Edit tour

Windows Analysis Report
lnv_00583971_Wellspringcg.pdf

Overview

General Information

Sample name:	lnv_00583971_Wellspringcg.pdf
Analysis ID:	1562747
MD5:	28a8d764ce2f1a851b078d93e86b1d6e
SHA1:	e81e88124d42717d316bc2dd3a86dc2303a9ca87
SHA256:	a30eee91a159de763b9afe6bdf37a73f5354baa561f780c01b07f55f75bfe2dc
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Potential document exploit detected (performs DNS queries)

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 7276 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\lnv_00583971_Wellspringcg.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7464 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7668 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1636,i,8433034692376904357,9430375110467447937,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic

DNS query: name: x1.i.lencr.org

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.dr	String found in binary or memory: http://x1.i.lencr.org/

Source: classification engine

Classification label: clean0.winPDF@14/49@1/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-25 17-48-05-792.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\lnv_00583971_Wellspringcg.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1636,i,8433034692376904357,9430375110467447937,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1636,i,8433034692376904357,9430375110467447937,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: lnv_00583971_Wellspringcg.pdf	Initial sample: PDF keyword /JS count = 0
Source: lnv_00583971_Wellspringcg.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A9d4h4ul_iag12q_5ok.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A9d4h4ul_iag12q_5ok.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: lnv_00583971_Wellspringcg.pdf

Initial sample: PDF keyword stream count = 139

Source: lnv_00583971_Wellspringcg.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: lnv_00583971_Wellspringcg.pdf

Initial sample: PDF keyword endstream count = 139

Source: lnv_00583971_Wellspringcg.pdf

Initial sample: PDF keyword obj count = 178

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false		high
x1.i.lencr.org	unknown	unknown	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.1.dr	false		high

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1562747
Start date and time:	2024-11-25 23:47:12 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	lnv_00583971_Wellspringcg.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/49@1/0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 2.20.60.204, 23.32.238.147, 2.19.198.75, 23.32.238.130, 172.64.41.3, 162.159.61.3, 107.22.247.231, 18.207.85.246, 34.193.227.236, 54.144.73.197, 23.195.39.65, 199.232.210.172, 23.32.238.137, 23.32.238.128, 23.32.238.113, 23.32.238.122, 23.32.238.89, 23.32.238.96, 23.32.238.152, 95.101.50.149
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: lnv_00583971_Wellspringcg.pdf

Simulations

Behavior and APIs

Time	Type	Description
17:48:14	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

Input	Output
URL: PDF document Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: PDF document Model: Joe Sandbox AI	{ "brands": [ "Russell Story" ] }

Joe Sandbox View / Context

IPs

⊘No context

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
bg.microsoft.map.fastly.net	Fumari INC.eml	Get hash	malicious	Unknown	Browse	199.232.210.172
	fpAb6lVZ9A.dll	Get hash	malicious	CobaltStrike	Browse	199.232.214.172
	Customer forms.pdf	Get hash	malicious	Unknown	Browse	199.232.214.172
	IJ9n6ms5CT.exe	Get hash	malicious	Unknown	Browse	199.232.210.172
	Evidence of copyright infringement.bat	Get hash	malicious	Unknown	Browse	199.232.214.172
	AccountDocuments - christinal.docx	Get hash	malicious	Unknown	Browse	199.232.214.172
	Disputes.accdb	Get hash	malicious	Unknown	Browse	199.232.214.172
	ZwmyzMxFKL.exe	Get hash	malicious	BlackMoon	Browse	199.232.210.172
	PVJ6cLZQ0T.xls	Get hash	malicious	Unknown	Browse	199.232.214.172
	Pe4905VGl1.bat	Get hash	malicious	AsyncRAT	Browse	199.232.214.172

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.225681432515878
Encrypted:	false
SSDEEP:	6:HApCY3+q2Pwkn2nKuAl9OmbnIFUt8YApCFcZmw+YApCFcVkwOwkn2nKuAl9Ombjd:gh3+vYfHAahFUt87oc/+7ocV5JfHAaSJ
MD5:	3B2D5A9F36CF77C7AFFB017D41625D37
SHA1:	F0C0EF456C8F2A18B6F0BA4D947017F178272780
SHA-256:	119B5364F6B13C9A2A1D7C857B1D01F8051ABE64099CD8C0DD5B8A59C608E359
SHA-512:	ACA107E103CD49CA5B1EFCC090C12C72D0AEE070B7F6AC6D2E596DB8722FD9F253EE8EA607EC9E246D1741A8BD1F82AF0C40E45833A685BA5F6211D1D4D4E15A
Malicious:	false
Reputation:	low
Preview:	2024/11/25-17:48:03.341 1ddc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/25-17:48:03.343 1ddc Recovering log #3.2024/11/25-17:48:03.343 1ddc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.225681432515878
Encrypted:	false
SSDEEP:	6:HApCY3+q2Pwkn2nKuAl9OmbnIFUt8YApCFcZmw+YApCFcVkwOwkn2nKuAl9Ombjd:gh3+vYfHAahFUt87oc/+7ocV5JfHAaSJ
MD5:	3B2D5A9F36CF77C7AFFB017D41625D37
SHA1:	F0C0EF456C8F2A18B6F0BA4D947017F178272780
SHA-256:	119B5364F6B13C9A2A1D7C857B1D01F8051ABE64099CD8C0DD5B8A59C608E359
SHA-512:	ACA107E103CD49CA5B1EFCC090C12C72D0AEE070B7F6AC6D2E596DB8722FD9F253EE8EA607EC9E246D1741A8BD1F82AF0C40E45833A685BA5F6211D1D4D4E15A
Malicious:	false
Reputation:	low
Preview:	2024/11/25-17:48:03.341 1ddc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/25-17:48:03.343 1ddc Recovering log #3.2024/11/25-17:48:03.343 1ddc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.183010397854911
Encrypted:	false
SSDEEP:	6:HApCXN9+q2Pwkn2nKuAl9Ombzo2jMGIFUt8YApCNJZmw+YApCR09VkwOwkn2nKuA:g++vYfHAa8uFUt872/+79V5JfHAa8RJ
MD5:	0B721E061155414A5E9A571207340D73
SHA1:	0692F8EC1DAA6D1891627E10380BF55886764BD2
SHA-256:	10CF85801C92D0A2A94FC717A816D5173F11683153E5D0A225BAC27E6386A322
SHA-512:	C4BC382F2C1DD089BF4A50503AFCB3E16182066ACBEED386A87CA2BE89EB959CE6EBED6AADDC131B42A7ACF22028D1965AD5240281AA4D28A2CDBDACDE060D2D
Malicious:	false
Reputation:	low
Preview:	2024/11/25-17:48:03.419 1e2c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/25-17:48:03.420 1e2c Recovering log #3.2024/11/25-17:48:03.421 1e2c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.183010397854911
Encrypted:	false
SSDEEP:	6:HApCXN9+q2Pwkn2nKuAl9Ombzo2jMGIFUt8YApCNJZmw+YApCR09VkwOwkn2nKuA:g++vYfHAa8uFUt872/+79V5JfHAa8RJ
MD5:	0B721E061155414A5E9A571207340D73
SHA1:	0692F8EC1DAA6D1891627E10380BF55886764BD2
SHA-256:	10CF85801C92D0A2A94FC717A816D5173F11683153E5D0A225BAC27E6386A322
SHA-512:	C4BC382F2C1DD089BF4A50503AFCB3E16182066ACBEED386A87CA2BE89EB959CE6EBED6AADDC131B42A7ACF22028D1965AD5240281AA4D28A2CDBDACDE060D2D
Malicious:	false
Reputation:	low
Preview:	2024/11/25-17:48:03.419 1e2c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/25-17:48:03.420 1e2c Recovering log #3.2024/11/25-17:48:03.421 1e2c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\1e462477-1e20-4f01-902c-f13ec8d8a6d4.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.967403857886107
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
MD5:	B7761633048D74E3C02F61AD04E00147
SHA1:	72A2D446DF757BAEA2C7A58C050925976E4C9372
SHA-256:	1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
SHA-512:	397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.967403857886107
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
MD5:	B7761633048D74E3C02F61AD04E00147
SHA1:	72A2D446DF757BAEA2C7A58C050925976E4C9372
SHA-256:	1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
SHA-512:	397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5f7282.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.967403857886107
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
MD5:	B7761633048D74E3C02F61AD04E00147
SHA1:	72A2D446DF757BAEA2C7A58C050925976E4C9372
SHA-256:	1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
SHA-512:	397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f4914aca-858b-4448-8be1-e514d1f29555.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.966895279106768
Encrypted:	false
SSDEEP:	12:YH/um3RA8sq22gXhsBdOg2H7caq3QYiubInP7E4TX:Y2sRdsF2gXydMHC3QYhbG7n7
MD5:	360C9B574C8136E88945D2081F8D3D02
SHA1:	1B8897E9D4939ABD8BCFF166E695CE241382BE3C
SHA-256:	E6F04E9A0A8C8C1DA880AEDFE5E610DFACF11229E9974D7CE2D51CBB78485793
SHA-512:	27BCF53EE09492E2FC88DC31B2B89243AE68EA18564A14E5387262BABF1ADFD6F5FEE0B5A17E54A1C24B2C2C20E20BF9189C15BF7AE54DC5E2A5898957B1A841
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13377134892029636","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":661282},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.254744499944381
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7ZDbCjZnjhjZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goY
MD5:	BB31DA7A7284B94459746F646C8E25BC
SHA1:	589C5F9F541863EF68C2014F3883E9837261936D
SHA-256:	B5DCB604E7F741497F9A01CB0DE1C1899EFF3F2500EB3159DA29E9BAF346FCE8
SHA-512:	61F79CD0A5F3FC722A47C4892C7CF86ED8F91E9CB5BAD2F1B02E57011EBBB0FDEF5830E1D24F97598B3DADA3F24F6139E9AB33AD3223B3C964FF4766FF513246
Malicious:	false
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.193036210828881
Encrypted:	false
SSDEEP:	6:HApCg9+q2Pwkn2nKuAl9OmbzNMxIFUt8YApCDJZmw+YApCFXE9VkwOwkn2nKuAlG:g3+vYfHAa8jFUt87M/+7VV5JfHAa84J
MD5:	D22903B4EA8D7CBD8D4E7D7C14707F83
SHA1:	A31EAD7F1EB908D3F4FEAB8DCD515B17DB1A6EDC
SHA-256:	7D4AC4043D3D0DDF131670A50BBA2A7FF92C42A85056CC91A4F7B8C565EEBD45
SHA-512:	D87EE23CBB9DF275D4D5E9519A5C97007C9324903CF96BD1B9466711A7AE93D3E24C3B8E243BF9B5D66B9F9B187DF24A5E5DD047613FFB0EF3B441D523B22D9E
Malicious:	false
Preview:	2024/11/25-17:48:03.580 1e2c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/25-17:48:03.581 1e2c Recovering log #3.2024/11/25-17:48:03.582 1e2c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.193036210828881
Encrypted:	false
SSDEEP:	6:HApCg9+q2Pwkn2nKuAl9OmbzNMxIFUt8YApCDJZmw+YApCFXE9VkwOwkn2nKuAlG:g3+vYfHAa8jFUt87M/+7VV5JfHAa84J
MD5:	D22903B4EA8D7CBD8D4E7D7C14707F83
SHA1:	A31EAD7F1EB908D3F4FEAB8DCD515B17DB1A6EDC
SHA-256:	7D4AC4043D3D0DDF131670A50BBA2A7FF92C42A85056CC91A4F7B8C565EEBD45
SHA-512:	D87EE23CBB9DF275D4D5E9519A5C97007C9324903CF96BD1B9466711A7AE93D3E24C3B8E243BF9B5D66B9F9B187DF24A5E5DD047613FFB0EF3B441D523B22D9E
Malicious:	false
Preview:	2024/11/25-17:48:03.580 1e2c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/25-17:48:03.581 1e2c Recovering log #3.2024/11/25-17:48:03.582 1e2c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241125224807Z-161.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	1.7657052006838339
Encrypted:	false
SSDEEP:	192:lj3phbuUZie1u+2BNNXieeVY+e5wW/HfOKH:lCRe1v2LMeeVOnfRH
MD5:	1F0219C4974222E6D331AF300AC5B966
SHA1:	BC135AC44C93C90DE06FEEDBCDC648022AE66113
SHA-256:	4AD7708D67A58916DF49E50183D260DBD48BE161C7E68B14A855A1BC6BC028E9
SHA-512:	C6AD225D1992D15508118206AE1D2D1A704FA916300E0C087AD4ADC134C16E9156CA8939D29ED66075F81868193AC3E5D3ED105521AA3880ABD6A4367C3FEDF1
Malicious:	false
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.445278569113828
Encrypted:	false
SSDEEP:	384:yezci5tIiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rvs3OazzU89UTTgUL
MD5:	C49C506F4481DFE56C554048A3D82DF9
SHA1:	BCBBCC93C622EDF53F7B4607C0C72B1AF483E9BE
SHA-256:	514C6B937A33A275BA4A10E88DA194C2E4DBB4E82F59A382168938B17927AACD
SHA-512:	6EFF5625A2245B1B04C03C2485EE3B9CAB4FEF0F33B4589238078B91A44BF5606109503A081788E3F8424364CCC459CC72E9207EB626E425D0B160E5B67B543A
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.777001257755099
Encrypted:	false
SSDEEP:	48:7Mfp/E2ioyVMioy9oWoy1Cwoy1IKOioy1noy1AYoy1Wioy1hioybioyWoy1noy1o:7kpjuMFzXKQfBb9IVXEBodRBkRA
MD5:	96DC641DA0CAA7C1E8FB70B3D49AD16B
SHA1:	959F2EDFEB09A74ED4F60EDDB7EDDAB1A4057A43
SHA-256:	38D2A07A8542656D72F47CC8B433B9E276BAE5FCE9BDE2FDB4290366588D5B6A
SHA-512:	7A0DC4E3EB0F9B3DC6874717F181E18D00AC3189CABA5AEC6CEC3DD3A08B405CB6EF4264018195EF55C8CCEE3A58E6B5BAF39314964A1BABF292D8474726CFD5
Malicious:	false
Preview:	.... .c........P...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.7686775296558497
Encrypted:	false
SSDEEP:	3:kkFklsQEltfllXlE/HT8kVz1NNX8RolJuRdxLlGB9lQRYwpDdt:kK1QMeT8w3NMa8RdWBwRd
MD5:	5FB46437381FBF38E99C53E4E70A8A1B
SHA1:	1DD206096C970C118F3D6C7AF1E57F9BF8F8FBBC
SHA-256:	512E456FEF0C8D1E11098E0A0C341B719F2FA16EB29A3F2653E447861CD99AE7
SHA-512:	9113C4BEE4937807EEF866A9B4696F0E8EA2250B2D1452F01A145F3F10B3AB226EE6A371EB0C11B212B64F1B3DDD768D58ECFF81C94CE339E986432B510D5876
Malicious:	false
Preview:	p...... ........_.\|..?..(....................................................... ..........W....g:..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.239696782083497
Encrypted:	false
SSDEEP:	6:kKswsL9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:UZiDImsLNkPlE99SNxAhUe/3
MD5:	659C1F15231BC0E9C40FF8AE02861B0B
SHA1:	6A9507DE53A0D5769822F283F7E350741FDECCCF
SHA-256:	8CAA76D278B20F3DF92E658FD8D63BC62C91BD92FC765C8C4104A3BE45566FD6
SHA-512:	FAFB062EA3F534F51FAE8200B497C28C81853E2A128EBBBB171AE9B3AFA84538C1BA4D30EBABD9941F3B5B8780B5CAF3D371353927403968C29E663D35303BBB
Malicious:	false
Preview:	p...... ..........q/.?..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	243196
Entropy (8bit):	3.3450692389394283
Encrypted:	false
SSDEEP:	1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
MD5:	F5567C4FF4AB049B696D3BE0DD72A793
SHA1:	EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
SHA-256:	D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
SHA-512:	E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.355959610057348
Encrypted:	false
SSDEEP:	6:YEQXJ2HX+EzRHs/KlCcArH9VoZcg1vRcR0YseoAvJM3g98kUwPeUkwRe9:YvXKX7zXlfArkZc0vxVGMbLUkee9
MD5:	0FE42657672CF421FE6B3CB854C81E83
SHA1:	72C5EFB62EAE1239ECAA7CD6128C8B6C916FD536
SHA-256:	11F9884514EEC67C52A8A660132F10CB3BC7C98DA0AAA64ECD08A0EACA55C256
SHA-512:	7178B9267F3C844DDB1B033AAC434B453A0C033E3ABE72707BD10EA517916FB75892525C4D05FCC46D202AC7CE5D60154ACBF99B46170C8CAF9EDF6EF9503937
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"38cc4a9a-4e4b-4a38-9235-990d39e19f79","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732752165030,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.305295664992402
Encrypted:	false
SSDEEP:	6:YEQXJ2HX+EzRHs/KlCcArH9VoZcg1vRcR0YseoAvJfBoTfXpnrPeUkwRe9:YvXKX7zXlfArkZc0vxVGWTfXcUkee9
MD5:	A7F1A531D9CED3121167AB87E7D263B8
SHA1:	71BCF9B161408979A99E360677B9F426B5B3C1AC
SHA-256:	AE5EDF832F8B7ADEED88F245860D6AF177CED0174049A58502815B07FA1B7B9E
SHA-512:	09F96C8BC7FCA3BDE38FA8EB9666A2C227BEB294F8554B80FA3E6BEB0CB6EAA981D6B3ED6E7596ABCA3C573E14CB68456BD775F008B0D227730A49F60AEE8A04
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"38cc4a9a-4e4b-4a38-9235-990d39e19f79","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732752165030,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.283843981518406
Encrypted:	false
SSDEEP:	6:YEQXJ2HX+EzRHs/KlCcArH9VoZcg1vRcR0YseoAvJfBD2G6UpnrPeUkwRe9:YvXKX7zXlfArkZc0vxVGR22cUkee9
MD5:	61CA12320AC10DB63E18424647E6F8E6
SHA1:	C1B80FEB8F88779D2179CCE8579C65EBF643A13F
SHA-256:	981DCBFB47215A9992DBF5D0FB26D92E6C4433EEAC259A466A3651EE4D134B52
SHA-512:	51D6BB1C9A68BFD0B1E015DD20CA68DAA5DA701661653B565592C86072CCD119FBD88DEA5BD8586269D0FF8D0DF547E6B8E59EA1B324A6CBD9B6C77EA05AA01C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"38cc4a9a-4e4b-4a38-9235-990d39e19f79","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732752165030,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.342710334629355
Encrypted:	false
SSDEEP:	6:YEQXJ2HX+EzRHs/KlCcArH9VoZcg1vRcR0YseoAvJfPmwrPeUkwRe9:YvXKX7zXlfArkZc0vxVGH56Ukee9
MD5:	D0330007B3DD69A7757B5A6E7D64643E
SHA1:	7DCD0E5D7C7BD48E29C86DB3AF8C366451E61F82
SHA-256:	8DFE7111F5B273EF00CFF22B9630726C148FE4DCB620328AC824A1B17054A1A1
SHA-512:	21423D85CDF172A9F31F2E12D5AA2DE055D7891BD8D747D2ECDD61F8B35D85629A5F5010993931964FF2DA1B58F65B254AA417DE251FD6F7AC521DF0632A6AD5
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"38cc4a9a-4e4b-4a38-9235-990d39e19f79","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732752165030,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1123
Entropy (8bit):	5.685899620145205
Encrypted:	false
SSDEEP:	24:Yv6XnhArkzvx6pLgE9cQx8LennAvzBvkn0RCmK8czOCCS9t:YvCWrsohgy6SAFv5Ah8cv/9t
MD5:	4CCC002B1C7FBBDC50D554AD1655AB65
SHA1:	31CD7BF6F5B650334B094FD736FD13D97F9201EF
SHA-256:	82CC6E753DE29B1F06C4BAF2D8D23F0AA9912A5C651055854241E18225E3ACA4
SHA-512:	4EB41AF69D5D6D8C215CD8EA779F7C79766AB98C812C5CFDE08C9C86DA5D62909B2E7150F67534DA8A69E6EC3D05978FB5E396D0672DAEF8596E652E95EA9B9A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"38cc4a9a-4e4b-4a38-9235-990d39e19f79","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732752165030,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1122
Entropy (8bit):	5.681392782921979
Encrypted:	false
SSDEEP:	24:Yv6XnhArkzvxcVLgEwcp06ybnAvz7xHn0RCmK8czOCYHfl8zdB+t:YvCWrs6FgSNycJUAh8cvYH3t
MD5:	0C92DE1D3C764380CA42D04C02F7B2DD
SHA1:	81D1C79E9E8DDC28983454E1739F87D289BA00E8
SHA-256:	F4BB9BBF8253171B831281133B8467B7050A93FB5348944860800F6E7973B047
SHA-512:	AA9C76107973160D0AB75F7B8560C3C93556CA47207D2169FAC4F6B9BFB89ADB32E29E72EF2299AD3B68AA1B55842CC848C24D6EFA4ADF74111260D7FB650501
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"38cc4a9a-4e4b-4a38-9235-990d39e19f79","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732752165030,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_0","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"1aad653c-ef44-43f7-be1c-3a2ba2cf2cfc","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuIFBERiBmb3JtcyAmIGFncmVlbWVudHMuIn0sInRjY

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.293521295698083
Encrypted:	false
SSDEEP:	6:YEQXJ2HX+EzRHs/KlCcArH9VoZcg1vRcR0YseoAvJfQ1rPeUkwRe9:YvXKX7zXlfArkZc0vxVGY16Ukee9
MD5:	204E339CED1B81B6FC281F1D24C221E6
SHA1:	2886A29711A92C83389564FC997485C999507036
SHA-256:	AB5AAE65CB84C328D4264E5E02513F4A0E980B35BCAF9351A30A1619F7304477
SHA-512:	CDE19C235672EEF0D9722A518911D5038DA84C2FBB980C7008E18237DD0B7222F109552C8F282589594406FF4973A15FDDDEB3CE2694D20860E9A39D90A031C3
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"38cc4a9a-4e4b-4a38-9235-990d39e19f79","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732752165030,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1102
Entropy (8bit):	5.670787736371187
Encrypted:	false
SSDEEP:	24:Yv6XnhArkzvxB2LgErcXWl7y0nAvzIBcSJCBViV+t:YvCWrsnogH47yfkB5kV9t
MD5:	250602E94E2F9E943DFA12FF79C4A5BA
SHA1:	59DDE6165D84B427163D11614E984FEBC91AE5A7
SHA-256:	3445C7FAA5E924F68BC14F4D3C8FDCEAD7FE9F174D16388936D5BE717D61E995
SHA-512:	7A12EDBD0349CBDE69C82DAE6FDD64C019E9B162E280C40957034961CE55BEC0167CA411B37553A954248832A2A3E544F8C602095B47282EA9E32E1655667D44
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"38cc4a9a-4e4b-4a38-9235-990d39e19f79","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732752165030,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_1","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"533ab5eb-b236-4889-89a5-ac002261d71e","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkVkaXRQREZSZHJBcHBGdWxsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTRweCIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTJweCIsImZvbnRfc3R5bGUiOiItMSJ9LCJ0aXRsZSI6bnVsbCwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiJ9LCJ0Y2F0SWQiOm51bGx9","da

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.698935974968712
Encrypted:	false
SSDEEP:	24:Yv6XnhArkzvxBKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5+t:YvCWrsLEgqprtrS5OZjSlwTmAfSK4t
MD5:	0041E1AF0E3B06F4736B72593A77F0C1
SHA1:	E10BE4DDF901E59650DD01A74DC6A8AF99AE4C14
SHA-256:	A923A106B08C8E2B28D230902BA52BD7E7F019E0346DEC7590421CBE824A64A6
SHA-512:	4C7DD534FAEA6F94055E685B32A275964F3888678D8706642925C19857DA122FBA73D5CFCD0E658239735F37A58B19109D8CF829DF715B414613D2B74112A9F8
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"38cc4a9a-4e4b-4a38-9235-990d39e19f79","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732752165030,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.295509778860321
Encrypted:	false
SSDEEP:	6:YEQXJ2HX+EzRHs/KlCcArH9VoZcg1vRcR0YseoAvJfYdPeUkwRe9:YvXKX7zXlfArkZc0vxVGg8Ukee9
MD5:	12853ADA16084FBCD73F8A2008A57C9C
SHA1:	A16045C4A7B556FD74965B73B625D3BADD4E6427
SHA-256:	EDC83A0D0D08560767C09B27E4DF7ECFBCA754327E91F99D1ABD263CE7AA71F9
SHA-512:	100E0481AD0168A73B544FD428658C1D4019FB253A9CBC60B806F71DFA18C4D2456DDC15B2710252A34B19091584B6D8142A5D7D9EF002E8D50CEA647D1B7CF1
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"38cc4a9a-4e4b-4a38-9235-990d39e19f79","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732752165030,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	5.281780089421757
Encrypted:	false
SSDEEP:	6:YEQXJ2HX+EzRHs/KlCcArH9VoZcg1vRcR0YseoAvJf+dPeUkwRe9:YvXKX7zXlfArkZc0vxVG28Ukee9
MD5:	17281EC8B5D22B3F7E795166451AFDE0
SHA1:	C03E96410A7CC50AC9DF21BC5560330628AC4B39
SHA-256:	FF7C5898B9F985DED9C4187847FD71D3E7DD7FF2C23027669F4291F1043719F9
SHA-512:	DBE79E431C3188D10F94A03F8B369BCCDC6FE3FB4734F11F7A59DCAD5F1154E09997983E70F2F96276DC04FC313F08C20457339E9F6ED089BFEB89994E9EFCB3
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"38cc4a9a-4e4b-4a38-9235-990d39e19f79","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732752165030,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.279087737160574
Encrypted:	false
SSDEEP:	6:YEQXJ2HX+EzRHs/KlCcArH9VoZcg1vRcR0YseoAvJfbPtdPeUkwRe9:YvXKX7zXlfArkZc0vxVGDV8Ukee9
MD5:	636408AFAE1560230F25493DA1089D6C
SHA1:	6DC7B2D0D1CC5DF34EAF70FD43D0160E0DA6BDB3
SHA-256:	46DD1FF7EC7DD2CA75F7080942D39B6E3EEE295E27788EEFF1C46F15EADB1D2E
SHA-512:	3ECBD401E1B81EF752BA10CBED395706EDCAB5309586E39FBDDCB518C53E3F40D4B92FD34C985CDC24C20B967D0FF1C1275665315B93FDE0C0CE4672751BC26A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"38cc4a9a-4e4b-4a38-9235-990d39e19f79","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732752165030,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.283972904017693
Encrypted:	false
SSDEEP:	6:YEQXJ2HX+EzRHs/KlCcArH9VoZcg1vRcR0YseoAvJf21rPeUkwRe9:YvXKX7zXlfArkZc0vxVG+16Ukee9
MD5:	50CA2B58386C810CEC55B2B6101BC2D6
SHA1:	0748F2FE8EBF28FBC05BD2B1AD3176F56F6F2F6E
SHA-256:	C53AB92E783D7C82E663012AAF2243B0B991913EDE501BFFEFBCAF5B9AB828FB
SHA-512:	88E8B3204096E2087B754AB0033618DD5351E6211713EAABD54AE9BF28CB9345530B2DF9475AE61847EB83EADE38108094ECA83998A41F6606E616C4E2C1DC86
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"38cc4a9a-4e4b-4a38-9235-990d39e19f79","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732752165030,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	5.66292508446706
Encrypted:	false
SSDEEP:	24:Yv6XnhArkzvxmamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BS9t:YvCWrs6BgkDMUJUAh8cvM9t
MD5:	1FB6DAE66B9EF6DA09AA825F36A597A6
SHA1:	1B29745C85C1CD0B617ECACD1D401D27A2A0D56F
SHA-256:	F7C9A2B1C05A02B46676CA421C76984203430324753F38418E4BC638805B5E00
SHA-512:	3D408C1B4B73DC0F23E23BA37B3DE33758CDD3577994037291CA6D13882853E2E8D9B4F79CAF8ADB7636D705C1407E7B7E70D68E00CE7B07520511CB1E664DA2
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"38cc4a9a-4e4b-4a38-9235-990d39e19f79","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732752165030,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.260318288409795
Encrypted:	false
SSDEEP:	6:YEQXJ2HX+EzRHs/KlCcArH9VoZcg1vRcR0YseoAvJfshHHrPeUkwRe9:YvXKX7zXlfArkZc0vxVGUUUkee9
MD5:	17D0F7535195C1C85800122101BF1385
SHA1:	6B577F77A07CBCC44BCF9812FBE45C7E13643A21
SHA-256:	BC678A7872FA41195F4579A90F97AB4EA221BABF99B9ADDC5AEFFD814486C34F
SHA-512:	504D2913A9EA008E7AFB160B3D9CE3FC485B52004D8ABA5B4AE9FE4BCD9212C1B899C136F9B3AF0E392623D778D114D2905B25C6F2C5B4B6D77532216228AB34
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"38cc4a9a-4e4b-4a38-9235-990d39e19f79","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732752165030,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.364601695385208
Encrypted:	false
SSDEEP:	12:YvXKX7zXlfArkZc0vxVGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWSe:Yv6XnhArkzvxx168CgEXX5kcIfANh9e
MD5:	4F491B47E1DE9F8149DE783D5FAED057
SHA1:	E87780738A6BF85D6D8C21F08632C68AB5E82F91
SHA-256:	85925283AD5F6FB6491ECDBE226A8DCAC2011992C626D9DE6E0BCBD1629B9EE1
SHA-512:	9203939396F46796F590C261315EA5E82CB8A5416AC73DE77F96D605CA17D2B115483C48949A62D44BF87155E644F3E09CF3D2D98EF53D65898042E29DC0D0A3
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"38cc4a9a-4e4b-4a38-9235-990d39e19f79","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732752165030,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1732574895061}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2817
Entropy (8bit):	5.139317843355644
Encrypted:	false
SSDEEP:	48:Yi2o35RtsWPub7Lbdq6cYTJeq/uxNmiki5lr9OZ:Qo3iW+Lb46fTJrQmrATOZ
MD5:	D7F40FD977F9DE77A33FBB0F692ADD79
SHA1:	0737F63CCA03739A6531A7DFCCD89BA2160A787F
SHA-256:	1CEB763DA813065E3A9149A63D9EA340BB7C4F10715B882D260B717B47E45D23
SHA-512:	8ED16AAE026BE0DB9E96580889E2BE63CE32406B76210730D022A753359813D9D159329DB68FD81A969EB4635CBFA615BF95D64B00A8F77A929E671E3105FF67
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"ba36ed92a221c575412d8468bdcf656f","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1122,"ts":1732574894000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"a9f6e8edc05eee681de5845bbfdc4e4e","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1732574894000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"4373b13ed6d0c12ac0dc2e3d3311c85a","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1732574894000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"a6f2e250b8d76e712480f064d2cdb987","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1732574894000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"a23ddd1c637774eb6218d0f1171ed261","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1102,"ts":1732574894000},{"id":"Edit_InApp_Aug2020","info":{"dg":"b8242d757382353b30515fcf207d5a6c","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1878554028868273
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUUdSvR9H9vxFGiDIAEkGVvpt:lNVmswUUUUUUUUd+FGSItp
MD5:	70ED99E811408F11B7B819EB11B78B2D
SHA1:	47D7D4A03C501192B3A121A2711EF7C45327D640
SHA-256:	5B49AABEFD6D15505B037151C8007A76DA9D7236226DECBA12D3D00C75315817
SHA-512:	205192A3E6587B66E96E0EABF7425E4CF7294158580BEE16F70C45224CF168DDD07E7AEC7F57ECA6639C1CD70A856BA10F110EA66E0C19F5FD6C12E6FC0FF9E1
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.607232442781679
Encrypted:	false
SSDEEP:	48:7MuKUUUUUUUUUUlvR9H9vxFGiDIAEkGVvuqFl2GL7msw:7WUUUUUUUUUUBFGSItAKVmsw
MD5:	3E355ABA6A9363581089E45A3DEA6F67
SHA1:	2DEC89A4580D056ED15672BEBAEE37600BFDD8E8
SHA-256:	B98011550B78D31A457F61835F313672C00FD0B3977E9DB7B112B7511AF6728C
SHA-512:	DE8024C273105EF57F5CC343EC7B73AC47AED716F6EACFC522430B4959FCBADF10B6FC9D07735B0137175A662884CC8082E59513606970721098F33940F36D01
Malicious:	false
Preview:	.... .c.......R.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	66726
Entropy (8bit):	5.392739213842091
Encrypted:	false
SSDEEP:	768:RNOpblrU6TBH44ADKZEgdPu3mXVL+uT0H5UtBu0LcEYyu:6a6TZ44ADEdm3mXVymntpK
MD5:	EA2FB602F7427D01BE005E2563F2B3F1
SHA1:	E732BC54F5461AD7A60859CFB8EE2AB23522378D
SHA-256:	66886791018A4BA02FDA4EA8469F83CD3FBCE884669DFFAE8FDCA31DDC2CAC12
SHA-512:	DE2B610D304CC05ECF2B8DEE65788D5A498C8F7FB254E2DE0B9F4AEFDD87E48612F270F77E598C7BADB9A33F945EE18A4E17C624478B0F77A5C4804D596D6760
Malicious:	false
Preview:	4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

C:\Users\user\AppData\Local\Temp\MSIf35b7.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5029068020919194
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8fv/MH:Qw946cPbiOxDlbYnuRKF
MD5:	10C97271E6C5221160941CAB6327590E
SHA1:	42B9489A6DE77F57385C6244496C96700C44EA72
SHA-256:	A36ECE2D68AE96FFF899D281156FF3B94E14678F1C2F879B3802E8335D17EBB8
SHA-512:	3DDA6CB058CB28C0EA9BACE563B26FC8BD0A396F6B441810F9E36579BA26AEE3AF308B7AAD0C3F7DB5709DC78920B6A5E47E31E99D751F4A09E70E3DD80C4496
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.5./.1.1./.2.0.2.4. . .1.7.:.4.8.:.1.1. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9d4h4ul_iag12q_5ok.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	4.9789882877699325
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOZ5gLbgLvmCSyAAO:IngVMre9T0HQIDmy9g06JXILELvmlX
MD5:	2C4B9BBE68E8367186CE5A48A5556E00
SHA1:	FB3C0E9B0B74DAC7653A3FB79733F32FE6AF4E31
SHA-256:	D14984BDD4EB95B334C88E66FB696CC70CC30039E5F37A1B0655E2B00DF42C47
SHA-512:	4592BD1B2695B2FD2378B822E230AE00F67BA9996CA721C450436940CA22162BD5C814A0B1026E5740938647CE826C2BB633CC489A5AD4EEF71058B278EAE10C
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<B373108113E0044689D78A6D8F6F00F6><B373108113E0044689D78A6D8F6F00F6>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-25 17-48-05-792.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.345893852983965
Encrypted:	false
SSDEEP:	384:557cDFqDFiTB3K6Sy73WNnCvjsRHPLHXjrjUjC0Oy020PFeI/ZUyvoUC7CfW3xnd:NCt
MD5:	57A5A1CAB609CC5B327DD86DEC8E4B66
SHA1:	EA22B019A56C865B7A17D4CC528B995673626BED
SHA-256:	C829714992E184A10545675071D04AC84830244490BCC6374143A368B3432851
SHA-512:	E7F83469240C1F96A4ACF19FA6F6CF2E8A45529DB365D975152CE45AFEFDC1B56B3C90DDC7608162650C7CC25F18611E364E187BBAC39B2B93781AD3083523CE
Malicious:	false
Preview:	SessionID=0f45d2a0-d119-40bd-a8b9-447a198e4c1a.1732574885802 Timestamp=2024-11-25T17:48:05:802-0500 ThreadID=3368 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=0f45d2a0-d119-40bd-a8b9-447a198e4c1a.1732574885802 Timestamp=2024-11-25T17:48:05:803-0500 ThreadID=3368 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=0f45d2a0-d119-40bd-a8b9-447a198e4c1a.1732574885802 Timestamp=2024-11-25T17:48:05:803-0500 ThreadID=3368 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=0f45d2a0-d119-40bd-a8b9-447a198e4c1a.1732574885802 Timestamp=2024-11-25T17:48:05:803-0500 ThreadID=3368 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=0f45d2a0-d119-40bd-a8b9-447a198e4c1a.1732574885802 Timestamp=2024-11-25T17:48:05:803-0500 ThreadID=3368 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.3904487761628666
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r8:Y
MD5:	9BF836E53A86BF32DC594E32A19CF499
SHA1:	B124413F4726818A20362B00750AA9F32538C8D8
SHA-256:	DD5C95BD3EF7E9DAF003BF0D30047331B8255685B3CACBD98D1211CE6F07CE0D
SHA-512:	22FE88B94C7B94485E33EB5266EBF4F122675B84A51B9F1B9373B9AB2DFD7ED008B01F7842D1B075ED87DD1A725A0610659C4FCC70B59C44B4737C579BC32FBF
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\330e34e0-776c-4cf9-921b-b8fbeb76a159.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\3807317d-071c-4513-a186-2aa434a6c089.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\5606d2e8-985b-471e-ba6e-0108ae92b86e.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\d818ff8e-a4ec-44a8-af0a-3ae6e7f0e7a2.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/gWo7okZwYIGNPpaGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:4W9kZwZGfaGZn3mlind9i4ufFXpAXkru
MD5:	C6A2854D0D7C79FAB1B52BF642E2EF1D
SHA1:	353E0D975D75E75F843044604865FD4B0F349FBF
SHA-256:	87A3A1210EB114B538EB0FC8700C0DF3835BFEC6E5B4A882B7D196DB345E2EC1
SHA-512:	80C4B62C4AAF204FC05B68B506D26D307DB932994A51FC4142F689E7FB3EF814BEBFCA4E96648D939A78A13E75073838D2DA1F66E6367F331B103A817A3CC03B
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

Static File Info

General

File type:	PDF document, version 1.4, 1 pages
Entropy (8bit):	7.9253981745254185
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	lnv_00583971_Wellspringcg.pdf
File size:	240'277 bytes
MD5:	28a8d764ce2f1a851b078d93e86b1d6e
SHA1:	e81e88124d42717d316bc2dd3a86dc2303a9ca87
SHA256:	a30eee91a159de763b9afe6bdf37a73f5354baa561f780c01b07f55f75bfe2dc
SHA512:	51f65a5e680807f3942f006d7629076bd6014e9412c1ed74fde4395729367ca7f53b1fd4fb99338d37b78dfec6dd9e312a41ab816875855f41e024acfb77f6f7
SSDEEP:	3072:dwdvvTMwOn889l8He/zTSNha8KnwVAyiQvpSHAzYdtT8yLeowcUvI9TT6l:pnp9l8Heau8KnwVFvoAzqtwyKopFTQ
TLSH:	5834D1B4E626C85CF55D9105E52D36788FECB1E37AC424A21C3C8FCAB50DA05EB63197
File Content Preview:	%PDF-1.4.%.....1 0 obj.<</Creator (Chromium)./Producer (Skia/PDF m130)./CreationDate (D:20241121200135+00'00')./ModDate (D:20241121200135+00'00')>>.endobj.3 0 obj.<</ca 1./BM /Normal>>.endobj.4 0 obj.<</CA 1./ca 1./LC 0./LJ 0./LW .76300001./ML 10./SA true

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.925398
Total Bytes:	240277
Stream Entropy:	7.996660
Stream Bytes:	212914
Entropy outside Streams:	4.992531
Bytes outside Streams:	27363
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	178
endobj	178
stream	139
endstream	139
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
5	0022222211110000	8f9830e2317c459ccaccde223926a865
7	41034b6b3b3f2b6a	d60d48647431226fc20c944ddcd240a1

Network Behavior

Network Port Distribution

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2024 23:48:13.647280931 CET	53278	53	192.168.2.4	1.1.1.1

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 25, 2024 23:48:13.647280931 CET	192.168.2.4	1.1.1.1	0x65c1	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 25, 2024 23:48:13.977047920 CET	1.1.1.1	192.168.2.4	0x65c1	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 25, 2024 23:48:15.754815102 CET	1.1.1.1	192.168.2.4	0xc5df	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Nov 25, 2024 23:48:15.754815102 CET	1.1.1.1	192.168.2.4	0xc5df	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 7276, Parent PID: 2580

General

Target ID:	0
Start time:	17:48:02
Start date:	25/11/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\lnv_00583971_Wellspringcg.pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7464, Parent PID: 7276

General

Target ID:	1
Start time:	17:48:03
Start date:	25/11/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7668, Parent PID: 7464

General

Target ID:	3
Start time:	17:48:03
Start date:	25/11/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1636,i,8433034692376904357,9430375110467447937,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report lnv_00583971_Wellspringcg.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\1e462477-1e20-4f01-902c-f13ec8d8a6d4.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5f7282.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f4914aca-858b-4448-8be1-e514d1f29555.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241125224807Z-161.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Windows Analysis Report
lnv_00583971_Wellspringcg.pdf