Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BFAH EIN.pdf

Overview

General Information

Sample name:BFAH EIN.pdf
Analysis ID:1417267
MD5:4ade6ef77b904f97c0aa224a1985aa73
SHA1:c4595a3bddcfff19cb2aae28a663d16c5f6d04d2
SHA256:55dc1c8b818b0b870db1082c39037dce15e693f156763a237af17e7916a81af3
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7460 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\BFAH EIN.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7628 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7844 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1572,i,5647836430669080431,3322115967871796701,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 23.205.76.135:443 -> 192.168.2.4:49739
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 23.205.76.135:443 -> 192.168.2.4:49739
Source: global trafficTCP traffic: 23.205.76.135:443 -> 192.168.2.4:49739
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 23.205.76.135:443 -> 192.168.2.4:49739
Source: global trafficTCP traffic: 23.205.76.135:443 -> 192.168.2.4:49739
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 23.205.76.135:443 -> 192.168.2.4:49739
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 23.205.76.135:443 -> 192.168.2.4:49739
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 23.205.76.135:443 -> 192.168.2.4:49739
Source: global trafficTCP traffic: 23.205.76.135:443 -> 192.168.2.4:49739
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 23.205.76.135:443 -> 192.168.2.4:49739
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficTCP traffic: 192.168.2.4:49739 -> 23.205.76.135:443
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.205.76.135
Source: unknownTCP traffic detected without corresponding DNS query: 23.205.76.135
Source: unknownTCP traffic detected without corresponding DNS query: 23.205.76.135
Source: unknownTCP traffic detected without corresponding DNS query: 23.205.76.135
Source: unknownTCP traffic detected without corresponding DNS query: 23.205.76.135
Source: unknownTCP traffic detected without corresponding DNS query: 23.205.76.135
Source: unknownTCP traffic detected without corresponding DNS query: 23.205.76.135
Source: unknownTCP traffic detected without corresponding DNS query: 23.205.76.135
Source: unknownTCP traffic detected without corresponding DNS query: 23.205.76.135
Source: unknownTCP traffic detected without corresponding DNS query: 23.205.76.135
Source: unknownTCP traffic detected without corresponding DNS query: 23.205.76.135
Source: unknownTCP traffic detected without corresponding DNS query: 23.205.76.135
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: classification engineClassification label: clean1.winPDF@14/47@0/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-28 20-25-41-478.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\BFAH EIN.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1572,i,5647836430669080431,3322115967871796701,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1572,i,5647836430669080431,3322115967871796701,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: BFAH EIN.pdfInitial sample: PDF keyword /JS count = 0
Source: BFAH EIN.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: BFAH EIN.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive12
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1417267 Sample: BFAH EIN.pdf Startdate: 28/03/2024 Architecture: WINDOWS Score: 1 6 Acrobat.exe 18 75 2->6         started        process3 8 AcroCEF.exe 104 6->8         started        process4 10 AcroCEF.exe 2 8->10         started        dnsIp5 13 23.205.76.135, 443, 49739 AKAMAI-ASN1EU United States 10->13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
23.205.76.135
unknownUnited States
20940AKAMAI-ASN1EUfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1417267
Start date and time:2024-03-28 20:24:53 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 52s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:10
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:BFAH EIN.pdf
Detection:CLEAN
Classification:clean1.winPDF@14/47@0/1
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 104.76.104.172, 52.6.155.20, 52.22.41.97, 3.219.243.226, 3.233.129.217, 23.207.202.135, 23.207.202.166, 23.207.202.157, 23.207.202.150, 23.207.202.152, 23.207.202.156, 23.207.202.149, 23.207.202.158, 23.207.202.153, 172.64.41.3, 162.159.61.3, 23.61.11.41, 23.61.11.34, 23.61.11.5, 23.207.202.141, 23.207.202.146, 23.207.202.161, 23.207.202.144, 23.207.202.160, 23.207.202.138, 23.207.202.159, 23.207.202.145, 23.207.202.130, 23.207.202.169
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
  • Not all processes where analyzed, report is missing behavior information
  • VT rate limit hit for: BFAH EIN.pdf

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
AKAMAI-ASN1EUhttps://ckydb04.na1.hubspotlinks.com/Ctc/OP+113/cKydB04/VW9bQw4skpv3N4QMDhk6pMpJW5g6HvJ5ccjQdN61zzVd3qn9gW7lCdLW6lZ3m-VBhZqP2fNwFyN40GRrrMQlZ-N2TdQmJ13Y6QW10XVPX3kbMHcN4L237-7KHZ5W1zLF7f8GbdtBW2ZKqmb4N84ZcW3QDpzS6S7KJJW5X7x_l7b4v9TW2F362D3Hh1s9W54lklM4T0vLxN7h7S8FNlcHjW20Y8Mn2bFBzVW9hqyrD48FY07W1SGLwZ5DF_9-W40HntB7qL0THW1mF8BY3vVj3gW2n5NX74XPrGTW45qZ3V6l-BrTN7CsbcvdfdyCW5951f94y1-HGN8ZFSwmVlSf3W5fSXSN3-n9KQW8hNdv46-Q6rkf7QDZST04Get hashmaliciousUnknownBrowse
  • 104.117.182.67
http://www.free-pdf-creator.comGet hashmaliciousUnknownBrowse
  • 23.53.35.206
brzffc2GOs.elfGet hashmaliciousMiraiBrowse
  • 104.79.250.64
https://airispharma1-my.sharepoint.com/:o:/g/personal/anagaraj_airispharma_com/EvmEpKGsyxtGnlrgsjVRxi4BOj2g3uhzHgNY6tXqx6wp5g?e=JtdJfIGet hashmaliciousHTMLPhisherBrowse
  • 184.28.130.71
https://mmsinconline-my.sharepoint.com/:b:/p/mamundson/EZ0kVsuFb_RJlwEzXHeEJ1gBaR0hj3PwWMy3ECS1r80Lcg?e=96yHrOGet hashmaliciousUnknownBrowse
  • 23.12.146.141
https://colourlyrics.com/fe/KtHc5ruvtRkZFoArrtthaJsvCmg3Rb7X4JToP666Ry87hz3e3rFuRJGAPKBcoBZjAZJZK4pouqXoieozb8x97ijrpxmdxNfsxaBCR2nGFdZnrhtCVLagarbeJ5bjm2rcgeCmZPnkCo2NqoSFB3o6MQGet hashmaliciousUnknownBrowse
  • 23.62.230.207
I_ REF _ Due Debt 25_03_2024.msgGet hashmaliciousHTMLPhisherBrowse
  • 23.199.63.178
101206 - 24595 - Nymc - 401K - Audit - Change Report 9(Rev) + 10 + 11 + 12-882755.docxGet hashmaliciousUnknownBrowse
  • 23.207.202.10
https://accedi.91-92-243-23.cprapid.com/ING/Get hashmaliciousUnknownBrowse
  • 23.222.79.50
http://l.e.vca.com/rts/go2.aspx?h=170052&tp=i-1NGB-HM-3Pj-PvtZD-1n-RvBTg-1c-GQqHE-l9gB3rmiJb-1aWCvD&x=kcp.silsbeekia.info#am9hbmh1dHNvbkB1c21ldHJvYmFuay5jb20=%2Fleadlink%2F5707702298738688%2Fju.baswin%40equityforgrowth.co.uk%2FFNAME%3ATim%2FLNAME%3ABaldwin%2F%3Futm_source%3DEmail%2BMarketing%26utm_medium%3Demail%2Bcampaign%26utm_term%3DDigital%2Bsoftware%2Bjust%2Bfound%2Ban%2Bexcellent%2Bcurator%26utm_content%3Demail%2Bclick%2Bthrough%26utm_campaign%3DDigital%2BEntrepreneur%2BNewsletter%2BIntro%2B50Get hashmaliciousHTMLPhisherBrowse
  • 23.12.144.110

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):292
Entropy (8bit):5.234241555250704
Encrypted:false
SSDEEP:6:Fbf6vWWSOkQ+q2Pwkn2nKuAl9OmbnIFUt88bf6vWWcsQgZmw+8bf6vWWcsQQVkw0:Vf6v7cvYfHAahFUt8Yf6v6s5/+Yf6v63
MD5:4B2AE8B2720DE8685941000577F9AF76
SHA1:0B5EF660D6833CCCD30C2BB245D0E73742539137
SHA-256:5FAE8DB1A6E61817F5419E40FB166A18A410D77A3A758E462C5D69E8A2578735
SHA-512:CB9C7B47003F5DD741167F0FA887AF31B37D46815C94AEE1E797BE3F10ED15A9D10722551506D6CBAC5AAEBF094A4BAAC094852CDAF441F4B796DA8F1527CAD4
Malicious:false
Reputation:low
Preview:2024/03/28-20:25:39.337 1df8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/03/28-20:25:39.339 1df8 Recovering log #3.2024/03/28-20:25:39.339 1df8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):292
Entropy (8bit):5.234241555250704
Encrypted:false
SSDEEP:6:Fbf6vWWSOkQ+q2Pwkn2nKuAl9OmbnIFUt88bf6vWWcsQgZmw+8bf6vWWcsQQVkw0:Vf6v7cvYfHAahFUt8Yf6v6s5/+Yf6v63
MD5:4B2AE8B2720DE8685941000577F9AF76
SHA1:0B5EF660D6833CCCD30C2BB245D0E73742539137
SHA-256:5FAE8DB1A6E61817F5419E40FB166A18A410D77A3A758E462C5D69E8A2578735
SHA-512:CB9C7B47003F5DD741167F0FA887AF31B37D46815C94AEE1E797BE3F10ED15A9D10722551506D6CBAC5AAEBF094A4BAAC094852CDAF441F4B796DA8F1527CAD4
Malicious:false
Reputation:low
Preview:2024/03/28-20:25:39.337 1df8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/03/28-20:25:39.339 1df8 Recovering log #3.2024/03/28-20:25:39.339 1df8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):336
Entropy (8bit):5.156005971718818
Encrypted:false
SSDEEP:6:Fbf6vLQL+q2Pwkn2nKuAl9Ombzo2jMGIFUt88bf6vhPuGKWZmw+8bf6vFQLVkwOz:Vf6vLQ+vYfHAa8uFUt8Yf6vYGKW/+Yf0
MD5:55E30AB3A4110519D532F289FBDAB4EF
SHA1:D3A680FBFD010F2CED62412F2ED8AABCE7A84908
SHA-256:65A227D479130E55BC1DE8F589B6BCD525A177D8059123BB3EEAFEB1C096DBD4
SHA-512:84BC66816BE84C4AC204041F0E2FF8B4BB918E1D5CC54A337685C2C5AF68CBEF024BAA8CDC9026926D9744E702B3A347EE92C68BC30E2A9B02C177192DC92913
Malicious:false
Reputation:low
Preview:2024/03/28-20:25:39.429 1eec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/03/28-20:25:39.431 1eec Recovering log #3.2024/03/28-20:25:39.434 1eec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):336
Entropy (8bit):5.156005971718818
Encrypted:false
SSDEEP:6:Fbf6vLQL+q2Pwkn2nKuAl9Ombzo2jMGIFUt88bf6vhPuGKWZmw+8bf6vFQLVkwOz:Vf6vLQ+vYfHAa8uFUt8Yf6vYGKW/+Yf0
MD5:55E30AB3A4110519D532F289FBDAB4EF
SHA1:D3A680FBFD010F2CED62412F2ED8AABCE7A84908
SHA-256:65A227D479130E55BC1DE8F589B6BCD525A177D8059123BB3EEAFEB1C096DBD4
SHA-512:84BC66816BE84C4AC204041F0E2FF8B4BB918E1D5CC54A337685C2C5AF68CBEF024BAA8CDC9026926D9744E702B3A347EE92C68BC30E2A9B02C177192DC92913
Malicious:false
Reputation:low
Preview:2024/03/28-20:25:39.429 1eec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/03/28-20:25:39.431 1eec Recovering log #3.2024/03/28-20:25:39.434 1eec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:dropped
Size (bytes):474
Entropy (8bit):4.966884575788488
Encrypted:false
SSDEEP:12:YH/um3RA8sqZwtcJEsBdOg2HXcaq3QYiubInP7E4T3y:Y2sRdsHcJpdMHW3QYhbG7nby
MD5:1780B7704733BF6C122EF2147AF2DDF1
SHA1:29D38052A59ED30BD5CC47F520A5C1DBAB960650
SHA-256:B38D289F308E0F8EFB6DA06522B7959505CD2748541A163B09002C0D5CEB6970
SHA-512:6B343CA1EB50B1C158C5DA66F413162CAE8CC55C07AA513F0FE37D8E5EAEB0E25CB51E364B06674DF2D4B161BB0953EDE68E7DB07F32BE056F4D272D59729292
Malicious:false
Reputation:low
Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13356213951172858","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":96039},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a39c09dc-690c-430f-88b0-47cd397adf8b.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:modified
Size (bytes):474
Entropy (8bit):4.966884575788488
Encrypted:false
SSDEEP:12:YH/um3RA8sqZwtcJEsBdOg2HXcaq3QYiubInP7E4T3y:Y2sRdsHcJpdMHW3QYhbG7nby
MD5:1780B7704733BF6C122EF2147AF2DDF1
SHA1:29D38052A59ED30BD5CC47F520A5C1DBAB960650
SHA-256:B38D289F308E0F8EFB6DA06522B7959505CD2748541A163B09002C0D5CEB6970
SHA-512:6B343CA1EB50B1C158C5DA66F413162CAE8CC55C07AA513F0FE37D8E5EAEB0E25CB51E364B06674DF2D4B161BB0953EDE68E7DB07F32BE056F4D272D59729292
Malicious:false
Reputation:low
Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13356213951172858","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":96039},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:data
Category:dropped
Size (bytes):4730
Entropy (8bit):5.252382088301422
Encrypted:false
SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7oxRhKghKUxZ:etJCV4FiN/jTN/2r8Mta02fEhgO73gow
MD5:DD60E66AF56DC3F9237B63A0D2D30046
SHA1:55EAE783D782E2DF28BE188D165DCF64B96FDA2A
SHA-256:8724AF8A5EB53A9C6B289392A00C4A4905FD6476F6723C59CAA202955228B780
SHA-512:0DA735CBFEED2217A0C3C89615B09F82824D602930DAB691D232F6BDA2E4F6964E057F17F93B6EE23FA4F9110C1FA455603A0C79EB26CB4A0689C74DEDE0E265
Malicious:false
Reputation:low
Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):324
Entropy (8bit):5.187571762474231
Encrypted:false
SSDEEP:6:Fbf6vQOMQL+q2Pwkn2nKuAl9OmbzNMxIFUt88bf6vQ0MGKWZmw+8bf6vQfPjSQLV:Vf6vQOMQ+vYfHAa8jFUt8Yf6vQdGKW/l
MD5:851B58F0BFBAE3E15ACB8C005966F2ED
SHA1:8691CBA2D73077B9F422BA05E9D2C9DC53C67919
SHA-256:E934C8A528DDC367028D11C7F9748FE89D6B1F5ECFF8A3EBC55A4C1D011250CB
SHA-512:3AC944AE79D4A43FC2690F2636977958EF36132CF7CDECFE8909FC9B428FEC8C660A38CEDCFEAE169D53DF5FA8663BAA2A27307991FBECC6ED75E0E8F4C9833C
Malicious:false
Reputation:low
Preview:2024/03/28-20:25:39.563 1eec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/03/28-20:25:39.565 1eec Recovering log #3.2024/03/28-20:25:39.566 1eec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):324
Entropy (8bit):5.187571762474231
Encrypted:false
SSDEEP:6:Fbf6vQOMQL+q2Pwkn2nKuAl9OmbzNMxIFUt88bf6vQ0MGKWZmw+8bf6vQfPjSQLV:Vf6vQOMQ+vYfHAa8jFUt8Yf6vQdGKW/l
MD5:851B58F0BFBAE3E15ACB8C005966F2ED
SHA1:8691CBA2D73077B9F422BA05E9D2C9DC53C67919
SHA-256:E934C8A528DDC367028D11C7F9748FE89D6B1F5ECFF8A3EBC55A4C1D011250CB
SHA-512:3AC944AE79D4A43FC2690F2636977958EF36132CF7CDECFE8909FC9B428FEC8C660A38CEDCFEAE169D53DF5FA8663BAA2A27307991FBECC6ED75E0E8F4C9833C
Malicious:false
Reputation:low
Preview:2024/03/28-20:25:39.563 1eec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/03/28-20:25:39.565 1eec Recovering log #3.2024/03/28-20:25:39.566 1eec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240328192543Z-152.bmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PC bitmap, Windows 3.x format, 164 x -126 x 32, cbSize 82710, bits offset 54
Category:dropped
Size (bytes):82710
Entropy (8bit):0.008364189526979957
Encrypted:false
SSDEEP:3:upll3l/8sfxRj:up/Bj
MD5:DF7E699C428831B8ADF21B83775E2DB9
SHA1:FFCFD39CAFD28A32C5A4C7837E3E31CAD11F88D5
SHA-256:890E8D5937B5427AC08C483E2888680B5B66B738595A0949DCFF369DF4AD562D
SHA-512:91B266733772492FA2438E8876DB2C532EA4A50719F508059A0A5FE4D24A5CD9C81C0093297C3791E7C0F78F2DA299B075EFF419E4B3A179CE2EC9D117F26431
Malicious:false
Reputation:low
Preview:BM.C......6...(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:dropped
Size (bytes):86016
Entropy (8bit):4.445124827132968
Encrypted:false
SSDEEP:384:yezci5tuiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rBs3OazzU89UTTgUL
MD5:DDA213C8107ECE7300926EEB06518170
SHA1:063D7E03CF2710C3147FB2854D6339D5700E8D1B
SHA-256:87C669369E62BD29248A79B9BA972536B1C7C872D31214FC4EBC68EE031CAB81
SHA-512:5F820AC25B1EA61EA75B9C016685E7474D13A4926CB36224F046DFD813CE49DE2F8335D82257FEE6D1788618C6708E9DFCB81DDD2165FAAAC8A7FA197D51E7B0
Malicious:false
Reputation:low
Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):8720
Entropy (8bit):3.772500471914903
Encrypted:false
SSDEEP:48:7Mhp/E2ioyVLioy9oWoy1Cwoy17KOioy1noy1AYoy1Wioy1hioybioyToy1noy1C:7ipjuLFOXKQqZb9IVXEBodRBkA
MD5:CE8CA7C4CEA6B70CF4E1484B41F8139B
SHA1:71D94A7A9BDD0F7B9D07B36DA527E6877FA5528D
SHA-256:5FD93D922822BCCCC8388AE821E1D46DDFAE1F426654F9960CCF4035A0559D28
SHA-512:79A9C1DB09DC0B60C95E46B0DD5B03CC7458B6EF3FD0A644F8B4F7FC5D6C2A8D46542DCDFB2A281329C2AB15621E4B4EEE47B2ACFEEC43881BCD3E7AF2F3EE46
Malicious:false
Reputation:low
Preview:.... .c...... K................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):1233
Entropy (8bit):5.233980037532449
Encrypted:false
SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
MD5:8BA9D8BEBA42C23A5DB405994B54903F
SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
Malicious:false
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7548

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):1233
Entropy (8bit):5.233980037532449
Encrypted:false
SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
MD5:8BA9D8BEBA42C23A5DB405994B54903F
SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
Malicious:false
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):1233
Entropy (8bit):5.233980037532449
Encrypted:false
SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
MD5:8BA9D8BEBA42C23A5DB405994B54903F
SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
Malicious:false
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):10880
Entropy (8bit):5.214360287289079
Encrypted:false
SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
MD5:B60EE534029885BD6DECA42D1263BDC0
SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
Malicious:false
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7548

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):10880
Entropy (8bit):5.214360287289079
Encrypted:false
SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
MD5:B60EE534029885BD6DECA42D1263BDC0
SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
Malicious:false
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:data
Category:dropped
Size (bytes):244540
Entropy (8bit):3.3415042960460593
Encrypted:false
SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwggErRo+RQn:yPClJ/3AYvYwgrFo+RQn
MD5:758B42992DDFC41CB5E57069C621B54A
SHA1:D0C28AF6CF1BD2208DA97DEDE57F6C78CEC98DCD
SHA-256:55DF75758DD6CA825ED2DC9380EDC8469351191308C34CACFC44205197ABD25D
SHA-512:437918372167A402005A728DCBBEF7B3A9580B794AD6A948A435C9D57C1672ACC1B7376E2A09113B66600EF5049D23625174256565BC639125A2F2BD07928926
Malicious:false
Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):295
Entropy (8bit):5.362032468864684
Encrypted:false
SSDEEP:6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJM3g98kUwPeUkwRe9:YvXKXeethEZc0vtGMbLUkee9
MD5:EC1B14AD912E597672DADBDFAECABF3E
SHA1:C8B952C048765A5E264EA8DFDEB7191F33E74E17
SHA-256:3CD4D087BBA7D9EDA14E2C9ED2C3E2213F410B83A9217FDA454FEC9F27740485
SHA-512:B43365EDF13C636BDD12DD596466096100989D2121CDED54965804470AEE46C9B82499407B6038D22D35785ED69AB2E74D4EB770B4A4E79A449CC2BDCD79496F
Malicious:false
Preview:{"analyticsData":{"responseGUID":"325ce3fc-1453-4210-8ad7-7aa98b4a539f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711831439039,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):294
Entropy (8bit):5.311386192274695
Encrypted:false
SSDEEP:6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJfBoTfXpnrPeUkwRe9:YvXKXeethEZc0vtGWTfXcUkee9
MD5:A1FB17B83D402B30CEE05F14C49BC213
SHA1:E56F414AF50BF0C5BC6503B3A332E1606E6F462D
SHA-256:A85F53E7F5670301381B91F7945DBB9D6E666F897C9648F385F80D1FA1CBBA2A
SHA-512:763ED6B87F0A0E5E94F3926111A8FD59D0FE9E1C1CC1F2B809B05FCA5E6156EFB3287D0D34FD04F61D78A5124A1B987AB3E1730E9FF8059BBF422F84ACADFE5B
Malicious:false
Preview:{"analyticsData":{"responseGUID":"325ce3fc-1453-4210-8ad7-7aa98b4a539f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711831439039,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):294
Entropy (8bit):5.289645687632503
Encrypted:false
SSDEEP:6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJfBD2G6UpnrPeUkwRe9:YvXKXeethEZc0vtGR22cUkee9
MD5:9FC9C526ABFCED3882EBEF507360E724
SHA1:C4FBC49C8F7D7469101FF8EA5F35DBAA351F9712
SHA-256:1378C4D323D65E033EF54C7FDC2425466615E9B7207BB3840861758ABADC3C15
SHA-512:8DF198FF38A2ABDA6972E0B2E3C55B1270565AE15F8E7A1018275467C068FAEFA11F15A6C5111B202064D92A71BDBBF9CE0C78C06A63C244C061120F511F61AC
Malicious:false
Preview:{"analyticsData":{"responseGUID":"325ce3fc-1453-4210-8ad7-7aa98b4a539f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711831439039,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):285
Entropy (8bit):5.34899627620186
Encrypted:false
SSDEEP:6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJfPmwrPeUkwRe9:YvXKXeethEZc0vtGH56Ukee9
MD5:302057967207F3E2DDA4F81E720EEA83
SHA1:C3D01E8D359A5416359539A6C6AC4B68FAB43D8E
SHA-256:D8A0D1EBA940F240435D306F772CD518A9CB9F6487D1B4B726B84FE8045FB7E3
SHA-512:709F0016B10F394CE64639613CD081FCB80B1604D49E8995ED29003FE68A1B7F3A4F96C63B8CA5ABD8AC76932CD488D22A35C907C918A6531D9052CE2986584F
Malicious:false
Preview:{"analyticsData":{"responseGUID":"325ce3fc-1453-4210-8ad7-7aa98b4a539f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711831439039,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):292
Entropy (8bit):5.309263906743267
Encrypted:false
SSDEEP:6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJfJWCtMdPeUkwRe9:YvXKXeethEZc0vtGBS8Ukee9
MD5:5BA7F1AD941C06F56FF28A474ACCA590
SHA1:CE9566328CD47B5B287A147663AB5DFA9820FB04
SHA-256:221EE1E9A6CADF0544F71292ABAEE2F9EF3D615238B8D19A2D3B969211689070
SHA-512:50C600D99F29B50A559BF083C521C3C4ADE61ACB72EE4BEFAF4B289599F320C60E13DF5F8D852A2A60832281D685D4F6A54F4DA1439EE1FE57D1C510CFC10EC0
Malicious:false
Preview:{"analyticsData":{"responseGUID":"325ce3fc-1453-4210-8ad7-7aa98b4a539f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711831439039,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.2958488718557835
Encrypted:false
SSDEEP:6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJf8dPeUkwRe9:YvXKXeethEZc0vtGU8Ukee9
MD5:DB526263FA78EF9002A15F3C1A880E59
SHA1:33F4E7CA3127AB7DA0A6D6DDEDA91B46E58ADD39
SHA-256:E78FC7B0F7108550BD860990F043810EDC20077D434C91BFB5DA702A27BBEBCD
SHA-512:B9DC4189DC85A56272A1E59E0B69B2D4DC6E21F9C1524FFA4949494B72B24CD26C8FF34014B685AA29FC276574FD494EE2F84028A3EFC38F86451F7D5D4AA3FF
Malicious:false
Preview:{"analyticsData":{"responseGUID":"325ce3fc-1453-4210-8ad7-7aa98b4a539f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711831439039,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):292
Entropy (8bit):5.300648381576329
Encrypted:false
SSDEEP:6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJfQ1rPeUkwRe9:YvXKXeethEZc0vtGY16Ukee9
MD5:0648AED2D7B15F76B3187E54EE8C79A0
SHA1:0AB7C17265E0586AD3CEC8AA8A37F2D58EEBB369
SHA-256:8B23D2E7BCED4806C45BA734D6B9241F90F999CDF2A9F64F0DB48DF16106914F
SHA-512:7B16B61F0CA758D01F712C8B9A12F44404C6718991F39B64AC0275EA19EA4298EAD4CBAFDFC4FFD84F14C5805D0A154B298E729B398D54FA372F48DA2128D4BF
Malicious:false
Preview:{"analyticsData":{"responseGUID":"325ce3fc-1453-4210-8ad7-7aa98b4a539f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711831439039,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.306157125655247
Encrypted:false
SSDEEP:6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJfFldPeUkwRe9:YvXKXeethEZc0vtGz8Ukee9
MD5:CDCA87BB731110C69938683E46DE99C8
SHA1:F084606D6BFB9B3A7A3AC37A6A6B2C922BE79364
SHA-256:E501E4E79A132C8AE79E74281C203C7A3F5AB4B586EC56BD275C2F2B67C5EF65
SHA-512:3F26575654FAB5B2269D45CF53271EE618F5F9E5D7F7DDBB019AB65CDDE9EA4934CF844BDF189C7405CBF877968A41CDABA834AF5E27005E3783CF347B91D231
Malicious:false
Preview:{"analyticsData":{"responseGUID":"325ce3fc-1453-4210-8ad7-7aa98b4a539f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711831439039,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):295
Entropy (8bit):5.321210938334313
Encrypted:false
SSDEEP:6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJfzdPeUkwRe9:YvXKXeethEZc0vtGb8Ukee9
MD5:5B6917D9BC0842E101CE8807B2508642
SHA1:8ADD41370C0B0A552BF0181DFD24E5A56B79170D
SHA-256:7677711A4E9C474DD31572FD04C3A741C614C03299668B81A883B5034B47D1A4
SHA-512:B6C35B9C160DB98AED200E1B3C79D33FE6731517556E162E59A053CEB0E5382C41BD7C63CAB00F9C74B9D381688ACCFE557D929EACF50EC65A69BE5AA6FC243F
Malicious:false
Preview:{"analyticsData":{"responseGUID":"325ce3fc-1453-4210-8ad7-7aa98b4a539f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711831439039,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.3024333708038744
Encrypted:false
SSDEEP:6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJfYdPeUkwRe9:YvXKXeethEZc0vtGg8Ukee9
MD5:0FE6A265CB332E6F3E6B96B79ACDB2B7
SHA1:A441A61FDE92367809ED212210349FABF45ECBA6
SHA-256:AD47D3CF2E06ADDEF18BE201CEA23AAEDFE985360CE45289FF7ADFF6B71ED074
SHA-512:C21BCD1A4EBC91F93DA4FD94A5C82984F6991722DC0C87477046AC828B298B10FDB41866440212C0F24FFAAB32F1E4E9725279E2FAF6D668515CA65E8117DE72
Malicious:false
Preview:{"analyticsData":{"responseGUID":"325ce3fc-1453-4210-8ad7-7aa98b4a539f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711831439039,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1395
Entropy (8bit):5.776060400884781
Encrypted:false
SSDEEP:24:Yv6XXPEzvkrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNU:Yvs08HgDv3W2aYQfgB5OUupHrQ9FJK
MD5:72494E99ACC16BE56282F58E7DCB4DBC
SHA1:2A06553A97CA0193FBFA54845BDF06FD9AB8CB6B
SHA-256:CA3D34D0ABDE70F88028629560BF10663E7CD0478B91B4396413F0F8CAC58FA1
SHA-512:EB831F2204619571CB02C6F386DECD7DA1530DF8FDD25F39BE4591F2914704A29652A47D7BD61A2EDFAA509FE8F0EC7B713053326FA4712C87A93E9E10D366C2
Malicious:false
Preview:{"analyticsData":{"responseGUID":"325ce3fc-1453-4210-8ad7-7aa98b4a539f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711831439039,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):291
Entropy (8bit):5.285963744279773
Encrypted:false
SSDEEP:6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJfbPtdPeUkwRe9:YvXKXeethEZc0vtGDV8Ukee9
MD5:5402271FB0A37F8F754489C1A2E08EE5
SHA1:1E75A367064B22748547E31233B06B2638B52433
SHA-256:EB22FE4D2D7DF029B5733BE04DF6217F86F847E7DFF34B060A58426CBDF44C0F
SHA-512:E119A71F0AB89DE8A48CFED12CCC6399C4EFB2A61D3A5FB153B4B016BB1CC25D81AD2A75C35AEAB5506875D86DFD7A7B60EECE5DC7A595A1F252A819152E4D16
Malicious:false
Preview:{"analyticsData":{"responseGUID":"325ce3fc-1453-4210-8ad7-7aa98b4a539f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711831439039,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):287
Entropy (8bit):5.291224155155142
Encrypted:false
SSDEEP:6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJf21rPeUkwRe9:YvXKXeethEZc0vtG+16Ukee9
MD5:D92AEB880F101A91806C425D579C8ACC
SHA1:631B9D856C2154331B9362E11E979C86D8A990A1
SHA-256:70E24A8A3A0039B2C7C455CC2288EEDD23ABF8C7E10D1AC3446B9D23DD32ADD0
SHA-512:9DD83B59E63E44CD1BA45E5328A31E16A9120E4887B7C828CA3CC4CB9335E2B3A3CC46A370B848E83413F0E9A4FA728E793C247452B20B8D7D95DAE9AF40F963
Malicious:false
Preview:{"analyticsData":{"responseGUID":"325ce3fc-1453-4210-8ad7-7aa98b4a539f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711831439039,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.308974681487801
Encrypted:false
SSDEEP:6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJfbpatdPeUkwRe9:YvXKXeethEZc0vtGVat8Ukee9
MD5:708A31AD20DBCED659E97B5F4A2DD987
SHA1:3836CDAC6BFDBB39D94C44A7B28675B0B62FEE8E
SHA-256:AF36E2CA1E4FB722B0D0C576660BEE9F31B6111CB8D1D9E1C697F2EE69CAC0F5
SHA-512:907E9D8437058E2B2F65FD393E31E2D194BC1D58EC9BBA93363C371CB3A6213E92F51BF7C0C990E06BD24A52C510262359FE8110771CCC6EE179F39B79A1F290
Malicious:false
Preview:{"analyticsData":{"responseGUID":"325ce3fc-1453-4210-8ad7-7aa98b4a539f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711831439039,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):286
Entropy (8bit):5.267017605361674
Encrypted:false
SSDEEP:6:YEQXJ2HXeeCxsh9VoZcg1vRcR0YmUoAvJfshHHrPeUkwRe9:YvXKXeethEZc0vtGUUUkee9
MD5:F928F65CC47C817835A3735E4F7142B6
SHA1:13DA96E03A10419399D3E8918EF41E285E658290
SHA-256:B61787E12F03D20665FB26347A8C3D4674673921BA101E203C33D2DA073426F8
SHA-512:5196C36B29BF5FE6BAB0947A2A5E3C4B8829756EDEF8150FCAB3F315CD25E4CAF479793E38AA8B97D5FE5F5BF293851380735BEB5500D44EABE53C67DC3479F3
Malicious:false
Preview:{"analyticsData":{"responseGUID":"325ce3fc-1453-4210-8ad7-7aa98b4a539f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711831439039,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):782
Entropy (8bit):5.368529924125033
Encrypted:false
SSDEEP:12:YvXKXeethEZc0vtGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWib:Yv6XXPEzvZ168CgEXX5kcIfANhd
MD5:AFA8BC76A3CAEFB08C5D29F83D694BB0
SHA1:2784148524FA75E0812FAD2527C85698B22F1F00
SHA-256:6CF63774048206D64D252484377E3CFA7A06665362E228145C632566457FC501
SHA-512:50A571432477830D77C7C7ED3453A3F55F2F156DB24DF0073ECCC0E1D0C77F3DD490F9FEB12FAB16E2817657B90880792990426F91DAFC7A7C34117DC6812757
Malicious:false
Preview:{"analyticsData":{"responseGUID":"325ce3fc-1453-4210-8ad7-7aa98b4a539f","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1711831439039,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1711653944082}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:data
Category:dropped
Size (bytes):4
Entropy (8bit):0.8112781244591328
Encrypted:false
SSDEEP:3:e:e
MD5:DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:false
Preview:....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):2813
Entropy (8bit):5.144601909806452
Encrypted:false
SSDEEP:48:YAOTcOwflvA4SLD0z9KAbgoQq+QAp1Wm55a6U/rB9cx3Jy:BhOwflvA4SLD0z9nbgoQq+QAGm55a6Uv
MD5:682B2077429C763B649BF7DADF432CAF
SHA1:93F925F0E56A993BD5A183AEDA7E2495A1F88006
SHA-256:240A003B7417E57B089F39B8EB75D414E40D83E403278E8116A9D96A29384385
SHA-512:E21C45B7A7059F8FDA8F730E129689BEEDEA4CE68887CB3A779077B546020B2B865514DC894DCD5A5B806675B8EE875F574AC949C317380675454023048E6C16
Malicious:false
Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"19551605d9d77d566cffc64db00f045c","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1711653943000},{"id":"Edit_InApp_Aug2020","info":{"dg":"2f29db5c103adefdb900f3e15f24b35c","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1711653943000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"4d0b4866f88a75321110540323473cfe","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1711653943000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"719f9cf94d45d007831698e4d3af0cf5","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1711653943000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"a39c6b021addb63bbd2b1c90ed755037","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1711653943000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"43b4dcb5a60cb42ad19804795a9178ea","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1711653943000},{

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:dropped
Size (bytes):12288
Entropy (8bit):1.188019120640845
Encrypted:false
SSDEEP:48:TGufl2GL7msEHUUUUUUUUvSvR9H9vxFGiDIAEkGVvp7:lNVmswUUUUUUUUv+FGSItv
MD5:CB9FE721FD85E920A3E03E45E1B92E08
SHA1:F3475E94632AEB390DB8E2AFD455FF52D6DA3A17
SHA-256:E69B08AE8FC808470BDE4E5AAE05771C51BCF4CFF25C1505BDFE065A2FD310D0
SHA-512:E048004FE24570E791EE97777C3F2B4849EAAF2CB0F4DDD857C16FFEEF50894D510D5F1311A28EF729C23F8DDEB17BAA413F4822F6E8B7A133C7EB1144DDB3B1
Malicious:false
Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):8720
Entropy (8bit):1.6060419984200915
Encrypted:false
SSDEEP:48:7MLKUUUUUUUUUUTvR9H9vxFGiDIAEkGVviqFl2GL7msJ:71UUUUUUUUUUDFGSIt8KVmsJ
MD5:4522B3CDAADB9DCE8FDD10DDE2B55626
SHA1:8148D73AB872C6CF4F627D4F2D6E872CBD34C6A5
SHA-256:49BFB8B7AED2BDBDB5E836CCED968E9C9E28EF25925B029A7C32A5541B5D1045
SHA-512:2D5FE9718A809FE57B70DEABDF6DB4A605156B7570C29005885745DF60A4D2E32D1018B6D3B68CBF6991C8E5E67FFB8773901317E85ED4B6BB9F2CA6F30CC7E3
Malicious:false
Preview:.... .c.....:a.s......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:data
Category:dropped
Size (bytes):66726
Entropy (8bit):5.392739213842091
Encrypted:false
SSDEEP:768:RNOpblrU6TBH44ADKZEgyoBuT35bDJauDNGIDRa5PfTQmYyu:6a6TZ44ADEyoBQ35EuDnc5nJK
MD5:0B825CE86BD209F26DF17679A09DEE2A
SHA1:401FC5BDB124E7ADBDCE7270432A5704F276FAC2
SHA-256:120B14FB7F6E6F79266044798F0D75DD36200A1CB6B8EE4123D0B7925EE7EF13
SHA-512:E05D02496546F588A74AA1CC9A185CF4145298957C4D51E01AE07E3390271B5ACA51AE0CBB8E3CE9CB0A95FF99C196B5294F4F6F7197993036167AB6148B8D94
Malicious:false
Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

C:\Users\user\AppData\Local\Temp\MSId993c.LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):246
Entropy (8bit):3.5329345335875004
Encrypted:false
SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rf6e:Qw946cPbiOxDlbYnuRKCT
MD5:AF4906B1912A3D1F33BE3314C7CDCAC8
SHA1:B6331F6D857738FE5DDE4E35549418B8EC1169C3
SHA-256:F194146FAC35B2DC3CAFFAE06CBA1538FF877955D3DF677010FA628789D9C997
SHA-512:597902D922205FA033647077F86A4BC9492F37A0485F2628FB13AE0C888AF7663F90586B1BFA00C7488A50260304D64778E16600428487E9FDACC7C2F139BC87
Malicious:false
Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.8./.0.3./.2.0.2.4. . .2.0.:.2.5.:.4.6. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-28 20-25-41-478.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393)
Category:dropped
Size (bytes):16525
Entropy (8bit):5.345946398610936
Encrypted:false
SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:false
Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393), with CRLF line terminators
Category:dropped
Size (bytes):16603
Entropy (8bit):5.3448308128251645
Encrypted:false
SSDEEP:384:LQ3QdQmQCQkQfQ0QHQKQ4QfQ9QyQrQaQ0QgQ2Q6QRQkQrm0X6k95YqpvLtJNYm75:cACBVTIDwd/Iil8NDHxtOTzFP
MD5:D852FCCE1B5A3322C14BB67FD9129F14
SHA1:D4AA3924BB13FC832262C6D9A7E0D1DBE241A5C3
SHA-256:7ECA726DA30BED8859A23C47B12F79FDDDE2948AF16DF91654FD4D2A2EDDF4D2
SHA-512:11DAF3E4C7EC06C1DDA99041B5FFC643490E7563022A3B95EC6E6748FEDA005CEBCC2EB8403E44E0D804FD83AE7D1125BA9E82D8644994114FB0674380D1C9D3
Malicious:false
Preview:SessionID=b10e0e9b-8782-4a19-b031-628022ca8761.1711653941492 Timestamp=2024-03-28T20:25:41:492+0100 ThreadID=5828 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=b10e0e9b-8782-4a19-b031-628022ca8761.1711653941492 Timestamp=2024-03-28T20:25:41:493+0100 ThreadID=5828 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=b10e0e9b-8782-4a19-b031-628022ca8761.1711653941492 Timestamp=2024-03-28T20:25:41:493+0100 ThreadID=5828 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=b10e0e9b-8782-4a19-b031-628022ca8761.1711653941492 Timestamp=2024-03-28T20:25:41:493+0100 ThreadID=5828 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=b10e0e9b-8782-4a19-b031-628022ca8761.1711653941492 Timestamp=2024-03-28T20:25:41:494+0100 ThreadID=5828 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):29845
Entropy (8bit):5.387933359389475
Encrypted:false
SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rH:r
MD5:A08048715E5FFC5A61A4705376D1CD0C
SHA1:F9B161AA45E2FEF0550F6A7A954CA2E9BE0371F9
SHA-256:A54158468E2BFBAB2148556DC16AE541922BE5BDAF18422D84816DEF084091E9
SHA-512:9D791018738626027A604E9551AF7B3B1E364105B34FEAAC71BD5BD195F34732D8C58F28AA6959A8A6073940CD35E86E02CE934E958699D8ECC8C5CF9F1EC8B1
Malicious:false
Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\62626aae-35d0-4143-9468-ed1b2dd6a271.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:dropped
Size (bytes):758601
Entropy (8bit):7.98639316555857
Encrypted:false
SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:3A49135134665364308390AC398006F1
SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:false
Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\c713db90-2e35-4ca0-a269-219a496d8b0c.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:dropped
Size (bytes):386528
Entropy (8bit):7.9736851559892425
Encrypted:false
SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:5C48B0AD2FEF800949466AE872E1F1E2
SHA1:337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:false
Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\ed04dd8f-82a4-4531-b806-81c8e4df6d34.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:dropped
Size (bytes):1407294
Entropy (8bit):7.97605879016224
Encrypted:false
SSDEEP:24576:/xbdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07+7oDWLaGZDwYIGNPJe:Jb3mlind9i4ufFXpAXkrfUs0rDWLaGZo
MD5:9DE909C4C633E6829165A4F1E0FA55C1
SHA1:2E5FA5D6C1FC57BB2BBBD36837BBEB363C650849
SHA-256:8770BE5263FD11B1A805E381669C27C0E18DC265B6041D531454299C14D0C83D
SHA-512:7AB5A4B1B23D21D14D275FAB5756193FDE3B5AC2FF8322EACF160D109E638D1A25CC723C463648252E023EF5B0E35BEB14989561EE4F9B37C124CBA3B82443D9
Malicious:false
Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\f7516748-65af-4ad3-bfdf-3e9a109beea6.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:dropped
Size (bytes):1419751
Entropy (8bit):7.976496077007677
Encrypted:false
SSDEEP:24576:/xA7owWLRGZKwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLRGZKwZGk3mlind9i4ufFXpAXkru
MD5:BBFD5C2DB533CDA3D36078A62E71EE6A
SHA1:D60AAC38BF170D7B2C5EC1DC2FB25DB636D5B676
SHA-256:462155888A46175F8C17A6277CB4D5A3FFD1F512D74BA6FFF06967426AC686AD
SHA-512:3988DE887EAF7092B4B8B03EF8BFC2DA552178A0C06657213F55726901EFE4C9EFD2C29BAE8FCF931D7F5C45860E03427CD589D87EB68A9655EA204D2B8468D3
Malicious:false
Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

Static File Info

General

File type:PDF document, version 1.6 (zip deflate encoded)
Entropy (8bit):4.4765243072906005
TrID:
  • Adobe Portable Document Format (5005/1) 100.00%
File name:BFAH EIN.pdf
File size:5'411 bytes
MD5:4ade6ef77b904f97c0aa224a1985aa73
SHA1:c4595a3bddcfff19cb2aae28a663d16c5f6d04d2
SHA256:55dc1c8b818b0b870db1082c39037dce15e693f156763a237af17e7916a81af3
SHA512:7580aad6a8f575ccf591045a7ff145821f44f6b4b653427e7dc28bfd7f6ddb2bda26358721ddf4e06faa41d2f4db774a93770f8fb4ee1e0135db635d4f75513e
SSDEEP:48:838qpZ91poEs39RUB+xjkhPQFqadv+kcnx5HFVxlqkyvA26mQw8q7g6:83BZ90PwTgb2kcnx9FVVyl1RDZ
TLSH:73B1A45D85A228841055791137E0165BC8CB80DB28986C57B99DCEAB1F00EA3BD93BE3
File Content Preview:%PDF-1.6.%......10 0 obj.<</Linearized 1/L 5411/O 12/E 1127/N 1/T 5109/H [ 447 141]>>.endobj. ..15 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<58414DE312EEE1A9D53CFAC0F35A73AE><4BEBFD9A882D804DB1B72F82F2B138D

File Icon

Icon Hash:62cc8caeb29e8ae0

Static PDF Info

General

Header:%PDF-1.6
Total Entropy:4.476524
Total Bytes:5411
Stream Entropy:3.784416
Stream Bytes:3984
Entropy outside Streams:5.294000
Bytes outside Streams:1427
Number of EOF found:2
Bytes after EOF:

Keywords Statistics

NameCount
obj12
endobj12
stream9
endstream9
xref0
trailer0
startxref2
/Page1
/Encrypt0
/ObjStm4
/URI0
/JS0
/JavaScript0
/AA0
/OpenAction0
/AcroForm0
/JBIG2Decode0
/RichMedia0
/Launch0
/EmbeddedFile0

Network Behavior

Network Port Distribution

TCP Packets

TimestampSource PortDest PortSource IPDest IP
Mar 28, 2024 20:25:51.969621897 CET49739443192.168.2.423.205.76.135
Mar 28, 2024 20:25:51.969655037 CET4434973923.205.76.135192.168.2.4
Mar 28, 2024 20:25:51.969726086 CET49739443192.168.2.423.205.76.135
Mar 28, 2024 20:25:51.969902039 CET49739443192.168.2.423.205.76.135
Mar 28, 2024 20:25:51.969914913 CET4434973923.205.76.135192.168.2.4
Mar 28, 2024 20:25:52.285443068 CET4434973923.205.76.135192.168.2.4
Mar 28, 2024 20:25:52.285743952 CET49739443192.168.2.423.205.76.135
Mar 28, 2024 20:25:52.285763025 CET4434973923.205.76.135192.168.2.4
Mar 28, 2024 20:25:52.286736012 CET4434973923.205.76.135192.168.2.4
Mar 28, 2024 20:25:52.286808968 CET49739443192.168.2.423.205.76.135
Mar 28, 2024 20:25:52.288742065 CET49739443192.168.2.423.205.76.135
Mar 28, 2024 20:25:52.288806915 CET4434973923.205.76.135192.168.2.4
Mar 28, 2024 20:25:52.289036036 CET49739443192.168.2.423.205.76.135
Mar 28, 2024 20:25:52.289043903 CET4434973923.205.76.135192.168.2.4
Mar 28, 2024 20:25:52.336741924 CET49739443192.168.2.423.205.76.135
Mar 28, 2024 20:25:52.391746044 CET4434973923.205.76.135192.168.2.4
Mar 28, 2024 20:25:52.391940117 CET4434973923.205.76.135192.168.2.4
Mar 28, 2024 20:25:52.391997099 CET49739443192.168.2.423.205.76.135
Mar 28, 2024 20:25:52.392206907 CET49739443192.168.2.423.205.76.135
Mar 28, 2024 20:25:52.392222881 CET4434973923.205.76.135192.168.2.4
Mar 28, 2024 20:25:52.392235041 CET49739443192.168.2.423.205.76.135
Mar 28, 2024 20:25:52.392297029 CET49739443192.168.2.423.205.76.135

HTTP Request Dependency Graph

  • armmf.adobe.com

HTTPS Proxied Packets

Session IDSource IPSource PortDestination IPDestination PortPIDProcess
0192.168.2.44973923.205.76.1354437844C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
TimestampBytes transferredDirectionData
2024-03-28 19:25:52 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
Host: armmf.adobe.com
Connection: keep-alive
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br
If-None-Match: "78-5faa31cce96da"
If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
2024-03-28 19:25:52 UTC198INHTTP/1.1 304 Not Modified
Content-Type: text/plain; charset=UTF-8
Last-Modified: Mon, 01 May 2023 15:02:33 GMT
ETag: "78-5faa31cce96da"
Date: Thu, 28 Mar 2024 19:25:52 GMT
Connection: close


Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:20:25:38
Start date:28/03/2024
Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\BFAH EIN.pdf"
Imagebase:0x7ff6bc1b0000
File size:5'641'176 bytes
MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
Has exited:true

General

Target ID:1
Start time:20:25:39
Start date:28/03/2024
Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:0x7ff74bb60000
File size:3'581'912 bytes
MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
Has exited:true

General

Target ID:3
Start time:20:25:39
Start date:28/03/2024
Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1572,i,5647836430669080431,3322115967871796701,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:0x7ff74bb60000
File size:3'581'912 bytes
MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
Has exited:true

Disassembly

No disassembly