Edit tour

Windows Analysis Report
E-statement_TVT_7855563201716.pdf

Overview

General Information

Sample name:	E-statement_TVT_7855563201716.pdf
Analysis ID:	1426957
MD5:	418a36afc8429c6ce3ac8f6375aa7e0a
SHA1:	51cf287ed2f761a01a1ac2b1a3dacbde606e592b
SHA256:	8638e1d486d21cae05baa6ec5ff22d1973c211f37d40f2f5bb48c8267bfdb891

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Classification

Analysis Advice

No malicious behavior found, analyze the document also on other version of Office / Acrobat

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 7016 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\E-statement_TVT_7855563201716.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6180 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6376 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2268 --field-trial-handle=1568,i,6974506343822097808,3129201781754671408,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 23.46.240.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 23.46.240.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 23.46.240.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 23.46.240.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 23.46.240.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 23.46.240.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 23.46.240.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 23.46.240.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 23.46.240.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 23.46.240.131:443

Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 23.46.240.131:443
Source: global traffic	TCP traffic: 23.46.240.131:443 -> 192.168.2.16:49708
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 23.46.240.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 23.46.240.131:443
Source: global traffic	TCP traffic: 23.46.240.131:443 -> 192.168.2.16:49708
Source: global traffic	TCP traffic: 23.46.240.131:443 -> 192.168.2.16:49708
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 23.46.240.131:443
Source: global traffic	TCP traffic: 23.46.240.131:443 -> 192.168.2.16:49708
Source: global traffic	TCP traffic: 23.46.240.131:443 -> 192.168.2.16:49708
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 23.46.240.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 23.46.240.131:443
Source: global traffic	TCP traffic: 23.46.240.131:443 -> 192.168.2.16:49708
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 23.46.240.131:443
Source: global traffic	TCP traffic: 23.46.240.131:443 -> 192.168.2.16:49708
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 23.46.240.131:443
Source: global traffic	TCP traffic: 23.46.240.131:443 -> 192.168.2.16:49708
Source: global traffic	TCP traffic: 23.46.240.131:443 -> 192.168.2.16:49708
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 23.46.240.131:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 23.46.240.131:443
Source: global traffic	TCP traffic: 23.46.240.131:443 -> 192.168.2.16:49708

Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.240.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.240.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.240.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.240.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.240.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.240.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.240.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.240.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.240.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.240.131

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708

Source: classification engine

Classification label: clean1.winPDF@17/27@0/43

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7084

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-16 19-56-47-840.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\E-statement_TVT_7855563201716.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2268 --field-trial-handle=1568,i,6974506343822097808,3129201781754671408,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 9D6A312AD69722ACEEB2B510127921AF
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2268 --field-trial-handle=1568,i,6974506343822097808,3129201781754671408,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: E-statement_TVT_7855563201716.pdf	Initial sample: PDF keyword /JS count = 0
Source: E-statement_TVT_7855563201716.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: E-statement_TVT_7855563201716.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.46.240.131	unknown	United States	16625	AKAMAI-ASUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
23.220.188.152	unknown	United States	24319	AKAMAI-TYO-APAkamaiTechnologiesTokyoASNSG	false
34.193.227.236	unknown	United States	14618	AMAZON-AESUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1426957
Start date and time:	2024-04-16 19:56:16 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	E-statement_TVT_7855563201716.pdf
Detection:	CLEAN
Classification:	clean1.winPDF@17/27@0/43
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 23.220.188.152, 34.193.227.236, 18.207.85.246, 107.22.247.231, 54.144.73.197
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, ssl-delivery.adobe.com.edgekey.net, p13n.adobe.io, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: E-statement_TVT_7855563201716.pdf

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.264492697252069
Encrypted:	false
SSDEEP:
MD5:	F42E2E73F42E8DC59CF6404165F600E8
SHA1:	7C41D32EBD13BA3803F018E9102BFBD4FE1B92F9
SHA-256:	37DC5D43B70A9725F9919E1FE8194D2F3151AA94846507E6510179AAB8FD1425
SHA-512:	621E081187E47851A2642EC47C2CBFC5B7D749487C75171C0117753840049A4E04EB9CB51EF40BCF233753985932D635B152FF9181AF7A42D60018C5B491E81E
Malicious:	false
Reputation:	unknown
Preview:	2024/04/16-19:56:46.272 1814 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/16-19:56:46.273 1814 Recovering log #3.2024/04/16-19:56:46.273 1814 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.230445836469552
Encrypted:	false
SSDEEP:
MD5:	B583DE90668D45F93187402F356608DD
SHA1:	8BCEC6C5F3D76B80E24D2AEB2BBB909D9DAFAF2F
SHA-256:	D2FE6BE8EF2402EE005B2BF94D6EC17C2840E8C5DD0675BEB8CB83DEB3B8E97D
SHA-512:	AEEBA8A721CF8239DDB50B30768078CD68F946B6DB3E7BED6385BA98F7581E36554C1E128AA9D55929D500F13ED14BDF50D99FBD0452B21D07D75A93D038244A
Malicious:	false
Reputation:	unknown
Preview:	2024/04/16-19:56:46.165 370 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/16-19:56:46.168 370 Recovering log #3.2024/04/16-19:56:46.168 370 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	F05C6F54BACA71F5E2098A055BC40F11
SHA1:	CBD5D20D3765E9C16EED6964ECD0B656159B8A26
SHA-256:	6961A426057B5D196C9E22C07CA67CC919962B1DBFAC28F974515561A028582C
SHA-512:	3A69C6230312A36E5C6BFB5156E89A195FBB812C6E810DB7AD44DB9DC3BC6DB7D50794765B6AF2A99401AA8E3B8DCF4C7D9C9DBBB2A3240D42B92D4CFCB1B611
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13357850217814291","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":106137},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bdd27cdb-ebb3-4e58-93ef-98895f18e3b0.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	403
Entropy (8bit):	4.989566426705118
Encrypted:	false
SSDEEP:
MD5:	F05C6F54BACA71F5E2098A055BC40F11
SHA1:	CBD5D20D3765E9C16EED6964ECD0B656159B8A26
SHA-256:	6961A426057B5D196C9E22C07CA67CC919962B1DBFAC28F974515561A028582C
SHA-512:	3A69C6230312A36E5C6BFB5156E89A195FBB812C6E810DB7AD44DB9DC3BC6DB7D50794765B6AF2A99401AA8E3B8DCF4C7D9C9DBBB2A3240D42B92D4CFCB1B611
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13357850217814291","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":106137},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4099
Entropy (8bit):	5.2341032271761625
Encrypted:	false
SSDEEP:
MD5:	B7C32E8DF1260033D57F9D607FDBCCCC
SHA1:	4B50390ED41C08EA2CB239AD4189D58667521272
SHA-256:	1A68ACA82E61BE7030AA9C8C53861398FDDA6B186E9A6C87FFCB36976CFE24B8
SHA-512:	6A21248FB17D0DB7990A9494C7428ABD2B05F545B4BF1E0DE6CAE23F55FEF210826837EB8971299913639E865B2FBCCCC06E50091EF395E0B0B313317C51A054
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	319
Entropy (8bit):	5.2135479910539955
Encrypted:	false
SSDEEP:
MD5:	1D75C6F87FBB585C904219B4017536AC
SHA1:	50A4C7C03E31954D15237DDEEC6DA5FC66A7F4FD
SHA-256:	EEFE578A49AB2A93F55D2B0FF3F005874DF9BEDEEEDB31A098A918279142602E
SHA-512:	B00902123C1ACB263C74CF1048436AF55349E121737271A87DD4E892D7509A7C88C0EE9E32661CF0AEDC010126B99EC42585AE2FE555424780C27F7D5CE3248B
Malicious:	false
Reputation:	unknown
Preview:	2024/04/16-19:56:46.302 370 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/16-19:56:46.304 370 Recovering log #3.2024/04/16-19:56:46.306 370 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240416175650Z-159.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	0.010281203479617362
Encrypted:	false
SSDEEP:
MD5:	00DB8ECE00238719F9D531102091F31C
SHA1:	2C93F28D42D242532093FAB1BB7DDE33EEE810D5
SHA-256:	95444CF39A1424F48C5D069EE1F263B613F89D22C379C4A2886F6FBE160BC00F
SHA-512:	4DE0801AAB1297B9B6A4BF85631650BAFB042F1C211D2C012D601F8FDB7836FA6AD5B5D04B0FE1F4CF50D987C94B2ED6B5FDB8A3075BAC7D30D9FD8CA1840008
Malicious:	false
Reputation:	unknown
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	3.291927920232006
Encrypted:	false
SSDEEP:
MD5:	A4D5FECEFE05F21D6F81ACF4D9A788CF
SHA1:	1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
SHA-256:	83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
SHA-512:	FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	16928
Entropy (8bit):	1.2146269927299913
Encrypted:	false
SSDEEP:
MD5:	B0E68ADA6E14E8A73F7BB3695AF47C27
SHA1:	6599D5B3D05691F406811D95C15DC106705CC4C4
SHA-256:	8DB0DDE6DA0A2D9A258AF6FA448722B04EC334CEE9C5E3A0010F94CD6BADE8EE
SHA-512:	1588DDC568114B9621D5CCAA1A5CDD107E76873635588766D814AD04C4D1E25C52213C070FA92CCF602399908F29D484ED1B2A60B7F09089A67098FCD55C8993
Malicious:	false
Reputation:	unknown
Preview:	.... .c.....y..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7084

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.383562775276509
Encrypted:	false
SSDEEP:
MD5:	98E2BA2B550663E9062145FD710FCF91
SHA1:	9B8D2B6FF467AD585A610C84EB5A002631AB5BD8
SHA-256:	06EE201D48E611F528EA7296ED40731D0EA654CF84D051FC2F83D74A749E4DBC
SHA-512:	7A616B0AAD35D667CC52498C6745EA5CF3149B917981BA514F2D32894D16B9A7E0B2F10D9F772D72F997277F27CD3F7A03C601C3008C332E9B7C856CFDB59814
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"998f7fb4-af47-495b-977d-0cd15cebad2f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713466880874,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.330820450975427
Encrypted:	false
SSDEEP:
MD5:	A3C9C0FA0B10AB31C8BD21447F2CBCFD
SHA1:	C30D4BA9E7EAE9B2827FD5F84EC1546AC52CA233
SHA-256:	746B22E73E10EBAAD3C6756030B1644A795A7E5F2F8A99D36F4C77D8DB7664A8
SHA-512:	667326F8E0DA0A8375780006EB938601742D5A74490127F8EB908A788E2FCB111EDB4DABC2F69599A9668FFF410BB26B8A6AD72F37B7A9AC77BD3BD10297FF18
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"998f7fb4-af47-495b-977d-0cd15cebad2f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713466880874,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.3090799463332345
Encrypted:	false
SSDEEP:
MD5:	02FCF3B8F71434D59C7FD13561DB473F
SHA1:	E8F6F1857962F897ACC5F9AA247ABC599CC8BD15
SHA-256:	A7B56317EB969A76445C8E5DDA6441D7459AA7DF77C49926FFB2ED76EE509B42
SHA-512:	A6783CED7A76F3724F1F8594E0AA7D074E65A671EF3404AC094B8FC74D856DAC351CC7C82E657A7E14E9758C64C332D9BC703D8D84F8C26CC7980F0D8BA51511
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"998f7fb4-af47-495b-977d-0cd15cebad2f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713466880874,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.372651714507305
Encrypted:	false
SSDEEP:
MD5:	98964AF0360E45BF21CC9F4D707A5734
SHA1:	E5280921F46E1E08C5AD7F04D88DBABDF608E898
SHA-256:	DB0584853A6AC8AB3939168A74CF8B52D5238CF8F626C2F3F223745A3509D9D8
SHA-512:	7804F5CFFB480F3D5293F554A5C6046F3F3CF408F0D2F4196F69AFB79EA00078F462CE0154DAB8EC8F26CBCDD6A4B0D026A06664B573A3192EC141A578B50DE3
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"998f7fb4-af47-495b-977d-0cd15cebad2f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713466880874,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.309302407333528
Encrypted:	false
SSDEEP:
MD5:	9BDF0DF3BD57C29B50F6B68AB4DFA279
SHA1:	BDEF35C6D534222273EDE0FBB215CC70216B86F4
SHA-256:	77D8E8414FF6C8A3E0D802C403FC849495AD6F6125A18947D5B97D2F91479B90
SHA-512:	5EA2A6316FF464E1826F6DCB008B61F8BCE9780C921791D019488457BF95E6CBEEBECC4210E531E065ABBAB712FAEB24DE4BB4C4C8E1C75C1FD6529669BE7F36
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"998f7fb4-af47-495b-977d-0cd15cebad2f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713466880874,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.313042686666751
Encrypted:	false
SSDEEP:
MD5:	4918BEC279E60C320C10EAEC6A9616CD
SHA1:	505AB5F45EE4DDAFE5B0E759342A294BFE7B593B
SHA-256:	F275D37A16128CF950C390B15BBB06F11D717BD26C42D5495BC4C67EDFF523FD
SHA-512:	181F9FB991B0D31A4CF813DEB160A4C3A92D1DAC49E72B8BE95FB45445F051F6CFDC2DEDEF177FFFAB21EC2C9A29C3FF690391E1B7A0D4CACC6BFE7F98FD5E80
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"998f7fb4-af47-495b-977d-0cd15cebad2f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713466880874,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.287629332621823
Encrypted:	false
SSDEEP:
MD5:	601DB76F629A40CBD98F69C97F40AE16
SHA1:	2DADC15D74AD3BB54E13581F191B3158081C1432
SHA-256:	85523B80A327A79703331365312475862B79E8E5E62BF545A703178E925ECFEF
SHA-512:	73482A8D91FCA7CA30ED5D54CAB18F167198CA202A65DFA6CD1A347AF99CCE0B6AA4478A6E3F08E1E8D9B6835ACD193798ABA017A9FD46701B155B442B654523
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"998f7fb4-af47-495b-977d-0cd15cebad2f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713466880874,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.118432054832966
Encrypted:	false
SSDEEP:
MD5:	989EE020CD3ED8B8ABDC5958A3A3C966
SHA1:	446D64287B5CB4DA8122D48B137613CE97338C99
SHA-256:	A5950682805304F98CCF92ED39947C4425922605543688C8F0689F7100300A3E
SHA-512:	E24D1CAECE40C4E68D4E861D920373126CD36E78433C121442EEDEAF4ABC4B910CEF659C4D268C97D7D9A928C5FADD9555F15A5597293A3D66830E8506D8DFE3
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"72aba3fb2961f2ee7bd812f952872dbb","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713290210000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"c9ab4fb14ce2742ea33a352fc8f87321","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713290210000},{"id":"Edit_InApp_Aug2020","info":{"dg":"8248708a4433e87bc0a1c4fbc9dab9d2","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713290210000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"5ed9ec5aca6ad595c246c4533791ebe7","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713290210000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"af06ee9927f28ddb3beb9f6723f6db6b","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713290210000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"8852ef4f6a05ae2a8d161836aeeae7a5","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713290210000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9884027467573456
Encrypted:	false
SSDEEP:
MD5:	DDF4D8B9CB79E7C2EF8A4A5C49090DAD
SHA1:	BD1B6E42C712DB09CB776D67A2739B98DB21429E
SHA-256:	CE39502F8022D3D8E3E0E3467EDBD3561645F1248E9FDC646EDC21D8D02922D3
SHA-512:	CF5497BD071EECBDFC17EB6734230AF7AE0FA2F4097CEB60201322CF6A8B204E5475D654E6225D1A4903EFECF3AD6DAE8F85E282FD6B07C9E85A79989174AF61
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3455024369250954
Encrypted:	false
SSDEEP:
MD5:	53E9B0ECD5F16A43514E996BE4CE64A8
SHA1:	82EC3B60B84640D0723649A38378465CB84BA6B2
SHA-256:	0D6D7B90EA9D4E4DEE0C4EC74889F0CC3C641AA69016996747B85EC7EE8AC3B9
SHA-512:	4C0CE04C005F0042B07279E03C1DDF3B5BB72F738B355EA269C5D69CD11324D9E6F809F608C0B34614B0A57EEB5C82BC8E28930D116635214BD9D7797BA3FDD7
Malicious:	false
Reputation:	unknown
Preview:	.... .c...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIc9f88.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.54720191165387
Encrypted:	false
SSDEEP:
MD5:	1A2C60E0C7D0609C0B3EC68752688F91
SHA1:	3CAF3C256FFC561FC10E1DF10A22444247F671A2
SHA-256:	410B385EBB8F3988BDB192A1510C2CDBB09C8D9C96538B8C2F747DE93F425488
SHA-512:	D55AAF3559FE5A94FAB5CCCB61C92C95036A7A5FDAC5F8A17FF62C0D3C20CB8AC774B3B50779F44E451A2471979C7D23A36A1DC86904E8BFA03EA30413685E67
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.6./.0.4./.2.0.2.4. . .1.9.:.5.6.:.5.3. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-16 19-56-47-840.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.353642815103214
Encrypted:	false
SSDEEP:
MD5:	91F06491552FC977E9E8AF47786EE7C1
SHA1:	8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
SHA-256:	06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
SHA-512:	A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
Malicious:	false
Reputation:	unknown
Preview:	SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.426537827516004
Encrypted:	false
SSDEEP:
MD5:	0457B83E6FC352FD1EF3FE73F65A270E
SHA1:	95A1D07D2FD65A774B3EFC3EDC732C11F9A537BB
SHA-256:	269153CE42450714019B48B71DB236120484F52D1F241A5B04660FC563895EB0
SHA-512:	9A47FB58274BA08F6CE68B16EFC589766F72C3D1875E5E191039903E200ED542738D8263F581F8381659D5C54B2331DC571C324A07236C52CC29BBFA616DAF94
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\5d605bfd-da48-4f01-8bfa-c8bae2e3b985.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\8de901db-7396-466f-a702-76f5afed53b9.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:
MD5:	1A39CAAE4C5F8AD2A98F0756FFCBA562
SHA1:	279F2B503A0B10E257674D31532B01EA7DE0473F
SHA-256:	57D198C7BDB9B002B8C9C1E1CCFABFE81C00FE0A1E30A237196A7C133237AA95
SHA-512:	73D083E92FB59C92049AF8DC31A0AA2F38755453FFB161D18A1C4244747EE88B7A850F7951FC10F842AE65F6CC8F6164231DB6261777EC5379B337CB379BEF99
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\ced7e1f3-3301-4da1-bfcc-a5171470ce33.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:
MD5:	207450D6B117C53B842582BEE9AAD59C
SHA1:	1461AD75274ACB600EF67AAD4621C3E949D894F8
SHA-256:	D92A0BDDEEE3AC93BFC5490300394E0C8FA0FC1DFADA8A36CA146EEF262142B7
SHA-512:	ACB129346A9A6A0E7B367439F8D937B6506E9097CCAFF9EAD9AAFA362CC47E0074CA0E9A09E1BDD5EDDFFE9C1C497113FE7EAF75A1505E0BBF59F61DFAA21410
Malicious:	false
Reputation:	unknown
Preview:	...........}.s.H....W`E.........M9h...q..p......%..!q.p....~..2......DlWtW!)?_.\|....?..?.s.w1.i..G...h6.]..y...p..m.b..N..rr..F..Xc...l.4.."..Q.... hL.p......s...x6..:.....x.~.6.Q..~......~b7..k.l......Yc.G[....hY3...C..n..\|.'6......i4f...,.."...O.b...x..,..jgc..bTn....,u.F..0......V.K,u..p....X.wAap...+.G..v....i.z...E.Rj8.a.r..<@.q.'...!.4..]...\|..3...-.2...`...4..i...w......$0D.....i./a......Z.]..e.mj..c}.?.....o......c...W..+....c...W...?8...n.......U..7..O........@....'...^.z..=.m....o.o<..~....... ...C{......w.m.h.-Q...6.(..uk/w!...Z..n.....p.U........T^w..[....1l...../i......0..1U\|}../xS}.q..B\|.......h>....S....g...A.s6.=.&....~.\.......-N.p...._.xex.....}.r..q$..<.S;l=. ..P..55;....[.}.T......d.p..vd'vl.].DN..o...................D...].......I}.t...D`?..n.A.zT..:@.`S5.K..,R....h...XzT....F..Xt...R...+N.....ee...P...F+C.....dq...r..5..aP.zY....c.f/..Pn...:f.>.Z..s.+.......7...O.C.#..6.....=.K.5{.%6,..Z.....DqZ.4....g-%.p..n...\

C:\Users\user\AppData\Local\Temp\acrocef_low\d7ee736e-1e52-488f-8cca-096207892408.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Reputation:	unknown
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

Static File Info

General

File type:	PDF document, version 1.4, 3 pages
Entropy (8bit):	7.608188833544956
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	E-statement_TVT_7855563201716.pdf
File size:	22'842 bytes
MD5:	418a36afc8429c6ce3ac8f6375aa7e0a
SHA1:	51cf287ed2f761a01a1ac2b1a3dacbde606e592b
SHA256:	8638e1d486d21cae05baa6ec5ff22d1973c211f37d40f2f5bb48c8267bfdb891
SHA512:	ceee11fea397e8ab55fdf657b621db25d304ddeba2aef62cf772d873f37f1313402ac0fda310915c8354082c57c4e063c93f92520c514018d92277a0c0465a14
SSDEEP:	384:fYxOA/rRLvfqKHVhSUQZXV5gqgCUSCBwo1P6Ywsguhd1OgVwGzIRMMPfCUSbvMwY:fYICNLvfqKH/H/7wM6YwsguhfOQ1V+8I
TLSH:	67A28E35DAD92C9CFCD3870171A1795A487DF1138BD0A59338B54B09AC4A598CE72AE3
File Content Preview:	%PDF-1.4.1 0 obj.<<./Title (..)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...4)./Producer (...Q.t. .4...8...7)./CreationDate (D:20240416101209-05'00').>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>>.endo

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.608189
Total Bytes:	22842
Stream Entropy:	7.917415
Stream Bytes:	17556
Entropy outside Streams:	5.075537
Bytes outside Streams:	5286
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	40
endobj	40
stream	9
endstream	9
xref	1
trailer	1
startxref	1
/Page	3
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report E-statement_TVT_7855563201716.pdf

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bdd27cdb-ebb3-4e58-93ef-98895f18e3b0.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240416175650Z-159.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7084

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSIc9f88.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-16 19-56-47-840.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

C:\Users\user\AppData\Local\Temp\acrocef_low\5d605bfd-da48-4f01-8bfa-c8bae2e3b985.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\8de901db-7396-466f-a702-76f5afed53b9.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\ced7e1f3-3301-4da1-bfcc-a5171470ce33.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\d7ee736e-1e52-488f-8cca-096207892408.tmp

Static File Info

General

File Icon

Static PDF Info

General

Keywords Statistics

Windows Analysis Report
E-statement_TVT_7855563201716.pdf