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.3572221191358524
Encrypted:	false
SSDEEP:	6:YEQXJ2HXsGfPQxIRdL1NFU5CkVoZcg1vRcR0Y/HoAvJfPmwrPeUkwRe9:YvXKXxnM0NZc0vDGH56Ukee9
MD5:	2E9A9FECB012C8BAFBB3E5C191B253AD
SHA1:	C3C1EA5A16C94855F849918C72118BD9A9934807
SHA-256:	48B2B47DBF8F042C32E670C675EE4FCE4A09219FB56CFD2EA988841B308D6134
SHA-512:	C49236734747EF36B44078ECBD5BC401247B8AB9D517B977928E1E6E46C0824331D0BB46EDE6AB52D5A1B3DA6884B8155FC18EFB9F7808ABE2B04A628C6CAA74
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bc3dffcd-5bcc-48f3-bdf4-1efe9e201068","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730580548834,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1055
Entropy (8bit):	5.658541493088282
Encrypted:	false
SSDEEP:	24:Yv6XxvzvYpLgEscLf7nnl0RCmK8czOCCS9:YvKbwhgGzaAh8cv/9
MD5:	7153F53AA46B35EC297A96B5B4D5CD34
SHA1:	BB4AE2A73DD991F83C3EDEDBBF9DF8E2920868F4
SHA-256:	0DD501E939998BEEFC23A1EE49488E97148CFDCE073E0BD1D569897CBDC18FCA
SHA-512:	34A02094E00DB3BDC6444BF65BC1235839AAE96A94FA69A0C00C2C995A3D7A616B5F9521DDF445959BA764745F703D89441EAECF542244FEAEAECEEA6FE38D77
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bc3dffcd-5bcc-48f3-bdf4-1efe9e201068","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730580548834,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_1","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"eb1a4bce-8215-46f1-b44c-154b21a85d60","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingScheme":tr

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.648770836385923
Encrypted:	false
SSDEEP:	24:Yv6XxvzvKVLgEF0c7sbnl0RCmK8czOCYHflEpwiVE:YvKbiFg6sGAh8cvYHWpw9
MD5:	FF39BE39CF52D104ED7AF178A7E6709C
SHA1:	A04CE1781EEA193CCF208FD5E902339FDD7CC8FA
SHA-256:	C5FC15C3B67CCF10A37E024C6C589A05A223D51F823E18D7E75B58535AEB794F
SHA-512:	27F9854BE5310B8966CEC457FAE9214478D198391565397009DEBC28CC46CC0FD58264A2E22EFCA57D1B171AD337C19BAC3EA88253235DD5CF65ED896486C720
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bc3dffcd-5bcc-48f3-bdf4-1efe9e201068","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730580548834,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.304367768661757
Encrypted:	false
SSDEEP:	6:YEQXJ2HXsGfPQxIRdL1NFU5CkVoZcg1vRcR0Y/HoAvJfQ1rPeUkwRe9:YvXKXxnM0NZc0vDGY16Ukee9
MD5:	C110F06C613575ED61A25E995AE5DF77
SHA1:	1B55BD1E0E3EEFF7AE2FC45BED5CB9976E133A1A
SHA-256:	11D61A926EF555DA0C0DC949AE6A9E0EC01504C992452395B93ACF9044743E32
SHA-512:	36A8A5A73C9D516F35483B8331169B40C50CBAE9F317735DB2175FE5862579910B64C0B67E6DCC47094F6CE79FF7B8F3ECF8F6EDA3C8B997C19B4395DBA87505
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bc3dffcd-5bcc-48f3-bdf4-1efe9e201068","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730580548834,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1038
Entropy (8bit):	5.644545975478444
Encrypted:	false
SSDEEP:	24:Yv6Xxvzv32LgEF7cciAXs0nl0RCmK8czOCAPtciBE:YvKbPogc8hAh8cvAa
MD5:	A452C2CB271FBB596FC41A25B97D9A0A
SHA1:	5D0EB066E5B9DF9F03CE3812BB1C9C9051B8B263
SHA-256:	BF2C6EADA67B5DC0B4C419EB19328551940F8CEFE3E3BC8A162DEDE294029629
SHA-512:	A12EA216E393413BCD4A96C0B3A126C7EDD003A78133BC95C1075BB6CDA8FE495B05BB4CB5E4F2D8FD1A343F46602791F97F95ECBE0C5605AC48D2B64946C439
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bc3dffcd-5bcc-48f3-bdf4-1efe9e201068","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730580548834,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.699438314836775
Encrypted:	false
SSDEEP:	24:Yv6XxvzvbKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5E:YvKbjEgqprtrS5OZjSlwTmAfSKe
MD5:	839295DCD223BD483B439F365B1398F6
SHA1:	AE46266A58FB315D2E3D79F06637281B82989EE5
SHA-256:	8A4735E1635E0B07F20F1466893D0BB5801A8B92F16D681F4CC61781D118D46E
SHA-512:	D04B674DC1C6DE5617E8C7BAB13AC48F65FF39F9E51F735D9947A0D78E1BA210C2D463A628E36174357AC60380494E2993A784D798404C60194F9214EFC3E190
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bc3dffcd-5bcc-48f3-bdf4-1efe9e201068","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730580548834,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.308278849018872
Encrypted:	false
SSDEEP:	6:YEQXJ2HXsGfPQxIRdL1NFU5CkVoZcg1vRcR0Y/HoAvJfYdPeUkwRe9:YvXKXxnM0NZc0vDGg8Ukee9
MD5:	AE01738FFC7AABAE6AF9840093F92461
SHA1:	F413C9F7B4604AED18BC8252B91BC33C59172482
SHA-256:	86648AABC061144C5143D92F6046EFF49423D4ED64255F5C7BF054A3A8DC1DC6
SHA-512:	D85D2D51044C6425D68457860E109F0869EA4D05B67A8FBC51396789177E8BD1834DE8A7F20DC0C56C85384C91498952FCA51FF9D8AE5488A813A3BAF2F20C37
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bc3dffcd-5bcc-48f3-bdf4-1efe9e201068","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730580548834,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.7787529494513805
Encrypted:	false
SSDEEP:	24:Yv6XxvzvGrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNWY:YvKb+HgDv3W2aYQfgB5OUupHrQ9FJt
MD5:	C5278A1C68D36251AEE450C9EF960F97
SHA1:	04890775F28D9B6A7EDF32DCDDB7083BEA7673F1
SHA-256:	9AA4FC494858A5FC5BE689B7DB1C1EC62E698B2ACB745A72FCDB8689CCA5747D
SHA-512:	7C6807BF096116A314EE7980CEEC5A87E60E69B415E4536C3762FF4C6F15617C32E2AEACED890F1FFA80C660ED72FE9E9938718E2D820A9BD9D54790179D1869
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bc3dffcd-5bcc-48f3-bdf4-1efe9e201068","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730580548834,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.291769047386763
Encrypted:	false
SSDEEP:	6:YEQXJ2HXsGfPQxIRdL1NFU5CkVoZcg1vRcR0Y/HoAvJfbPtdPeUkwRe9:YvXKXxnM0NZc0vDGDV8Ukee9
MD5:	3B7DEE3B77371247FD83CBEA40C542F1
SHA1:	71411E936D22813A00BB918757A86390423DF459
SHA-256:	5279E6F6110E2FF7F8144F9838C98F73BEAF5CF384B85CC71BCC63163DD26AD0
SHA-512:	B364D3FF5905D96BE36DE4486EE37A7C2CEFCD19B782D5D991A21267E031E5EA9775BD87FABA04332853DE6431E54CA22E30AE67BD298D6B8F473FC20F826A96
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bc3dffcd-5bcc-48f3-bdf4-1efe9e201068","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730580548834,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.295885341566254
Encrypted:	false
SSDEEP:	6:YEQXJ2HXsGfPQxIRdL1NFU5CkVoZcg1vRcR0Y/HoAvJf21rPeUkwRe9:YvXKXxnM0NZc0vDG+16Ukee9
MD5:	800EC9E5E2B7E7215D7E466C0CCCA1CC
SHA1:	11162B13B2063F6F9CA374E5552ABA768CAC4C04
SHA-256:	121AC4907D05EF759F65151C91A12B78F6EF652D252247D3D1A815FD7DF7B229
SHA-512:	C2460740E4E8E99D289289BE073DF4428FC134886BAC1FEB2A837548851427C5246D638D1C7398881DCD1FEB5F8AA5E499BF28FEE82AB9CC94F2EFD5831490BA
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bc3dffcd-5bcc-48f3-bdf4-1efe9e201068","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730580548834,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	5.63058619933476
Encrypted:	false
SSDEEP:	24:Yv6XxvzvsamXayLgE7cMCBNaqnl0RCmK8czOC/BS9:YvKbyBgACBOAh8cvM9
MD5:	E6EE55C528EFDAE77FBAA433930DF0EB
SHA1:	E3C473A74679A7C1CC6C10D314233A7A370942DA
SHA-256:	42DFBF5A4F43E7804D933791261730114D1CEEB1EF88A6669D662E9BDE5A9F67
SHA-512:	3F606D92D2E13BF89887CB3560452CB0E376D52EA769395AECD53C48734AC09E18B2DCDB7C6523B0215AD2F44C540CD5AF24AF2B4F135F7B7FF2959D88DD808B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bc3dffcd-5bcc-48f3-bdf4-1efe9e201068","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730580548834,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_0","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"6291f52b-6cb0-4d31-bc46-37ce85e9eb25","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1751323379000,"s

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.2716413069585455
Encrypted:	false
SSDEEP:	6:YEQXJ2HXsGfPQxIRdL1NFU5CkVoZcg1vRcR0Y/HoAvJfshHHrPeUkwRe9:YvXKXxnM0NZc0vDGUUUkee9
MD5:	1282CEBFECF4B359068AF5062CE9B7E1
SHA1:	35AA61B41184E7F6B6672B42FDF921ABBB913264
SHA-256:	BA54760DFEB581D5763737FAB9C2DA033EF731587F305EA51584F10DA0427331
SHA-512:	D888E278DBC891FA42F0B30C5B1B091A125B2E8E6D0F8518D74981C09A1BAEBB42EFAF576FB5AFCA918BC9BAC0EAF516936AD26A64AE194715452E72DD29531E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bc3dffcd-5bcc-48f3-bdf4-1efe9e201068","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730580548834,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.37200999011149
Encrypted:	false
SSDEEP:	12:YvXKXxnM0NZc0vDGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWiY:Yv6XxvzvT168CgEXX5kcIfANhBY
MD5:	87ED5468B993613482F6CBBDE80072A7
SHA1:	41DBDE918CF5E0C6E289BDA97BD04C52A172ED3E
SHA-256:	B5F838EE714EF78051EF781F0475E5873346BF1606034542132F2A75F6A9555D
SHA-512:	62914663A90C6E0A356A56D271F24F7B4AB217A07C1485C6BA7510495DCC623EF69C6845DF15416817072BF4203F5FAFAD9FDFE56D9C1B752EEE94A92E96974D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bc3dffcd-5bcc-48f3-bdf4-1efe9e201068","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730580548834,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1730403458865}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.119291351250978
Encrypted:	false
SSDEEP:	24:YQq3E+w7K+iakCnB3ayyVgkzCTMgFyLPrMFRKqDjXj0SB/Z2UIdd2pG2LSDh4S5M:YQLbmaMgFyTr8kOTzi7QGhh4StF9E
MD5:	990C1713299E1E7C8C80FC5D041B588C
SHA1:	106B7C714D0848133D2F9A3A3FC6CED87D3934EC
SHA-256:	586EE146FBB58AA7D79C16878E533321A0708EF37F6476C4CD404BD220256E26
SHA-512:	A6A5138E91E407E9814480A0CC5DD64AB4BF2AE5B09F565FA13A758A3FBC3B945E0B25418C1B0394B07D6F0EDC8F85E7C0BC7B513DC4084DA2B084F0A8B9CA82
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"9d75a4d4970e1a01040db12bdff04cbd","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1730403457000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"49c20e48fe11c622752129261a0c1386","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1730403457000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"45f4545f273d13531c0814c7bb5f8515","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1026,"ts":1730403457000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"f68169822a9ca02060c1d80df58cc131","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1055,"ts":1730403457000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"336d955c8645f0ef2a6502f86677cac8","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1730403457000},{"id":"Edit_InApp_Aug2020","info":{"dg":"4bf36747b6c4b288d3c94ff18e255c32","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1884080237016315
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUUZiSvR9H9vxFGiDIAEkGVvpFE:lNVmswUUUUUUUUI+FGSItm
MD5:	F4424ECC8E3B12DA241F81201F4ED6A0
SHA1:	2F98D1C34CFC7F89EBAE1C3EC9DE6F9C1D8ECA99
SHA-256:	120AA804A19114EAAC4BD621BBFD877EE2C3134EEEA83171293B7C1D0F8F1FA2
SHA-512:	A120E4AD19184A8E2DBA70B75EFFCFAE08150C151935E2D6A8782BF91354800199B47207E2B742501CA628574656A1227E170C21AF029EDE587448484AE78A06
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.607905278521137
Encrypted:	false
SSDEEP:	48:7MnqKUUUUUUUUUUZwvR9H9vxFGiDIAEkGVvZqFl2GL7msqV:7yxUUUUUUUUUU2FGSItrKVmsqV
MD5:	2095FC51F75FE26327D463CB7CC29C23
SHA1:	D52961AFA1CD7401080A8BAA8FE31D5625CB26F5
SHA-256:	6BAAA7FAA10E58277F17A303D2B7915EAF7669D7111B4AEE424D667504949F35
SHA-512:	77FABBFA1EEDDFCA4F184E48F18B99401876298358DA72BA2D97986E2E229E468763993AEF0546281C671C17B9C37A503A4C7C42F6329195E9AA26660F6EF9E4
Malicious:	false
Preview:	.... .c......Fx!......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI91200.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.518261198325562
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8fQRqTM:Qw946cPbiOxDlbYnuRKuE
MD5:	2D758700028E5D8D72ECAE78D1830355
SHA1:	CEEFD209CDEB772DE3C5B45373495319CB315C1C
SHA-256:	424B8D12C515D582FBDC4279A9C6E4DE10D85201B74529D5EDEA27A7A39B84EC
SHA-512:	4F753CA60CCF94356A58893E6974FBEA891DAE5547BF2CC8284816B66BA324A71952F366FD4CA28600F4A80316652D6C27793D6233C3456C4560A0D4BDBB9C86
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .3.1./.1.0./.2.0.2.4. . .1.5.:.3.7.:.3.7. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-31 15-37-31-751.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.347129690884863
Encrypted:	false
SSDEEP:	384:5uaHyOT+XHQA4E00AS0v1CIkk7gWryZyJyTy6yxyiyYyuyWy4yoyD5XDFWOKK5Zy:yJK
MD5:	A298BCAEE2EAB622A53B3744EEF40DBE
SHA1:	72DEE1DEC3C21CE812D689DB483210429C71CB9B
SHA-256:	CF005DD6906F160B758090CBC70B5333E0E92735128EE48B8B7FF4D9B1CFA30D
SHA-512:	B1437B06B6EE4C9D97A39D07FD7CC6C5A508438BFE8872F40E8A692DCD917156BB8D87DB49BEF15CAECACCB715056312A6AA972104C03831C31D0A28643975A4
Malicious:	false
Preview:	SessionID=9855d7a2-a3b1-4d5d-ba3f-dc31ff6357e5.1730403451773 Timestamp=2024-10-31T15:37:31:773-0400 ThreadID=5820 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=9855d7a2-a3b1-4d5d-ba3f-dc31ff6357e5.1730403451773 Timestamp=2024-10-31T15:37:31:774-0400 ThreadID=5820 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=9855d7a2-a3b1-4d5d-ba3f-dc31ff6357e5.1730403451773 Timestamp=2024-10-31T15:37:31:774-0400 ThreadID=5820 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=9855d7a2-a3b1-4d5d-ba3f-dc31ff6357e5.1730403451773 Timestamp=2024-10-31T15:37:31:774-0400 ThreadID=5820 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=9855d7a2-a3b1-4d5d-ba3f-dc31ff6357e5.1730403451773 Timestamp=2024-10-31T15:37:31:774-0400 ThreadID=5820 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.389463176731899
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rS:m
MD5:	6B80CF2920D45334C904CC7E64985644
SHA1:	89DFDED664EAE09DEB69B107C082DED093B72CDB
SHA-256:	FF826D4453A1456963E5CA581A6AA844DAB3CD7473099E1ECF8C5BF92A8FA523
SHA-512:	7771211605F47022C1D0F79195F0801ABFFCBE5554D552D36E2B19ACF39C9D628C99077FFCD8882B280E0E44DD2DB807D4EDC9F86831C0058F48A641AB1113CA
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\38e17980-e03c-497c-99fb-f1000624161a.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\648653be-be5a-4e2f-9f32-730b642f9001.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\a8209e2f-c8cb-4dde-a8eb-d84f0eecfe9b.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\db71330e-f7b6-4eb0-a34c-5f83153689be.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7ouWLgGZtwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVuWLgGZtwZGk3mlind9i4ufFXpAXkru
MD5:	A8E5C37206C98D1B655FF994A420FFB6
SHA1:	827237782AB5971EC205C3BCECCC7950BE9F84C3
SHA-256:	F1F755059AF7C2CBC36920337941AEFB18FBDB3CD14D3239CBBBCF0CB8F208EA
SHA-512:	12DE33EB7624458AEC44D83D4E2C09E626F8E54E177FC0C26EEBA232935F34FAAAEB71FBB025EB7C53BEA9933C46ADCE759C32516D1B80C03B6734C61D61CEB2
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.66829583405449
Encrypted:	false
SSDEEP:	3:So6FwHn:So6FwHn
MD5:	DD4A3BD8B9FF61628346391EA9987E1D
SHA1:	474076C122CACAAF112469FC62976BB69187AA2B
SHA-256:	7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
SHA-512:	FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
Malicious:	false
Preview:	<</Settings [/c <<>>].>>

Static File Info

General

File type:	PDF document, version 1.6, 1 pages
Entropy (8bit):	7.963673228281345
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Payment Advice.pdf
File size:	50'748 bytes
MD5:	eff216e55b8a3c51f846949e180d4ea2
SHA1:	78037f2493c0d5add9e29a21fabd057a0ce93536
SHA256:	afa730da16e3e0fa0a2945810173e506c0f0e493dd470970dd0d2519d1ab4798
SHA512:	bc84fbd7366a5adcf6385900e7c8e0b9f8e7363e6378aaeeafe98ea2bcfb6c5f63a1bb1e5c1e5bd6afa289171855aac4dbb5a83c177374697cfa8050612f46dc
SSDEEP:	768:lyb+TrKv7FSzfGEkaQewBFLt7guyeTmkaaU4+cqEoXXnXWCZnMyUxs0rK4l02D:4burKvkVwBpt0uDsaxq5XXWCNMfdl00
TLSH:	C233F160FC4EACFDD3510B8327376D666CFFF25696586290302D164B790CE1E6F8A268
File Content Preview:	%PDF-1.6..6 0 obj..<<../Type /XObject../Subtype /Image../Filter /FlateDecode../Length 16032../Width 1734../Height 130../BitsPerComponent 8../ColorSpace /DeviceRGB..>>..stream..3..J..t..08.+..1..O.4...Nw.n.~.$.<..\|b...LfW20........b..Q.'-....BV.I.&..T`....

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.6
Total Entropy:	7.963673
Total Bytes:	50748
Stream Entropy:	7.996469
Stream Bytes:	46572
Entropy outside Streams:	5.538692
Bytes outside Streams:	4176
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	22
endobj	22
stream	7
endstream	7
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	1
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-31T20:37:41.622022+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	172.202.163.200	443	192.168.2.4	49739	TCP
2024-10-31T20:38:22.074630+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	172.202.163.200	443	192.168.2.4	49748	TCP

Network Port Distribution

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 31, 2024 20:37:42.976587057 CET	52848	53	192.168.2.4	1.1.1.1

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 31, 2024 20:37:42.976587057 CET	192.168.2.4	1.1.1.1	0xc9a8	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 31, 2024 20:37:42.984421968 CET	1.1.1.1	192.168.2.4	0xc9a8	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 6768, Parent PID: 2580

General

Target ID:	0
Start time:	15:37:24
Start date:	31/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Payment Advice.pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 2196, Parent PID: 6768

General

Target ID:	1
Start time:	15:37:29
Start date:	31/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 5932, Parent PID: 2196

General

Target ID:	3
Start time:	15:37:31
Start date:	31/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1724,i,15721545753982683772,17854325307601287913,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Payment Advice.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\fe770ce7-1f85-4bcd-b485-89e681b62655.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241031193734Z-245.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Windows Analysis Report
Payment Advice.pdf